Over 1 million tech questions and answers.

Spyware Alert! Antivirus software alert Threat: Bankerfox,A

Q: Spyware Alert! Antivirus software alert Threat: Bankerfox,A

Pop-ups on desk top: remotely accessing wed sites eg Porno.com, ******.com ect.;Windows Secerty center opens;Antivirus Live- showing a open scan box;regsvr32.exe - Application Error box; Security Warning- (application cannot be executed) Spyware Alert ! Velnerabilities found 34 seriousthreats ect. box; Antivirus sostware alert-attack from,Attacked port,Threat, box. I cannot open any files (programs) or access the internet.

Is there anyone that could help eradicate this virus from my computer.

RELEVANCY SCORE 200
Preferred Solution: Spyware Alert! Antivirus software alert Threat: Bankerfox,A

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Spyware Alert! Antivirus software alert Threat: Bankerfox,A

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 126

So here's an interesting tale.

A friend of mine, upon visiting a website, was smashed with a bunch of popups from a fake anti-virus that now basically performs a fake scan on her computer and prevents her from opening any exe files that I know of.

The main error I've seen in screen shots is that the fake anti-virus claims she's being attacked by BankerFox.A & Win32/Nuqel.E, as seen in these pics below:

Pic1

Pic2

After making sure she had the internet disconnected I set upon instructing her on many different ways I thought might fix it.

The first thing I thought to do was boot up in safe mode and get Malwarebytes installed. That found around 52 problems, but didn't fix this issue.

I later tried Hijack This, and compared her log with other logs of people with the same problem with no luck. I had her wipe the ones that the automated detection database for Hijack This said were fishy (and the ones I didn't like), but the problem still persisted.

After digging a little deeper on some forums and learning more about the malware in question (other people reporting the exact same problems), I discovered icesword, and how it constantly renames itself to try to break through this type of malware attack's block on specific exe files. Icesword managed to break through the malware but as soon as she attempted to scan with it, it brought up a blue screen of death...

I then tried OTL (Oldtimer) to get a different type of log. I compared her log with... Read more

A:Fake Antivirus Software Alert: BankerFox.A & Win32/Nuqel.E

Well, something changed (not sure what) and running all of the scanners again (even HijackThis and OTL) found a lot more garbage to remove. Malwarebytes even found some files that were obviously the ones causing the problems with names like "Generic Fake Anti-virus" etc. It seemed obvious that the problem was found. Upon restarting back into normal mode, the problem persisted.

A system restore to a restore point from few days ago was the next plan and upon doing that, and returning to normal mode, it said that part of the restoration was incomplete so it restarted again. After that restart, the same message displayed. We tried restoring to a slightly later date and the same thing happened.

The machine is behaving oddly now and allowing her to use task manager and malwarebytes in normal mode, even after the system restore apparently failed. Still not 100% sure if it's fixed yet so any suggestions would be helpful. I've been at this for 11 hours straight so I am getting some sleep for now...

Thanks, all.

Read other 4 answers
RELEVANCY SCORE 109.6

I am working on a Windows XP Pro machine. I was getting pop up ads with a Windows security alert warning, along with a few others. My time also changed to military time. I could not run any malware programs until I ran a HJT log and corrected on of the entries, something with a ip address in it, I didn't write it down like an idiot. That then allowed me to update and run Spybot , malwarebyte and superantispyware. All came back with issues. Mywebsearch, trojan.fakealert.gen, disabled.securitycenter ,Trojan.vundo,trojan.fakealert,torjan.fakealert.gen,rogue.antivirusoft.Thank you in advance for your help!Here is the DDS report:DDS (Ver_09-12-01.01) - NTFSx86 Run by jandreozzi at 11:16:57.68 on Tue 03/09/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1075 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Fi... Read more

A:Windows Security Alert/Antivirus software Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 29 answers
RELEVANCY SCORE 108.8

This afternoon I was browsing a site called Photobucket for clipart/photos for an upcoming lecture when my computer decided to go haywire. I have red spyware alert pop-ups everywhere and cannot connect to the internet or bypass them to run my antivirus scan.

I downloaded the HJT software from another computer and was able to install it, but am unable to "run" it. Help please. I am unable to access the task manager due to all the pop ups. Is there anyway to disable these popups?
 

A:Antivirus Software Alert - Spyware

Read other 6 answers
RELEVANCY SCORE 99.2

Hi,
My Norton Antivirus Auto protect function refuses to enable + it gives me an E-mail scanning error. For now I don't see any other signs with the machine but I got a tip from your forum to scan online with Panda and I will post the results, as well as the results from HJT and Ewido with the hope that s.o. can help me with this. Here goes (Panda first):
Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\clsid\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents an... Read more

A:possible threat - Norton Antivirus + Win Security Alert affected

Hi, Welcome to TSG!!

Please post your hijackthis log.
 

