Over 1 million tech questions and answers.

Fake Alert, Ultimate windows security alert malware Help needed

Q: Fake Alert, Ultimate windows security alert malware Help needed

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, after combofix completed i ran Malwarebytes "quick scan" and it found 4 more infected registry entries which i told it to remove. I am now running the full scan on both the internal and external hard drive.

All of this has been done without being connected to the internet, i will wait for your response before i reconnect the internet to this machine.

RELEVANCY SCORE 200
Preferred Solution: Fake Alert, Ultimate windows security alert malware Help needed

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Fake Alert, Ultimate windows security alert malware Help needed

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."So are you saying there is no one here willing to help me?

Read other 4 answers
RELEVANCY SCORE 117.6

I'm a newbie,
I have the fake windows security alert popping up. I usually close it by going to task manager and stopping it with end process. But it obviously comes back. Not every time I reboot, but when a friend uses the system to surf, that is when I got it and it just so happens TONIGHT it appeared for the first time in weeks after he was online. I believe he goes to EBAY and other auction type sites, I don't know where he got it but I am certain it is on my system due to his surfing.
Attached is my Hijack this log, I also have Norton on my system and find it to be useless. If it is in fact less than optimal to have it on my computer I would also like to find a way to get it OFF my computer.
Thank you in advance,
ktkia

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:18 AM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\S... Read more

A:fake windows security alert malware/virus

Read other 16 answers
RELEVANCY SCORE 117.6

Hello!

I am a new and reluctant member of the trojan/malware/virus world and certainly appreciate your assistance!

Suddenly, Firefox kept opening on its own, either as a tabbed page or its own window, and would open to some seemingly random advert.

The bug is bringing up a "Windows security alerts" red shield with an x on it on my icon tray (lower right of the start bar). Clicking on the icon brought up a faux-microsoft page telling me that my computer was infected and that it wanted me to download a file to fix the problem. I did not do so.

Also, Windows Automatic Updates is switched off when I click on the red x-shield icon on my start bar, BUT when I check Windowns Automatic Updates via the Control Panel, it looks as if they are on...

Following the instructions on another thread in this forum, I ran Malwarebytes and Spybot multiple times, fixing the errors after each run. HOWEVER,
I still have the red-x-shield on my icon tray.

I am running Windows XP Home Edition Version 2002 Service Pack 2.

HERE IS THE LOG FROM MALWAREBYTES RUN #1.Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 2

12/28/2008 5:15:46 PM
mbam-log-2008-12-28 (17-15-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 269614
Time elapsed: 3 hour(s), 58 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Inf... Read more

A:fake Windows Security Alert - Trojan/Malware

Read other 16 answers
RELEVANCY SCORE 108.8

Hi ?I am new to this forum and have joined up to get some expert help with a Malware problem.In looking for a site in which to send a large 1-gig file to a friend, I became infected. I now get a fake pop-up Security Center Alert saying my firewall has detected unauthorized activity, etc?.. It shows Trojan.Zlob.G as the purported infection. Connectivity to the web is now also very intermittent and was unable to perform a Kaspersky scan as a result. I am using another system to post this message.I?ve tried a number of Malware removal programs, but the problem remains. I have attached my HiJackThis log in hopes that someone can spot the culprit and offer a fix.Thank you lenv________________Logfile of random's system information tool 1.04 (written by random/random)Run by lvisconti at 2008-12-06 18:43:11Microsoft Windows XP Professional Service Pack 3System drive C: has 119 GB (91%) free of 131 GBTotal RAM: 2031 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:43:17, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC... Read more

A:Malware causing Fake Security Alert Popup

We apologize for the delay in responding to your request for help. We are volunteer staff at Bleeping Computer and get overwhelmed at times with the large number of users seeking help. We are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate your letting us know. If not, please perform the following steps so we can have a look at the current condition of your computer. If you have not done so, include a description of your problem along with any steps you may have performed so far.When you have completed the steps below, a staff member will review the log and provide instructions for you to get your computer clean and free of malware.Thanks and we apologize for the delay.We need to see current information on what is happening in your computer. Please perform the following scan: Please download DDS by sUBs from one of the following links. Save it to your desktop.DDS.com DDS.scr DDS.pif After downloading the tool: Disconnect from the Internet. Disable all antivirus/anti-spyware protection. If needed, please read How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. Double click on the DDS icon, allow it to run. Please note: If the scan fails to run, you may have to dis... Read more

Read other 2 answers
RELEVANCY SCORE 107.6

Hi there,

Hope you guys can help. I am cleaning up an infected laptop as a favor for a friend. When I got it from him, it was infected with numerous trojans/viruses. I have downloaded and run Malwarebytes, Adaware, and CCleaner. These came up clean on last scans. System still has issues however. Most noticeable among them are Fake Secrity Center alerts, and Pornotube/Nudetube etc. links that keep appearing on desktop.

Laptop is running Windows XP Media Center, service pack 3.
I have disabled system restore. When I try to boot into Safe Mode computer shuts down after entering login username.

Hijackthis log appears below - Any help is greatly appreciated. When I am done here, I will likely have to repeat much of this on their desktop at home!

