# Specific911 SITES WARNING



## stretched

I am stretched, and have been receiving useful help from the helpers here, for which I am very grateful.

On August 25, 2005 I got stretched out by the specific911 highjacker (or whatever it should be called).

I posted questions for help and some of the below information on various forums, and this forum was the most helpful. I discovered that of all of the forums who helped remove specific911 in the past, this was the only forum where there was someone who was successful without reformatting.

Below is some general information as well as some WEB ADDRESSES THAT PEOPLE SHOULD NOT CLICK ON. BE CAREFUL AS SOME OF THE SPECIFIC911 LINKS FOUND ON A SEARCH APPEAR TO BE TECH HELP TYPE FORUMS, WHILE THEY ARE NOT!!!!!!!!!!!!!!!!

Please note that at the time I got stretched out by this thing, there were very few incidents of it coming up web searches that were not actually hosts for the virus. I just searched through yahoo and found that since my original problem, there are lo and behold, others posting on forums needing help, so I really would like for everyone to warned about this, due to the fact that I stumbled upon it during a search for something else, clicked on the link about something else, and this could happen to everyone. And the fact is that I was searching for my real name, and found a link with it, and this is how I got struck....

Anyway, more are suffering now that when I was first struck...
***********************
This message is of three parts 

1. General info about specific911 
2. Describing exactly what the title says; 
3. My related problem, for which I need some qualified help. 

1. I do not know how many of you are aware of the specific911 trojan/highjack, I did not find a great deal about it on the web, so let me mention what I learned (since I got infected last night) 

a. After its initial download, it controls your desktop and folders in the following way: 

Most of what you select to open, only results in opening I.E. and it looks for a specific911 site. Upon initial installation, it downloads lots of shortcuts for 'quality' crap on your desktop. It will re-download that each time it highjacks you on-line, so make sure you are disconnected immediately upon realizing you have been infected! 

EXCEPTIONS (I am on Win 98) 

Schedualed tasks works 
Find under the start menu works 

Make sure to clean with whatever spyware, virus programs you have first, then: 

b. You can run programs by opening Schedualed Tasks and looking for the program and telling it to run it one time a month for example, then after it allots it for running, right click on that program and select run. This is the only way you can run anything without it being controlled by the maleware. 

2. The NEW TACTIC 

I have always searched, regularly on search engines for a name, take for example "stretched" so I regularly look for it, I recognize the locations of the material, and check RECENT PAGES 

Last night I did this, and found some NEW PAGES which I had not seen before. I clicked one of the links, and it was to a FORUM!!!!!!!! 

That was when the download began. I immediately turned off my modem (cable) but it was way too late. 

What I learned is that, even though later I found some people talking about specific911, there was not much, and confusion about where it was coming from or how they got it. But I am certain of how I got it, as I described, so I it is reasonable to assume that this is a relatively new tactic to spread it, so everyone should be wared against this, because you may search for anything on the web, and click the link - thinking it deals with what you searched for, and then it is all over for you. 

ANOTHER TACTIC, now I am searching "specific911" or "specific911+fix" or similar. I am getting hits to "forums" (you know like this one) but, bamb it is them again right back in the computer. I even tried viewing the page on yahoo search selecting only "cached" did not matter, even got wacked like that. 

BE VERY CAREFUL BEFORE YOU OPEN A LINK ASSOCIATED WITH THESE WORDS even if they seem to include sentances about people trying to fix it!!!!!!!!!!!!! 

3. Most of my problem has been included above, so I am here because I need some help. I have run Spybot, SpywareDoctor, Spywareblaster, Spysweeper, Ad-Aware (latest) CCcleaner.....RegistryMechanic (trial version)... 
*************************************
Here is some more general info about this thing:


look out for these, do not click them no matter what if you see something like this on a search, for whatever you may be searching on yahoo or the others:

special911.net
special911.com
baikalsk.com
qoclick.com

and additions like:

lake-baikalsk.com
shop-baikalsk.com
hotel-baikalsk.com

and UMAX PPC or UMAXPPC

and the link usually is like this:

! baikalsk.com
! qoclick.com
! UMAX PPC

And becareful if you are browsing looking for info since many of these also look like this

qoclick.com/forum

and contain text tricking one into thinking that it is a real forum containing the type of help you are looking for.

Also spyware doctor finds some of it and removes it, but does not solve the problem, use as many as you can of those programs, and I am still trying to fix it all, if anyone can help please do!!!!!!!!!!!!!!!!!
************************

Alright that is the end of the messages I posted on other forums, and I wanted to provide this information so that readers can beware of the tricks of those behind this problem.....


----------



## stretched

It seems that in the confusion about information for removing specific911, that after cleaning as mentioned above, restoring an earlier registry solved my trouble of the IE window poping up on everything.

I ran scanreg.exe under the DOS command prompt, and after saying the registry was fine, it showed me the dates of previous backups, since I knew the exact date I was struck by specific911 I was able to restore one of the backups and that solved the major problem.

Of course, those who helped on this forum can not be thanked enough....


----------