Read other 1 answers
RELEVANCY SCORE 92

When browsing in firefox, I suddenly got a popup in my taskbar from Windows Security Alert. Knowing that was a problem, I immediately came here and downloaded DDS and Rootrepeal. However, this malware will not let me run a program. Every time I try, I get a window popup that says "Security Warning: Application cannot be executed. The file cmd.exeis infected. Do you want to activate your antivirus software now?" And then yes/no boxes. I've since closed firefox, and can no longer open it. I get the same popup for every program I try to open. Any help would be greatly appreciated

A:Windows Security alert/Antivirus System Pro alert

You already stated that no matte rwhat program you try to open, you see that pop up for the scareware. You can try running Rkill first to see if you can kill some of the malware processes that are preventing you from being abel to run other security software. here are some DL links for you. LINK 1LINK 2LINK 3LINK 4Once you get it downloaded double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.Once it runs you should be able to run MBAM and then I would run SUPERAntiSpyware as well. If all else fails try going in to safemode and install MBAM and run the scans from there to get you started.

Read other 4 answers
RELEVANCY SCORE 90.8

I've been getting the following balloon messages on my taskbar:

pic link 1

pic link 2

Along with these many balloon messages, I've been getting random pop-ups for spyware & virus programs, as well as the occasional other site. I ran Spybot, Spyware Terminator, Ad-Aware, and AVG Anti-Spyware 7.5.

After reading through the forums, I also ran them all in safe mode, and ran SDFix in safe mode as well.

I don't seem to be getting the pop-ups anymore, but the shield on my taskbar (in pic 1) is still there and the balloon message still comes up every few minutes.

This is my latest HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:43:19 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsv... Read more

A:Solved: System Alert & Security Alert Spyware

Read other 9 answers
RELEVANCY SCORE 90.8

I am writing this on my netbook because my other PC is infected with Antivirus Software Alert. I cannot open Internet Explorer on it. It is running Windows XP Service Pack 3. I tried to run Super AntiSpyware and Spybot Search & Destroy but cannot run them because of the fake security messages. I did run Glary Utilities and it found and cleaned a few things but now the fake "windows security alert" is preventing everything from working. I need to use this PC for work tonight and hope to get this cleaned off by then. I have been on vacation for a week and did not want to come home to this. Thanks in advance for any help. I did read the beginning instructions but cannot download the dds link because I can't get to the internet on my other PC. I have a flash drive so I can copy files back and forth if necessary.

A:Antivirus software alert

Hi

Try using the Last Known Good Configuration:

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY repeatedly,
this will bring up an advanced menu.
Use the Up and Down Arrow Keys to scroll up to Last Known Good Configuration
Then press the Enter Key on your Keyboard
go into your usual account

run the following program if the rogue security program is still active:

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.

If for some reason the machine reboots, repeat t... Read more

Read other 2 answers
RELEVANCY SCORE 90.8

My sons computer is infected. It is XP professional. I can't run AVG or Malwarebytes...I get s Security Warning, application cannot be executed... Theres s box open that says antivirus software alert that keeps coming back. When I click on Internet Explorer it goes to newsoftspot.microsoft.com ... along with pop ups.

A:Antivirus Software alert...

Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.

Read other 13 answers
RELEVANCY SCORE 90.8

Hello

my computer is infected with antivirus software alert. when it first popped up, i ran rkill and malwarebytes to remove it and the pop-ups stopped. i had to restart my computer for something else, and after i restarted, the pop-ups came back and now i cannot do anything with it. i cannot run malwarebytes, rkill, internet explorer, microsoft word, open my control panel, open task manager or any program for that matter. i tried going into safe mode with networking and downloading spyware doctor to no avail. i also tried to run my antivirus programs in that mode, and nothing has worked. i do not have firefox installed on the computer. currently, i am using another computer to post here. any help would be gratefully appreciated. thanks.

BK

A:Antivirus Software Alert

I am having the same problem. Everytime I log on I get all sorts of alerts that my computer is infected, and I get sent to Antivirus.net where they try to sell me an anti-virus program to fix the problem.

I am sure this is a scam to get me to by a product that I do not need from whoever is behind antivirus.net for a problem that THEY created with some kind of trojan or worm.

Read other 8 answers
RELEVANCY SCORE 90.8

I've recently been infected with a virus that keeps popping up annoying error messages such as

"WINDOWS SECURITY ALERT"
"Application cannot be exceuted. The file wuauclt.exe is infected. Do you want to activate your anti virus software?"

The virus causes pop ups for porno.com to come up constantly. I also can't run any antivirus software or start task manager as a result =/

Thanks in advance.