Dave

Forgot to mention I have also downloaded and run AVG. Initial scan cleared out 100+ infections. Win32 cryptor now being reported in a file installer.exe in user temp folder. This recurs despite moving to vault.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:53, on 10/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program F... Read more

A:Fake Security Center Alert, Pornotube and other malware on laptop

OK, threw another rock at this one while I was waiting for a post. I downloaded Counterspy free trial and ran it. Found a handful of infections and I let it clear them.

After reboot and rescan - no more Fake alerts, and no more obvious problems. Here is a new HJT log - see what you think...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:58:42, on 10/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ares Ultra\Jeaks Music\JeaksSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\V... Read more

Read other 1 answers
RELEVANCY SCORE 103.2

Hello everyone. I have this problem that I know I am not the only one who have had..

Every few minutes, I keep getting a windows security alert. It says do you want to block this software from sending data over the internet?

Name: Trojan-Clicker.win32.Tiny.h
Risk Level Critical
I am then able to click enable protection.

When I click enable protection, it takes me to a website:
http://www.antispyware-review.info/?...d=WJUob2HVd5&a=
telling me to download PC Antispy


Sometimes when the windows security alert pops, the name of the trojan changes regularily, here are some that I have received:
trojan-spy.win32.greenscree;
trojan-spy.win32.keylogger.aa;
trojan-spy.html.bankfra.dq;
trojan-clicker.win32.tiny.h;
trojan-downloader.win32.agent.bq.

I have run HJTSETUP.EXE, herewith the logfile.
I apologize but my Windows is in danish, I hope that it will not be too much of a problem.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:47, on 03-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\F?l... Read more

Read other answers
RELEVANCY SCORE 103.2

Hey guys , recently ive been getting a repeating error message which says exactly as follow :

----
Windows Security Alert

Warning! Potential Spyware Operation!

Your computer is making unauthorized copies of your system and Internet Files. Run full scan now to prevent any unauthorized access to your files! Click YES to download spyware remover ..
----

Now usually i use FireFox to do all my surfing , but my girlfriend got on my system and was using IE , i didnt think anything of it.. and have no idea if this has anything to do with it... but about an hour later of surfing with that browser i started getting this message... it looks exactly like a Windows Message, but sounds too corny to me , i havent clicked yes , cause i know moste likely leads to more spyware... or more junk.. now... Ive attempted to get rid of it already.... I fully updated and ran the following...

- Spybot- Search&Destroy - Full Scan

-Lavasoft AdAware SE - Full Scan

- SuperSpyware PRO - Ran a scan in Safemode as suggested , found lots.. but didnt remove my current noticable issue.
My current OS ---

Windows XP Pro


Any ideas on what i should do next!?

Thanks in advance to whoever contributes!
Im new here.. so if i did anything wrong in my post , or didnt give enough info , let me know.. il be checking this thread very regularly.

A:Windows Security Alert Pop-up , Fake?

Can you tell us more about what Super Antispyware found? Did it mention Zlob or vundo or virtumonde, etc.?
By the way you said you ran Super Spyware---did you mean Super Antispyware? Hope so.

Read other 11 answers
RELEVANCY SCORE 103.2

I just started receiving the following message:--------------------------------Windows Security AlertWarning! Potential Spyware Operation!Your computer is making unauthorized copies of your system and Internet Files. Run full scan now to prevent any unauthorized access to your files! Click YES to download spyware remover .--------------------------------Any ideas on how to remove it?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:22 AM, on 9/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\TrayComm.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\Yahoo!&#... Read more

A:Fake Windows Security Alert

Welcome to the BleepingComputer HijackThis Logs and Analysis forum catbox_9My name is Richie and i'll be helping you to fix your problems.Please disable Spybot S&D?s protection,or it will interfere.You can enable it after you're clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Reboot the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmViewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerDownload Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log.... Read more

Read other 3 answers
RELEVANCY SCORE 103.2

I am about to give up and format my hard drive, I am so frustrated, so I will try for help here before a wax my hard drive. I am getting this pop (Windows Security Alert) up that performs a scan and then says that I am infected and should download a file to rid my computer of it. I have not downloaded the file as I know it is an attempt to scam me. At any rate, I have tried everything that I know to remove this virus. I have run Malware Antibytes, AdAware, SuperAntiVirus, Spybot and a host of other programs to no avail. My pc is also running slower and when I am browsing, I get redirected to crazy websites. Below is a Hijack this log. Any help would be much appreciated. Oh, This is on my laptop running Windows XP, SP2.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:43:51, on 10/14/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\B... Read more

A:Fake Windows Security Alert pop up

 alert.gif   15.51KB
  22 downloadsPicture of the alert

Read other 23 answers
RELEVANCY SCORE 103.2

I keep getting these Fake "Windows Security Alert" pop-up, pornographic desktop icons.

We had this type of virus last year but did not keep the directions.

It keep coming up with Windows Security Alert I need to buy because I am not protested.
It also keeps adding 3 porn icons to my desktop after I reboot, even though I have deleted them.

Please tell me how to get rid of it.

I have McAfee. but this doesn't help.