A:Antivirus Software Alert

Hello and welcome. Here's what we do...Run FixExe.regFixExe.reg ....click Run when the box opensRun RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.Now TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.alternate download link 1alternate download link 2MBAM m... Read more

Read other 5 answers
RELEVANCY SCORE 90.8

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ed at 17:02:28.82 on Thu 12/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2670 [GMT -8:00]

AV: Norton 360 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\WINDOWS\System32\svchost.exe -k Akamai
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\svchost.exe -k hpdevmgmt
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\System32\snmp.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtsv... Read more

A:Antivirus software alert

Here is my description. Somehow it got moved before I sent the post. A bogus antivirus program came up saying my computer is being attacked.I thought it was my virus program and clicked on it. Mistake. It wants to run a scan no matter what so I end up shutting down. I've seen this problem alot doing a search, so I think you guys know the details. I've heard it called scareware. If not, let me know and I will tell you more. At first, I couldn't run any scans and I could not get into safe mode so I ran rkill.com and it gets rid of it until I reboot. Then it returns but I was able to run DDS and GMER so here they are. I do have my Windows XP disc upgrade.

Read other 3 answers
RELEVANCY SCORE 90.8

A pop up started on my computer this morning. "Antivirus software alert". Unable to use Internet Explorer. Unable to check to see if Firewall was enabled or download Defogger or DDS. Cannot open Malwarebytes either. Everyonce in a while it opens an Internet Explorer page to Ads. One just popped up now. The details say "Attack from: 151.86.39.38, port 65407, Attacked port: 25937, Threat: Win32/Nuqel.E"
Thank you for the help!

A:Antivirus software alert pop-ups

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 90.8

Hello! I'm new to this whole website, but I've looked all over for help on this and found nothing that could actually help solve my friend's problem.

I've read a few things on this virus before, and the suggestions posted may work for my friend, but sadly, the virus is preventing add/remove programs from working.

When most files are clicked (including rkill), the virus claims "Application could not be executed. The file *** is infected."

My friend has no professional antivirus system on their computer, but I had her install Avast after the virus entered, which stopped the large red pop ups.

Malwarebytes found nothing, even on a full scan in safe mode. If possible, I would bring a USB/CD with a clean version of Malwarebytes over, but there's just no way to do that right now.

Her computer runs for about 4 or so minutes before whatever open applications freeze.

If necessary, I could get her set up on these forums to reply directly. She'd probably reply over iPhone, but could also on her computer if absolutely necessary.

Please help! Her computer is the only way she can contact a lot of her good friends, and they all miss her! Thank you so much in advance!

A:Antivirus Software Alert help!

Hello and to the BC forums.Have a look at the following removal guide: How to remove AV Security Suite (Uninstall Guide)Is this the malware you are dealing with? If not, have a look at the following link: Virus, Spyware, & Malware Removal GuidesIf you cannot see there, the name of the malware that you have, enter the exact name in the search box under "Search Guides", on the right-hand side of the page, and search for the appropriate guide.Let us know if you can't find a guide that matches your infection.If you do find the appropriate guide, follow the instructions closely.You said: "When most files are clicked (including rkill), the virus claims "Application could not be executed. The file *** is infected.""
When that happens, leave the message on the screen and run another version of rkill .... there are a number of differently named versions on the rkill download page. Continue trying to run rkill until it does run successfully. Post the log too, please.
Ensure that you do have the latest version of MBAM (1.50) AND that you do update the MBAM database definitions to the latest available.The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please post the logs and let us know how the system is running now.

Read other 1 answers
RELEVANCY SCORE 90.8

Dear Tech Support,

Thanks in advance for your help with this problem. Below is the requested information including alert messages, DDS, and zipped files ark.txt and attach.txt.

My system:
Compaq Presario SR1200NX
Windows XP (no disk provided) Service Pack 3
Internet Explorer 8
McAfee Security Center
DSL connection, ethernet, 2-Wire Gateway (modem/router from AT&T)

I received a suspicious pop-up alert while surfing a questionable website. After closing the pop-up an unfamiliar program called Antivirus Live began to scan my computer. Upon closing the program I was directed to a website to purchase Antivirus Live.

Several alerts followed, and reappeared after closing:


-Security Warning
Application cannot be executed. The file wscntfy.exe is infected. Do you want to activate your antivirus software now?

-Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan - dropper or similar.
DETAILS
Attack from 160.182.218.236, port 43366
Attacked port: 51365
Threat: BankerFox.A
Do you want to block this attack?

-Windows Security Alert
Application cannot be executed. The file wscntfy.exe is infected. Do you want to activate your antivirus software now?

-Windows Security Center
Virus Protection - Out of Date

-Internet Explorer
www.porno.org

-Spyware Alert!
Vulnerabilities found
Your computer is infected by spyware - 34 serious threats have been foun... Read more

A:Antivirus software alert

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 90.8

Hello:My computer seem to have been infected by a malware. I cannot successfully run DeFogger and DDS tool. Below is a summary of the problem.After visiting an obscure website, I started getting multiple Pop-ups. Several Pop-ups have a title "Antivirus software alert" in white letters on red background. One pop up reads "Attention! Spyware Alert; Vulnerabilities found. Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate realtime secure protection against future intrusions," followed by a sentence to urge me to "upgrade to full version of antivirus software to clean your computer and prevent new security and privacy attacks." It has two buttons: "Activate your antivirus software" and "Stay unprotected"Another Pop-up has the same title as the first one, but reads as "Infiltration Alert. Your computer is being attacked by an internet virus...." Then there is a "Details" section. This section has the following info. Attack from: xxx.xxx.xxx.xxx (IP address), port xxxx; Attacked port: 6618.My machine runs Vista. I have Symantec AntiVirus 10.2 Build #276 installed. Running Symantec AntiVirus does not detect any virus file.I followed "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help." But Step 6 to run DeFogger and Step 7 to run DDS to... Read more

A:Antivirus software alert

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 12 answers
RELEVANCY SCORE 90.8

Hello --

My laptop computer had multiple message windows open with "Antivirus software alert" and "Activate your antivirus software" included in them. I was able to get my Norton 360 to run using "Comprehensive Scan" option with selection to shut computer down when complete.

Several hours later when I restarted computer a message "Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan - dropper or similar." appeared. I ran "Run LiveUpdate" option within Norton 360 and it completed normally. I ran Norton 360 again, this time using "Quick Scan" option with selection to shut computer down when complete.

When I restarted computer, no virus or trojan horse messages appear, but when I open Internet Explorer I get the message "Internet Explorer cannot display the webpage." When I try to "Diagnose Connection Problems" I get a proxy server configuration error.

I don't know what to try next -- suggestions?

A:Antivirus Software Alert

Hi,
sounds like you have either part of a trojan left or a version where thy messed up the proxy redirect.

On your internet explorer, click tools>internet options
(if you can not do this, mouse right on a desktop icon of IE and select internet options or do start>run, type Inetcpl.cpl and hit return)

on the window that appears click the connections tab

about 2/3rds of the way down on the right is the button "LAN Settings", click on this

on the window that appears, in the bottom half make sure "Use a Proxy Server for your...." button is not checked, if it is, uncheck it and click ok
click ok on the internet options window
try and use the internet

This will get you access to the internet but it does not remove the trojan. It may have been killed by your AV but running something else (I would uses Mbam but you may want to wait for one of the staff members to respond) would be a good idea

Also some versions of this virus will reset the proxy as soon as you exit internet options so if it reverts to not letting you then let us know

Read other 1 answers
RELEVANCY SCORE 90.8

Hi, I appear to have a major problem with my desktop pc - I am currently using a borrowed laptop - Mcafee seemed to be running fine, when suddenly an alert appeared informing me of trojans - I am now getting an infiltration alert and anything i try to open says application cannot be executed. The file ......... is infected. I have tried to run malwarebytes, but that closes, the internet will not open, all it suggests i do is run my antivirus software, which appears to be a fake that has opened in the tray. Any suggestions as to what i can do - should i just reinstall windows and lose everything i guess! I am running XP. Please can anyone assist me!

Update - Antimalware Doctor ran automatically when i restarted my computer.

Thank you, Ruth

A:Antivirus Software Alert

Hello, le's give this a go.Open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...." Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does... Read more

Read other 3 answers
RELEVANCY SCORE 90.4

Alright so I got this fake anti-virus from tvshack.cc, and have actually contracted it numerous times (what can I say, tv shack is amazing). Since then I have found an awesome add-on for firefox called NoScript, which blocks all the malicious crap from the site while still allowing the scripts that actually stream the videos through. I've been using this program for a couple weeks now and have not had a problem since. So, contracting this malware should no longer be a problem. The malware caused pop-ups showing fake scans, saying "buy our fake product to solve the issue we caused!" (k maybe not those exact words). It blocked me from being able to execute any application, erased my system restore points, interfered and changed the settings of programs, and would give me the Blue Screen of Death ("A problem has been detected and windows has been shut down to prevent damage to your computer"). Every time it happened, including the most recent, I cleared out most of it with updated versions of Malwarebytes Anti-Malware(first in safe mode, then normal mode) and SUPERAntispyware(normal mode only). However I'm still encountering some leftover problems. The Blue Screen of Death still occurs every once in a while (not nearly as much as it use to) resulting in an immediate and 'unexpected' shutdown. Some programs cannot be updated, installed, or activated. Superantispyware tries to update but a message error comes up saying superantispyware.exe i... Read more

A:Antivirus Software Alert (Fake Antivirus scan)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 16 answers
RELEVANCY SCORE 90

This virus is giving me a very hard time, I have tried using malware bytes and AVG virus scanner neither seems to be able to pick up the problem. Here is the log, thanks for any help please let me know if you need any more details.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:39:52 AM, on 2/2/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Program Files (x86)\Curse\CurseClient.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Users\Admin\AppData\Local\rtknea\nqjnsftav.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\MagicDisc\MagicDisc.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/f... Read more

A:Antivirus software alert, csrcs.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 90

I have picked up a a virus on one of my computers. Pop up indicates "Antivirus software alert", "INFILTRATION ALERT" it goes on to indicate that "Threat: Win32/Nuquel.E This message is then followed by another that offers to "Activate your anitvirus software" Shortly after the second message a web site will appear offering porn or viagra. What steps can I take to eliminate the virus.
Thank you,
jsinatlanta

A:Antivirus Software Alert - Avast

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

Read other 2 answers
RELEVANCY SCORE 90

Hey There This Just popped up on my computer while I was playing medieval 2. It started as as antivirus software alert and then also loaded up xp security center. Then I stepped away from the computer and came back to find internet explorer loaded up to some porn site. I just recently got my machine clean thanks to the help of MOLE but now it or something similar is back. . Sorry the typing is off but I have a large popup right in the middle of my screen. Any help would be greatly appreciated. Thanks.