Thanks
Mindy

Read other answers
RELEVANCY SCORE 103.2

So i ran a .avi file that I got from a friend and it said something like "the .avi file has code that is not usual for a .avi format would you like to continue" and like a nob i clicked yes. that should have been my first clue that something like this would happen. anyways, after that my browsers (IE and Chrome) no longer worked (displaying page could not be found). I decided to do a few tests, poking around to ensure that i still had internet access as internet disconnections are clearly a cause of browser failure. I pinged google with successful connection meaning my internet is still up and running (and as indicated by my status).
the second thing i noticed after running the .avi is a blue and white striped shield in my notification area that pops up and say in bold "Windows Security alert" and a bunch of other crap. when u go to hover the icon it decides to hide. I checked my programs list (add/remove prog) to ensure that i did not have this as i had not seen it before. I also took a screen shot that I will try to upload (just showing the full msg that came up from the fake anti-virus).

Summary: browsers no longer work, and fake Anti-virus program appearing.

Not sure what other symptoms are occurring but i would rather stop it before it gets worse.

A:Windows Security alert FAKE

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Use a USB stick to transfer tools to the machine if necessary. You might also want to use this tool, which may help free things up long enough to get some logs.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Once the tool has run, do N... Read more

Read other 1 answers
RELEVANCY SCORE 103.2

A "security alert" keeps poping up asking me to download a program that is not microsoft related.

Screenshot:

Avg detected no viruses but spybot found "Zlob" I tried to remove it but it keeps coming back. Thanks in advance.

Spybot Results:

zlob. VAXCodec

hke_local_machine\software\classes\svshostt.arty
----

Logfile of HijackThis v1.99.1
Scan saved at 1:08:20 AM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\CTPMON.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\CTPMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\P... Read more

A:Fake windows security alert - help?

Read other 8 answers
RELEVANCY SCORE 103.2

I'm getting the fake "Warning! Potential Spyware Operation!" popup. Help! I've run AdAware and Spybot, to no avail. Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:23 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\syste... Read more

A:Fake Windows Security Alert

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's run... Read more

Read other 1 answers
RELEVANCY SCORE 103.2

Hi,
Just wanted to post my experience with this spyware/malware. I could not remove this with most cleaners such as spybot, ad-aware,spydoctor, etc. It just kept coming back. It also removes access to your control panel, system restore and other nasty things. Finally, I got the latest free version of AVG 7.5, and AVG found it and removed it. I do think it helps to do the scan after booting up in safe mode. I think I got it from just visiting a bad web page. Hope this helps someone.
 

Read other answers
RELEVANCY SCORE 103.2

Hey people im new to the forums and really need some help

Basically i just randomly started to get these popups on screen from windows secuirity alert telling me that my firewall has detected activity of harmful software. an example is below:

Name: Trojan-downloader.win32.agent.bq
Risk Level : Critical

it then has 3 buttons of which only one is clickable (keep blocking, Unblock, Enable protection{clickable one})
when you click on the button it takes you to a website trying to get you to download software. I suspected that this was fake so i disabled my firewall but i still got this popup.

I have tried running AVG which seems to find nothing and Spybot S&D which also doesnt solve the problem i really am clueless on what to do.

There has been the same popup with different names as well.

thanks

A:Windows Security Alert - Fake

Hello and welcome let's give this scan a goPlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list... Read more

Read other 8 answers
RELEVANCY SCORE 103.2

Hi, I have been having problems with the fake windows security alert window popping up. i have tried many anti-virus software but unsuccessful.This is my result from Malwarebytes;Malwarebytes' Anti-Malware 1.25Database version: 1076Windows 5.1.2600 Service Pack 211:14:05 PM 8/22/2008mbam-log-08-22-2008 (23-14-05).txtScan type: Quick ScanObjects scanned: 55084Time elapsed: 9 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)And my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:33 PM, on 8/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Fil... Read more

A:Fake Windows Security Alert Pop-up

Hello atv76Welcome to BleepingComputer ========================download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Rootkit Search -Yes
Drivers -Non Microsoft
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Read other 9 answers
RELEVANCY SCORE 103.2

My PC is infected by a fake windows security message that has everything grayed out except for "enable". I made the mistake of clicking it and it directed me to a spyware, adware website offering to purchase their products. I thought it was just a temporary thing but now the same message keeps popping up! here's a picture of the message. my apologies for the bad pic, I'm quite new at this so I did my best. Anyway, this everytime this message pops up it says that i'm infected with a different trojan everytime: Trojan-spy. win32.greenscreen, trojan-spy.html.bankfraud.dq, or trojan-downloader.win32.agent.dqI've tried a number of solutions suggested in this forum but nothing seems to work. Thanks in advance for any help, I truly appreciate it.Here's my HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:13:46 PM, on 9/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\System32\spool\DRIV... Read more

A:Fake Windows Security Alert Please Help!

HiPlease Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

Read other 13 answers
RELEVANCY SCORE 103.2

Hi I have an annoying problem that I hope can be resolved.

I keep getting the following pop up every 15 minutes or so.

Windows Security Alert
To help protect tour computer, Windows Freewall has blocked activity of harmful software

Do you want to block suspocious software?
Name: Trojan-Keylogger.WIN32.FUNG
Risk Level: High
Description: Fung is a Spyware program that records keystrokes and takes screen shots of the computer

Button to "enable protection"

The spelling mistake "tour computer" and not "your" was a give away.