A:Antivirus software alert and XP Security

I attempted to run dds but it looked like the virus I have prevented it from running. I also tried running antisuperspyware which Mole recommended for me but it hung up while reunning a scan and now will not start again. AVG, adaware, and ccleaner won't execute. Help! I saw that my post got moved because there is no log but I don't know how to get one if dds won't run. Any advice would be greatly appreciated. Thanks.

Read other 58 answers
RELEVANCY SCORE 90

Hi, I have a Dell PC running XP and have been attacked by some sort of malware. It happened to my laptop recently and I followed your directions and was able to remove it. Now it's on my desktop. I"m unable to access my control panel through the traditional method or through "run". I'm getting literally hundreds of messages, one right after the other, like a bombardment, sayint Windows Security alert Application cannot be executed the file wuauclt.exe infected. Do you want to activate your antivirus software now? And lots of other warnings. Then on top of it all it loads a porn internet site but will not allow me to go anywhere else on the internet (such as your site or google, etc). What do I do? Thank you for any help possible. izerriter

Read other answers
RELEVANCY SCORE 90

One of those bogus "antivirus software alert" things has started on my computer. "
Ctrl+Alt+Del will not bring up the Task Manager.
Chrome will not start.
My usual browser, Opera is running poorly.
I can't get HijackThis or MalwareBytes to run either.
Currently Firefox is running well.

Multiple IE windows are coming up with links to places like "porno.com" and things about Viagra.

I usually can find my problem referenced in a post here and take care of things myself without bothering anyone - Tonight however I've met up with a tougher problem.

I will try to stay awake for a while if anyone can help tonight,
Thank you.
 

A:Antivirus software alert and many things won't run.

I should add that the bogus antivirus says I have bankerfox.a and nugel.e.
 

Read other 2 answers
RELEVANCY SCORE 90

Please help if possible........ I'm pulling my hair out at the moment.. I have a Dell Inspiron Laptop with Windows XP home. (About 4 1/2 years old..) I have got infected and keep getting fake "Antivirus Software Alerts". I can't get onto the internet with the laptop because it keeps setting the Iexplorer to use a proxy server and it just overides it when i try and change it back. I can't get on the internet in safe mode either. I have tried to run the Malwarebytes anti malware program but this is not working correctly. I have tried Running the Rkill program but this is also blocked by the Virus. I did manage to run the Rkill program in safe mode but it did not find anything. I apologise if I'm rambling a bit but I was up until 2.30 this morning trying to sort it out. Help!!!!!!!!Thank you for listening.....Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Rogue "Antivirus Software Alert"

Good Afternoon,

Start with boopme's post 18 http://www.bleepingcomputer.com/forums/topic389345.html/page__st__15

Read other 3 answers
RELEVANCY SCORE 90

I have received this message twice in the last 2 weeks while using Firefox. It was trying to get me to download, obviously I didn't figuring it was a virus. Question, do I have something on my computer already that is making this open as I have pop up blocker turned on?

This is the message:
"Attention your computer is stuck by spyware, etc please download Antivirus 360 etc....

Any help is appreciated...thanks Dano2
 

A:Getting an Antivirus 360 software alert while using Firefox...

Read other 16 answers
RELEVANCY SCORE 90

When logging on to the user name, after a short period of time, all of this will pop up:-Antivirus Software alertInfiltration Alert: Your computer is being attacked by an internet virus. It could b e apassword stealing attack, a trojan, -dropper or similar.Attack from :148.69.175.47port:15321attacked port: 50635Threat Bankerfox.ABlock attack yes or no.-Application cannot be executed. The file datasafeadapter.exe is infected.Do you want to activate your anti virus software now?The popups continue everytime I tried to run something. I have tried running the computer in safe mode and running malwarebytes antimalware on the infected username and scanning everything, but it does not find anything. I was able to use rkill on it once and stop the malware momentarily, and once again ran malwarebytes antimalware scan on the affected username, and the scan did not pick up anything.I have also run malwarebytes on my unaffected username, and I am currently typing this log on it. Once again, nothing came up on the scan. I have attached the DDS and Attach scans. However, when I tried to scan with the GMER, it did not work as the guide said it would. I was not able to check most of the boxes it said to check, and I'm not sure why.Thank you so very much for your help, I really appreciate that you do this for free.

A:Infected with Antivirus Software Alert

Updated. I was able to stop the malware with rkill. I then downloaded a new updated to malwarebytes and it found a trojan and another virus. I then scanned with McAfee and it found nothing again. I then downloaded Windows Security Essentials and it found a couple other viruses. The username is working correctly, but is there anything else I can do to make sure my computer is completely clean?

Read other 3 answers
RELEVANCY SCORE 90

Hi, my computer has some type of virus/bug. I was working on google chrome and it all of a sudden got this crazy antivirus infiltration popup and next thing I know on the toolbar at the bottom of my computer was an Antivir Solution pro icon. I did not install anything but it is on the toolbar. Also, all programs are slow to open and I had to reinstall Firefox and google chrome just won't install at all. I ran hijackthis previously (2 days ago) and the log is below, I will run an another one and add the updated one as soon as the virus lets me open & run a program. Please help!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:49 AM, on 7/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\... Read more

Read other answers
RELEVANCY SCORE 90

Hello, I have received malware on my laptop computer. It keeps popping up "Windows Security Alert" , " Antivirus software alert" , Security warning boxes, and keeps opening my web browser which has been rendered unusable. I have tried downloading some anti malware programs from my desktop onto a memory stick however this program will not allow me to open them fully. I tried the same with your dds. that i read you needed to inspect to find out the problem . It will open it up , run , then when the black box pops up with the info it disappears. I don't know a whole lot about this , I just had malware on my desktop once , a friend told me to come here , downloaded a program and "poof" problem was solved. This program is kinda the same , trying to sell me some antivirus but because it has disengaged my internet the site it is trying to take me to' http ://dioging.com/shop?abc=cGdpZD03JnI90DMuMg== ' doesnt pull up. Anyway I'm needing help, any would be appreciated. ThanksEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to absence of logs in topic. Also disabled potentially dangerous link for the protection of our membership. If visiting the URL do use proper malware protection applications. ~ Animal

Read other answers
RELEVANCY SCORE 89.6

Hi. I seem to be infected and can't get rid of it. First I get a popup - Security Warning. Application cannot be executed. The file googletoolbarnotifier.exe is infected. Do you want to activate you antivirus software now? Yes and No buttons. The file name changes.Then once I am connected wirelessly, I get a popup in the bottom right. Antivirus software alert. Infiltration Alert virus attack. Your computer is being attacked by an internet virus. It could be a password-stealing atack, a trojan - dropper or similar. Details attack from 129.128.175.95 port 7202Attacked portL 44985Threat: BankerFox.ASometimes it is a different threat.Then I get another popup window Antivirus Software alert Vulnerabilities found. This is a big red and white popup. Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommend that you disinfect your computer and activate realtime secure protection against future invasions. There are 2 buttons - Activate your antivirus software and Stay unprotected. Manwhile IE tries to open and goes to www.porno.com.All this happens without me touching a thing. Local programs seems to run, it seems to be connected to the internet, but no page will come up.I have tried Microsoft Security Essentials, Malwarebytes, SuperAntiSpyware. It found some, cleaned them, but I still have the problem.I have attached the requested files. I would appreciate any suggestions... Read more

A:Infiltration Alert Virus Attack BankerFox.A

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 89.6

Hi -- this is my work computer that I have Admin permissions on .... and am VERY careful on what I do/dont do on it. But somehow I seem to be infected and can't get rid of it. First I get a popup - Security alert. Virus Alert. Application cant be started. The file dds.scr (previously it was userinit.exe) is damaged. Do you want to activate you antivirus software now? Yes and No buttons. The file name changes.

I get a popup in the bottom right. "Windows Security Alert". Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."

Behind the popup is another dialong "Antivirus Software Alert"
Infiltration Alert virus attack. Your computer is being attacked by an internet virus. It could be a password-stealing atack, a trojan - dropper or similar.
Details attack from 109.71.165.125, port 44166
Attacked port: 15207
Threat: BankerFox.A
Sometimes it is a different threat.

Then I get another popup window Antivirus Software alert Vulnerabilities found. This is a big red and white popup. Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommend that you disinfect your computer and activate realtime secure protection against future invasions. There are 2 buttons - Activate your antivirus software and Stay unprotected. Manwhile... Read more

A:Infiltration Alert Virus Attack BankerFox.A

found my answer here: http://answers.yahoo.com/question/index?qid=20100120065637AAISbIj

and then also here: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-protection

please close this thread.

Read other 1 answers
RELEVANCY SCORE 88.8

This started on Saturday. I receive a "Security Warning" message box in the center of the screen which states that the file rundll32.exe is infected, and asks me if I want to activate antivirus software now. I close this box and it keeps returning with different file names.I will also get a message box in the center of th screen that reads," ATTENTION ! SPYWARE ALERT Vulnerabilities found. Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate secure protection against future intrusions." There is then a link "Why do you need realtime spyware protection?" that does not work (I cannot connect to the internet at all.) Under that it reads, "Upgrade to full version of antivirus software to clean your computer and prevent new security and privacy attacks. You will be able to download daily updates and get online protection against Internet attacks." There are then two links, one which reads "Activate your antivirus software" (I've not clicked on this.), and one that reads "Stay Unprotected" (I click this and the box disappears for a while and then returns.)Also, in the lower right corner of the screen a box appears that reads "Antivirus software alert" "Infiltration alert" "Virus Attack" "Your computer is being attacked by an internet vir... Read more

A:"Scuriy Warning" "Antivirus software alert"

Got no response from here, but I am okay now. Paid someone to help.