I have cleaned my system of spyware and the problem still exists. Any help would be great!

Here is my HJT log.

Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:13 PM, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlc... Read more

A:Fake Windows Security Alert - Help!

Seems I am not the only one with this problem... another poster added this a few hours after mine... must be a new one!

http://forums.techguy.org/malware-removal-hijackthis-logs/764097-fake-windows-security-alert-virus.html
 

Read other 2 answers
RELEVANCY SCORE 103.2

I have run my malware program and it is showing clean, a red shiled with an "X" is at the bottom right tray. Windows security alert - when you open it it shows "automatic updates are off". I am using windows XP and have McAfee security all is showing updated and clean...Please advise how to remove this problem.

Thanks

A:Fake Windows Security alert

You may want to restore your computer to a state before your problem came about. You can find system restore in the control panel page or just searching for it on your computer. Do that and if it is gone, usually problem solved, unless it is really malicious, but i doubt it is in your case.
Good Luck!

Read other 1 answers
RELEVANCY SCORE 103.2

I get a fake windows security alert, Windows firewall has detected activity of harmful software, its pops up about every 10 to 15 minutes, please help.NAME: trojan-spy.html.banfraud.dq RISK LEVEL: CRITICALetc.it has a an enable protection button.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:14:23 AM, on 9/11/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\ProgramData\adminfo\dencxuji.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Windows\System32\mobsync.exeC:\Program Files\UltraMon\UltraMon.exeC:\Windows\system32\taskeng.exeC:\Program Files\UltraMon\UltraMonTaskbar.exeC:\Windows\explorer.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\SpyNoMore\SNM.exeC:&#... Read more

A:Fake Windows Security Alert

This log is already being worked on by Maurice at this location:http://aumha.net/viewtopic.php?f=30&t=36042#p201345Please only post logs at one location as it can get confusing with different helpers working the same log. As you area already being helped at Aumha, I have closed this topic.

Read other 1 answers
RELEVANCY SCORE 103.2

hi im new to this site but i had a problem with my computer
theer was all these fake windows security alerts and so i got spyhunter and adaware and scanned and removed the things it found
however the popups were still popping up
so i googled it
and found sdfix and did what it says
but unfortunately.. my ocmputer is vista and i didnt realise until later that it didnt work cos of that
so i read a topic someone else posted who had the same problem with sdfix and the replier said to get combofix
and so i downlaoded combofix.. got a log thing and all
but now.. its just this one popup that keeps coming up... i think
its the vista security box and it says something about a trojan and its critical and one of the only option apart from exiting the box is 'enable protection' and this leads you to a site which advertises fake products.
does anyone know how to help =( ?
i have a screenshot but i dont know how to post it

A:Fake Windows Security Alert

Combofix by sUBs was never intended to be used in the way that that software such as SuperAntispyware or Malwarebytes Antimalware is done. There are several excellent reasons for this Disclaimer shown when you start the program:Some that I have observed:? About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.? There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the deletion of the folder C:\Windows\System32, requiring a clean install to repair.? Combofix makes some rather significant changes to the internals of XP and Vista in order to work. It has to be removed with special instructions to fully and safely revert these changes. Experienced Helpers are aware of how to accomplish the uninstallation of Combofix.? The real power of Combofix comes not as a general purposed malware remover. It is rather modest in that capacity. Combofix is powerful because it provides to the experienced Helper a convenient and powerful front-end to Scripts. It is because of its scripting strengths, and its unique reporting capabilities, that you see Combofix often recommended. But not because of its abilities as a general malware scanner.? Many malware removal experts w... Read more

Read other 3 answers
RELEVANCY SCORE 103.2

I keep getting these Fake "Windows Security Alert" pop-up, pornographic desktop icons.

We had this type of virus last year but did not keep the directions.

It keep coming up with Windows Security Alert I need to buy because I am not protested.
It also keeps adding 3 porn icons to my desktop after I reboot, even though I have deleted them.

Please tell me how to get rid of it.

I have McAfee. but this doesn't help.

Thanks
Mindy

A:Fake "Windows Security Alert"

First try logging on to yoru compute ri nSafe Mode. To do this, reboot the compuetr and keep pressing the F8 key until you see a black screen come up. On that screen you will see several options; you will want to select Safe Mode with Networking. Once you are logged in you will want to get online and get two tools; Malwarebytes and SUPERAntiSpyware. Here are links:1. http://www.malwarebytes.org2. http://www.superantispyware.comGet those installed and run the scans. After they complete get rid of what they find and reboot in the normal mode. Run the scans again and you should be all set. AZFreeTech

Read other 2 answers
RELEVANCY SCORE 103.2

My computer is infected with the fake Windows Security Alert. I've run the Malwarebytes removal tool twice and each time it has found something and successfully removed it. I reboot the computer and it's back. See DDS log file and I'm also attaching the attach.txt file. Thanks for any help you can give.

DDS (Ver_09-05-14.01) - NTFSx86
Run by cindym at 14:29:32.40 on Wed 06/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.464 [GMT -5:00]

AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning enabled* (Updated) {61172EFB-93C6-4B21-B7F0-858156771A15}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {61172EFB-93C6-4B21-B7F0-858156771A15}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer... Read more

A:Fake Windows Security Alert

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instruction... Read more

Read other 3 answers
RELEVANCY SCORE 103.2

I have a pop-up that shows a Windows Security Alert that tells me that my computer is infected with Win32.Zafi.B and directs me to a website for SafeSoft Perfect Defender.

I currently run McAfee Security Center, and it showed nothing when I scanned.
HJT log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:35 PM, on 1/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\George\AppData\Roaming\Google\wclo... Read more

A:*Fake* Windows Security Alert

Read other 11 answers
RELEVANCY SCORE 102

Hey all,Working on my girlfriend's dad's (there's a tongue-twister) IBM laptop - he has the fake Windows Security Alert virus described at http://www.bleepingcomputer.com/virus-remo...ssentials-alert.I've gone through that guide, as well as a few others related to this specific piece of malware, to no avail. The malware is blocking almost any exe file from running, including taskmgr and regedit - it doesn't even allow the other window to open, it just moves its own window to the top and refuses to close. No Firefox, no IE, no nothing.Every link to every renamed rkill iteration has not worked for me - the window opens and closes instantly, returning to the fake antivirus screen. exeHelper stays open and appears to run fine, but does not cause the malware to close. When I run ComboFix, the blue bar pops up and fills up next to the cougar logo, but then disappears and pops back to the fake antivirus.(Sorry for running ComboFix unrequested - just figured I'd try everything myself before I came crying for help. I've built two PCs so I'd like to think that I wouldn't have bricked someone's laptop armed with only ComboFix.)Despite the program not closing, I decided to try the Malwarebytes program - which removed a couple of other pesky bits of malware he was dealing with, but did nothing to the fake Windows Security Alert. Not sure if I'll be able to post logs at the moment - the laptop currently doesn't have a working web browse... Read more

A:Fake Windows Security Alert trojan...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 2 answers
RELEVANCY SCORE 102

Hi Im new on here...Thanks in advance for anyones help.I have yesterday recieved a virus that pops up a fake windows security alert every 15 minutes or so claiming i have suspicious software, i have read other forums and virus sites and it seems im not the only one.name: Trojan-Keylogger.WIN32.FUngRisk: High"keep blocking" and "unblock" are grey with the only option being "enable protection" which i havnt clicked. I understand it links to a fake spyware site.I have Run virus scanners ...-AVG-Malwarebytes Antimalware-Super anti spyware-regcure-ATF cleanerNon of which have worked, so i am now at a loss at what to do ?Please please HelpThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:43:51 a.m., on 30/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG... Read more

A:Fake windows security alert pop up virus

Hello andrewsha and welcome to BC Please follow these steps:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".Click o... Read more

Read other 2 answers
RELEVANCY SCORE 102

Ive somehow ended up with the fake window security alert virus. Ive run Spyware Doctor and Super Anti Spyware remover and at first the combination of those two seemed to have removed it (the desktop icon dissappeared). However, the system try icon remains and ocassionally pops up to alert me that "Your computer may be at risk. Automatic updates is turned off. Click this balloon to fix problem." So I went into safe mode and ran Smitfraud Fix accordingly however it did not solve my problem, so Im coming to the experts. Any suggestions would be greatly appreciated.Thanks!John

A:Fake Windows Security Alert Virus

Start with this:Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.... Read more

Read other 35 answers
RELEVANCY SCORE 102

Hi i am new here so i don't how this here go
my computer is windows 10 home x64
 
I think infected, start up my computer what whatever start a programs it close by it self
i see a pop up of windows security alert and McAfee, I don't have McAfee or windows security alert, if I stay to long a images show up about Trojan zeus?
only get two screenshots the other one i can't not get.
 
Here some screenshots
 
windows security alert:
http://i1096.photobucket.com/albums/g326/mypic612/nun1_zpsl9tac74k.png
 
McAfee
http://i1096.photobucket.com/albums/g326/mypic612/nun2_zpsaxeitjiv.png
the pop up show i go task manager and show locating
Program Files (x86)\Microsoft Corporation
I don't know is that the virus?
 
try ran in full system scanning have to go boot safe with this software
AVG
SUPERAntiSpyware
Kaspersky TDSSKiller
RKill
Malwarebytes Anti-Malware
HitmanPro
Emsisoft Emergency Kit
Microsoft Windows Malicious Software Removal Tool (only quick scan)
 
I trying everything i got nothing also somehow it work checking normal startup on system configuration
it clean and work some reason next day boom back again.
 
i been doing for three day now, somehow not infected other user account only mine, the account even not a administrator account
 
can you help me please and thank you

A:Fake windows security alert and McAfee

Hi Green617 My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.Autoruns - Start-up EntriesFollow the instructions below to give me an Autoruns log containing your start-up entries:Download Autoruns.zip from the Sysinternals Suite webpage;Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;Accept the EULA on opening, then wait for all the entries to load;Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

Read other 9 answers
RELEVANCY SCORE 102

Hello Forum

I have a lenova X41 thinkpad with windows XP.
I keep getting a popup saying:
Windows Security Alert, Windows Firewall has detected activity of harmful software.

It goes on to name the thing as Trojan-Clicker.Win32.Tiny.h and states the risk is critical. The pop-up links to a site to try to get you to buy PC antispy or PC clean pro by Smart soft. I have run both SUPERAntispyware and Malwarebytes both in full scan mode but the problem still exists.
I am very worried about this and it is very annoying. I would be very greatful of any help.

I have attached my latest Hijackthis file log here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:12 PM, on 9/26/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllcache\prsc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\tp4mon.... Read more

A:Fake Windows Security Alert infection

Hiya

Are you still having this problem? If so, can you post a fresh HijackThis log please

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 102

Hi Im new on here...

Thanks in advance for anyones help.

I have yesterday recieved a virus that pops up a fake windows security alert every 15 minutes or so claiming i have suspicious software, i have read other forums and virus sites and it seems im not the only one.

name: Trojan-Keylogger.WIN32.FUng
Risk: High

"keep blocking" and "unblock" are grey with the only option being "enable protection" which i havnt clicked. I understand it links to a fake spyware site.

I have Run virus scanners ...
-AVG
-Malwarebytes Antimalware
-Super anti spyware
-regcure
-ATF cleaner

Non of which have worked, so i am now at a loss at what to do ?

Please please Help

Thanks
 

A:Fake Windows Security Alert Virus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:51 a.m., on 30/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDO... Read more

Read other 2 answers
RELEVANCY SCORE 102

I am infected with the red icon in the bottom that has the fake windows security alert icon in the lower right hand corner. Also, I am getting a message saying that there has been a major hardware change detected and I will have to reactivate windows. I have had no hardware changes at all recently. The computer is entirely functional at the moment. I have used Malware Bytes, Super Anti-Spyware, AVG scanner and Windows Malicious Software Removal Tool. Each have removed viruses or infections, but this one just won't go away. I am running Windows XP 32 bit. Any help would be greatly appreciated.here is the latest mbam log. Removed the one object it found, but it still did not fix the problem. Followed by the hijackthis log.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 6173Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.21803/26/2011 8:09:13 PMmbam-log-2011-03-26 (20-09-13).txtScan type: Full scan (C:\|D:\|)Objects scanned: 321115Time elapsed: 1 hour(s), 38 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folder... Read more

A:Fake Windows security alert infection

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 3 answers
RELEVANCY SCORE 102

Hi Everyone, This is my first post. I have sadly been infected with a malware trojan Zlob but I can't seem to get rid of it. I have tried removing it with MalwareBytes but the problem still occurs.Here is my Hijack This logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:53:51 PM, on 2/20/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\hp\support\hpsysdrv.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\ehome\ehtray.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\unsecapp.exeC:\hp\kbd\kbd.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM&... Read more

A:Fake Windows Online Security Alert Pop Up

Welcome to Bleeping Computer adamjohn89,Let's get a more detailed look at things then start some repairs.Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.If necessary allow it to locate or download a copy of HijackThis as needed.Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).You can break logs into parts and use separate posts here when replying and posting the log files, if needed.--------------Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed an... Read more

Read other 3 answers
RELEVANCY SCORE 102

Hi

I'm running windows xp on a Sotec laptop.
I have run Spybot and Avast! virus checker a couple of times each.

I am receiving a fake alert message every 5 minutes reading:

>>>>>>>>>>>>>>>>>>

Windows Security Alert

Warning! Potential Spyware Operation!

Your computer is making unauthorized copies of your system and internet files. Run full scan now to prevent any unauthorized access to your files! Click YES to download spyware remover...

>>>>>>>>>>>>>>>>>>>

And here is my HijackThis Log:

>>>>>>>>>>>>>>>>>>>

Logfile of HijackThis v1.99.1
Scan saved at 6:56:32 PM, on 7/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\... Read more

A:Windows Security Alert fake message

Read other 9 answers
RELEVANCY SCORE 102

Hello,I have been getting pop ups like this:stating "trojan-spy.win32.greenscreen", "trojan-spy.html.bankfraud.dq" or "trojan-downloader.win32.agent.bq"Thanks in advance. Here is a fresh Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:15:54, on 9/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft S... Read more

A:Pc Hijacked With Fake Windows Security Alert

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

Read other 14 answers
RELEVANCY SCORE 102

I keep getting what I believe is a fake windows security alert, which reads:
Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and Internet files ....

I cannot access Control Panel. Cannot print and the computer does not recognize me as the administrator.

Please HELP!!!!!!!!!
 

A:Solved: Fake windows security alert

Read other 15 answers
RELEVANCY SCORE 101.2

Hello, 
 
Everytime I boot up my computer, my desktop (and icons) go away and I start to receive pop ups from a fake McAfee Security Alert and sometimes Windows Security. I have ran RKill, Malwarebytes, ADWCleaner, Junkware Removal Tool, as well as Hitman Pro and none of them found anything. I have also reset all my browsers and looked for any unusual programs/processes (which I found none).
 
Not quite sure where to go from here, any help would be appreciated. 
 
Attached is my Hijackthis log.
 
Thank you!
 
 

A:Fake McAfee Security Alert and Windows Security popups

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.p.s.HijackThis is no longer supported and not ready for your operating system.I suggest your remove via the Control panel > Programs > Programs and Features Applet.Use the Farbar tool from now on to report problems.<<<>>>

Read other 6 answers
RELEVANCY SCORE 101.2

Hey Everyone,I dont know what else to say but I need some help. I recently had a popup show that stated I had viruses and that I needed to install Personal Security tools to remedy the situation. I closed it out and my browser opened with a fake windows security alert which showed that I had all these trojans, malware etc... I have researched this for two days now and it seems to be common. Many people are experiencing major issues as the result of this, but that is what I do not get. I have no issues except for the popup showing twice in the last few days, but I do not want it to get to that point. Everyone has processes related to personal security, bogus files and registry entries. I have none, that I know of. I searched for all the known definitons I could find, with no luck. I know a little bit about computers and have always remedied the situation, but I just dont know about this.I have a dell laptop running Vista and nortons antivirus. I downloaded hijackthis and the log is below. Any help would be appreciated. ThxLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:42:52 AM, on 1/8/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18865)Boot mode: NormalRunning processes:C:\Program Files (x86)\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Google\GoogleToolbarNotif... Read more

A:Fake windows security alert and popup - Personal Security

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 100.8

Hi,
 
Win 8.1 I was using Skype program two days ago, and I had just signed in, and I had a dialogue box appear. I was in a hurry, so I didn't take screenshots, but if I remember correctly the title was "Windows Security Alert" and the buttons were "Ok" and "Cancel". The message was something about "This website or the website you are trying to view is dangerous. You should not load this site". I can't remember if I clicked ok or cancel or the red x button top right in that dialogue box, but once I did, the dialogue box came straight back, so close it again, and it closed then came back, this went about 5 times so that's when I decided to end Skype program through the task manager. I then restarted it if I remember correctly and that dialogue box was gone.
 
So, was this windows defender saying that Skype program has loaded something eg I know Skype program has ads that get loaded, maybe defender picked up something, or was this some malicious software that may have come through skype somehow? Have not visited any bad websites recently. My skype is a few months old and I have not updated, I say not now each time it asks when I start it up. I don't want skype to auto update hence why I kept saying no.
 
Is there a way to check if defender picked up on something at the time, eg is there a history somewhere so I can tell if this is legit or if its malicious? I read on another forum something about maybe Skype uses Active X controls and you need to disable that in ... Read more

A:Possible Skype fake windows security alert dialog box pop up

Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
 
Adware Removal Tool Scan.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
 
 

 
Hit Ok.
 

 
Hit next make sure to leave all items checked, for removal.
 

 
 
The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK ... Read more

Read other 0 answers
RELEVANCY SCORE 100.8

I posted here in mid-July and MNDnNC helped me tremendously. Unfortunately, whatever source started this thing got hit again by one of my kids and I'm infected again.

I've done the following:
New Vundo Fix
New ATF Cleaner
New Combo Vix
Run SuperAntiSpyware

Here are the logs:

Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 2:27:48 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Gateway Wireless Monitor\WLService.exe
C:\Program Files\Gateway Wireless Monitor\WLan... Read more

A:Solved: Its Back...The Fake Windows Security Alert

Read other 8 answers
RELEVANCY SCORE 100.8

I downloaded some sort of "Video ActiveX Object 7.02" After downloaded this problems started appearing on my computer including a program called Windows Safety Alert that created a icon in my taskbar that will periodically say that I have spyware on my computer. "System Alert!" is what it says. I followed instructions on http://www.pchell.com/support/spylocked.shtml which included using HijackThis and I admit I was a little confused, but the problem is still on my computer after I followed instructions. Here are my HijackThis logs.Logfile of HijackThis v1.99.1Scan saved at 9:46:25 PM, on 4/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\system32\cleanmgr.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Owner\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/R1 - HKCU\Softwa... Read more

A:Windows Security Alert / Fake Spyware Applications

Welcome to the BleepingComputer HijackThis forum Nekoyasha Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the "Scan tab" and UNcheck "Heuristic analysis"* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.* When done, a message will be displayed at the bottom advising if any viruses were found.* Click "Yes to all" if it asks if you want to cu... Read more

Read other 14 answers
RELEVANCY SCORE 100.8

Hi,
 
Win 8.1 I was using Skype program two days ago, and I had just signed in, and I had a dialogue box appear. I was in a hurry, so I didn't take screenshots, but if I remember correctly the title was "Windows Security Alert" and the buttons were "Ok" and "Cancel". The message was something about "This website or the website you are trying to view is dangerous. You should not load this site". I can't remember if I clicked ok or cancel or the red x button top right in that dialogue box, but once I did, the dialogue box came straight back, so close it again, and it closed then came back, this went about 5 times so that's when I decided to end Skype program through the task manager. I then restarted it if I remember correctly and that dialogue box was gone.
 
So, was this windows defender saying that Skype program has loaded something eg I know Skype program has ads that get loaded, maybe defender picked up something, or was this some malicious software that may have come through skype somehow? Have not visited any bad websites recently. My skype is a few months old and I have not updated, I say not now each time it asks when I start it up. I don't want skype to auto update hence why I kept saying no.
 
Is there a way to check if defender picked up on something at the time, eg is there a history somewhere so I can tell if this is legit or if its malicious? I read on another forum something about maybe Skype uses Active X controls and you need to disable that in ... Read more

A:Possible Skype fake windows security alert dialog box pop up

Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
 
Adware Removal Tool Scan.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
 
 

 
Hit Ok.
 

 
Hit next make sure to leave all items checked, for removal.
 

 
 
The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK ... Read more

Read other 35 answers
RELEVANCY SCORE 100.8

I acquired the fake XP Security Center "scareware," used Malwarebytes, SpyDoctor, and SmitFraudFix, to try and remove the virus. Everything seems to be okay except that the fake "Windows Security Alerts" icon is still in my system tray (it's a red shield with a white x in the middle). Also, when I click the icon, it opens up a fake XP Security Center window that shows my Automatic Updates as "Turned Off." I know this window is phony because when I check the Automatic Updates through the Control Panel, it is on. (ADDED 3/28/11) The next time I turned on my computer, after the GMER scan, my cursor worked for a couple minutes, and then it became invisible; however, it was still functional, but I had to navigate carefully using highlighted text as reference points. It is now the next day, and I'm still having this problem.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevin at 17:40:18.12 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.253 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoo... Read more

A:Fake "Windows Security Alert" in System Tray

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 27 answers
RELEVANCY SCORE 100.8

Hello, over the past week I've attained the fake XP Security Center "scareware." I've already used Malwarebytes to address this issue, and for the most part, things are better. However, I realized that the fake notification in my system tray "Windows Security Alerts" is still present. When I click on it, it brings up the phony XP Security Center. The only way I know this is phony is because when I navigate to "Automatic Updates" through my Control Panel, it is already activated whereas, when I see the phony XP Security Center, it shows the Automatic Updates as turned off. I tried using SmitFraudFix through other online help, but the icon is still present. I just want to get rid of this. Also, is there any way to make sure I've taken care of all the fake XP Security Center problems without reformatting my computer? I'll be checking back at least once everyday (probably more, though), as my schedule is busy (whose isn't?) I'd really appreciate if someone could take me through this problem step-by-step. Thanks guys!

Also, I used Registry Booster to scan my registry and it showed that it was badly damaged. Of course, I couldn't fix the problem because the program only allows for up to 15 errors to be fixed . . . I had 200+

A:Fake "Windows Security Alert" in System Tray

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 100.8

I picked up this annoying infiltration alert virus which also comes with a fake windows security center. I can't run any .exe nor can I boot into safe mode to run any Malware removal software. I was able to run bitdefender which identified the infected file but I can not delete the file because it is locked and unlocker can't run. Can't run System Restore or most any .exe program.

Can't run msconfig or regedit or anything to manually remove virus.

Help!

A:Windows "Infiltration Alert" & Fake Security Center

Was able to finally boot into safe mode and MB removed the virus!

Read other 1 answers
RELEVANCY SCORE 100

Hello,I keep getting a popup, a fake Windows Security Alert, that says "Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click yes to download spyware remover..."I have also lost my control panel and Google is now my default home page. I have done everything on the preparation guide before posting except Windows Update because I get the response "Network policy settings prevent you from using this website to get updates". Panda found a couple viruses and disinfected them. Computer also has been running very slow, including Startup and shutdown and I constantly get "Blank image" warnings. Any help would be greatly appreciated!Thanks ahead of time.Here is my Hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:55:14 PM, on 11/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explo... Read more

A:Fake "windows Security Alert" Popup And No Control Panel

Hello Willie773,Welcome to Bleeping Computer First you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (TrendMicro and Symantec/Norton) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable the other one, and use it as an on demand only scan occasionally.I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 8 answers
RELEVANCY SCORE 100

OS: Windows XP

My brother was using my computer and, at some point, noticed that my computer was acting strange. He started getting error messages about the hard drive, and all of the icons on the desktop disappeared along with the start up menu options and the "All Programs" list. When I investigated, I was not able to boot up in safe mode. Instead, I got a blue screen which read:

"A problem has been detected and windows has been shut down to prevent damage to your computer.
IRQL_MoT_LESS_OR_EQUAL"

And then it would go into a memory dump. After it was finished it would give me the option to boot up in safe mode, but if I chose that option I would get the blue screen with the message again. So I eventually booted up in normal mode and attempted to access files by making hidden files viewable (all files were made hidden by the virus), but I would get interrupted by a program posing as a windows security alert and windows recovery which would constantly pop up warning messages.

I would finally manage to make the files viewable, but then the virus would change the option to make them unviewable again -- after repeating this process a few times, it would force a shutdown. I wasn't able to access the task manager either. After several reboots and a little persistence, I was finally able to execute a full malwarbytes' scan which found a bunch of stuff and deleted them. I ran spybot right after which found some more stuff and deleted them. Then I ra... Read more

A:Fake windows security alert/recovery -- virus/hijacker

Please ignore this thread, I got help in another forum. :)

Read other 2 answers