Read other 2 answers
RELEVANCY SCORE 88.8

upon startup antispyware soft popsup and my computer becomes unresponsive (sluggish at best ) . Internet explorer just keeps popping up and going to aporn site . If i try to start a program i get a Security warning __Application cannot be executed . The file wmiadap.exe is infected. Do you want to activate your antivirus now? When I run malwarebyes anti malware in safe mode i get this Trojan.FakeAV Category: Registry Key Item: Hkey_CURRENTUSER\software\avsoftIt removes is succesfully but then when I restart I get the same old crap. Malwarebytes' Anti-Malware 1.44Database version: 3682Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187024/15/2010 11:58:02 AMmbam-log-2010-04-15 (11-58-02).txtScan type: Quick ScanObjects scanned: 122728Time elapsed: 4 minute(s), 20 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\Software\avsoft (Trojan.FakeAV) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Another note : I installed avast after i was infected . DDS (Ver_10-0... Read more

A:antispyware soft , antivirus software alert

I used rkill and then run malwarebytes , It succesfully deletes it . So it says ,, but when I restart the computer it comes back

Read other 14 answers
RELEVANCY SCORE 88.8

I would really like some assistance here...

My computer has been taken over with viruses, spyware, and etc.

I have unwelcomed alerts on the bottom-right side of my computer screen by "Antivirus Software Alert" that states if I'd like to block an attack YES or NO.

And everytime I try to open-up a program, it does not open and I get an alert that says, "Application cannot be executed. The file "_____.exe is infected. Do you want to activate your antivirus software now?"

A:Application cannot be executed/Antivirus software alert

Greetings DCasely and Welcome to the Forums,
Please read These Instructions...do as it instructs, then post back the requested logs. Thanks!

Read other 3 answers
RELEVANCY SCORE 88.8

Hi TechGuy experts! Thanks in advance for any assistance!

I'm having a rough time with a spyware/ransomware something that has complete control of my computer

Symptoms:
Most to all apps are killed immediately after launch including taskmanager and HiJackthis installer (thus no logs to post at this time). They are accompanied by pop up windows titled Security Warning, listing the executable, and asking if I want to activate antivirus software
Regular Antivirus software alerts, ATTENTION ! SPYWARE ALERT, asking to activate or stay unprotected.
Rollup alerts after infiltrations asking if I want to block the attack.
IE launch attempting to access www.adult.com and www.porno.com
All other attempts at accessing the web are halted with a fake warnings then redirect to viagra.com
Again, thank you all in advance for any help!
 

Read other answers
RELEVANCY SCORE 88.8

Hi there,
My computer started popping up messages yesterday from "Antivirus system pro" saying my computer was infected, and do I want to run antivirus software now? This is not my antivirus software, so I didn't click on the balloon. But pop ups kept going, and saying that there is an atack on Port 34320 by BankerFox.A. When I tried to run Malawarebytes, I got a pop up saying the application could not be exectuted because WUAUCLT.EXE was infected. I'm wondering if anyone can help--my computer is pretty sick. I'm writing from my husband's computer.

Thanks!
Katy

A:Anitvirus system pro alert--this is not my antivirus software

Welcome to BCRun this application and then immediately run MbamPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again=========================Also run thisWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may ... Read more

Read other 2 answers
RELEVANCY SCORE 88

Hello, I've recently been infected with "Antivirus software alert" and it's preventing me from opening any program and redirecting me from antivirus-related sites along with all the usual symptoms that occur from contracting a rogue security program. I'm having great difficulty with removing this type of malware, or even starting a removal process and will greatly appreciate any help with fixing my laptop. I'm running on Vista

Thanks!

Read other answers
RELEVANCY SCORE 87.2

My computer is infected by some type of virus and it is saying I have a windows security alert and is blocking me from running any type of scans etc. It is saying I am infected which is all a fake popups and antivirus spyware alerts etc. I did however get to run some logs before it blocked me. I was not able to run the Gmer report though as it started then got blocked and now it will not let me open and run this. I could not even open the logs on my desktop and had to email them to a different computer and open them there to paste them here.Here are the logs I was able to run. Help Please!!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt at 19:10:27.67 on Thu 04/22/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.337 [GMT -4:00]AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program... Read more

A:Infected with fake security virus/ Antivirus spyware alert

hi magoo4242,Your log is a few days old. If you still need help simply reply to my post.

Read other 3 answers
RELEVANCY SCORE 87.2

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 21:33:23.80 on Tue 07/07/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://newsletters.fool.com/04/index.aspx?source=imysltlnk750252
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5... Read more

A:IE hijacked with porn sites; antivirus system pro alert keeps popping up; windows security alert keeps popping up

Hello pdmuhalk,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 4 answers
RELEVANCY SCORE 86.8

i've run a few tools (like spybot) that don't seem to find anything wrong, but the "antivirus software alert" pop ups and the constant "cannot execute ***.exe because it's infected" messages persist. also after a few minutes a browser pops open to some generic porn sites. i disabled the proxy redirect in internet options and was able to surf the internet again, but need help getting the root problem off my computer.

here's my dds log:

DDS (Ver_10-11-27.01) - NTFSx86
Run by Owner at 13:51:01.75 on Mon 11/29/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.253 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 101129-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: StopSign Antivirus FREE TRIAL diagnostic version *On-access scanning disabled* (Outdated) {3E1D4556-3240-40c8-BBED-64A8690A3FB4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\... Read more

A:antivirus software alert - pop ups, no .exes allowed to run, proxy redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 86.4

Well recently for no apparent reason our computer got hit with a big virus bomb. One of them is the Sagipsul virus. I had some trouble with this one, constantly popping up new tabs leading to the Sagipsul website that would just be a blank page.

Before that popups for "YOUR COMPUTER IS INFECTED GET A FREE VIRUS SCAN RIGHT NOW", and "ANTIVIRUS XP 2009" I already realized these were rogue antivirus programs. One day while my sister was using the computer, these popups started to randomly show up while my sister was using firefox. Then it crashed Photoshop. After all the chaos, an icon called, "Gay Fetish Sex" had appeared out of nowhere.

So I did a Malwarebytes full system scan, it showed 27 infected objects, I prompted Malwarebytes to remove them, it said that it removed most of them but not all of them. It stopped the Sagipsul Virus and most of the popups that were popping up. Then everything was fine for a while when something popped up in the side of the taskbar. "Warning! Security report/ Your computer is infected! It is recommended to start spyware cleaner tool." Currently I'm trying to do a system restore, and when I try and open task manager it says that "Task Manager had been disabled by your administrator." What?

What is going on?
This is probably a rogue antivirus program.
A trojan fake-alert.
How do I get rid of it?

UPDATE: It looks like the virus just disabled my system restore.
 

Read other answers
RELEVANCY SCORE 86

I am getting a bunch of fake warning pop-ups and websites are popping up. I ran a norton scan and ad-aware and am still having the problem. I ran hijack this and here is the log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:26:46 PM, on 2/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYSC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Hewlett-Packa... Read more

A:Spyware Alert, Security Alert Pop-ups

Hello rocket152,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 84.4

These are some kind of Trojan ware that will not let me uninstall. Recomened by Download.com too!

How do I get them out of my HD?

Thanks
 

A:Spyware Doctor & System Alert Popup Won't Uninstall!!! Junk Software

I've moved you to a thread of your own so please reply here.

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 80.8

Sir...m deeply annoyed with the constantly appearing security sign. It just says.. that the computer is at the risk of Mailicious attack, backdoor Trojans.

I am new to all this.. please help me.. i've run a Hijackthis check and below is the log.. pl guide me to completely remove the malware from my System.. pl

Logfile of HijackThis v1.99.1
Scan saved at 12:57:34 AM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Venturi Client\Client\ventc.exe
C:\Program Files\Venturi Client\squid\squid.exe
C:\WINDOWS\system32\fxssvc.ex... Read more

A:Security Alert : Malware Threat

Read other 8 answers
RELEVANCY SCORE 80.8

I'm running Windows XP Professional SP2. While trying to download a program, I aquired some type of Trojan on my computer. I installed Comodo Firewall and ran a combination of AVG, Ad-Aware, and Spybot S&D and that has gotten rid of most of the problem. But I'm still getting pop up windows frequently when surfing the internet (mainly using Mozilla Firefox). The pop ups usually are related to whatever I'm looking at on the internet. Sometimes they take a while to load (10-20 seconds), locking up my computer until the pop-up window finishes loading (at which point I can close the window). But AVG is also giving me Threat Alerts saying that it's finding JS/Downloader.Agent. I move this to the Virus Vault, but then not too terribly long afterwards it will find the same thing again. It will pop up that Threat Alert anywhere from 2-5 times per day. Thanks in advance to anyone that can help me fix this problem.Here's my log file from Deckard's System Scanner:-- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-08 13:49:05 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jeremy & Cheryl.exe) -------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:54:43 AM, on 5/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode... Read more

A:Pop-ups And Js/downloader.agent Threat Alert

Hi,Please download the ComboFix from the links above and follow all instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:"If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!"Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyBe sure to re-enable your anti-virus and other security programs, after ComboFix finished.Note: Do not mouseclick combofix's window while... Read more

Read other 9 answers
RELEVANCY SCORE 80.8

i get this pop up balloon that says security alert:malware threat and ive tried mcafee/avg/adaware and nothing works!
any solutions?
 

A:security alert: malware threat!!!! help!

Hi and welcome to TSG,

Click here and then scroll down to and click on hijackthis self installer to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers