Over 1 million tech questions and answers.

Fake alert samples

Q: Fake alert samples

Hi Guys,Please help me how to get the fake alert samples.Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

RELEVANCY SCORE 200
Preferred Solution: Fake alert samples

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Fake alert samples

Bleeping Computer's main mission is to help people rid their computers of malware not infect them. For legal and liability purposes we do not endorse or permit the sharing of malware samples via the forums. There are plenty of 'in the wild' samples available by using unsafe browsing tactics.

By posting samples they may be taken and used for nefarious purposes. Which would defeat the main purpose of Bleeping Computer.

Read other 2 answers
RELEVANCY SCORE 60.4

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, af... Read more

A:Fake Alert, Ultimate windows security alert malware Help needed

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."So are you saying there is no one here willing to help me?

Read other 4 answers
RELEVANCY SCORE 58.4

Hi, hope you can help. I have been getting a fake AVG alert. It shows the AVG symbol with the words "Resident Shield Alert" Threat detected! File name: C:\Users\Andrew\AppData\Roaming\Microsoft Threat name: tojan horse Cryptic.BSB

I have run Spy Bot, AVG, Norton Security scan, and Windows Security, none of which have shown any problems with my computer.

I am not able to get on the internet at all because it had been hijacked by this virus and I have had to use another computer to download the scan programs you asked for and save to a disc, then put it on the infected computer and then transfer the scan result back to the uninfected computer in the same manor. Quite annoying and time consuming. When I tried to do the GMER scan, my computer automatically shut down and would not allow me to do it. Here are the results for the DDS scans...

A:Resident Shield Alert (fake AVG alert)

Hi, it's been five days, and I haven't heard anything from you guys yet. I know you are very busy, I am only writing this to ask you not to close my question. I am still very much needing your help. Thanks!===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with ... Read more

Read other 3 answers
RELEVANCY SCORE 56.8

I cannot connect to the internet with this virus so I couldn't download hijackthis or do any of the other steps suggested in the stickies. However my problem sounds alot like this thread I found on the site

http://www.techsupportforum.com/secu...se-advise.html

I'm also missing my C: and D: drives, am told task manager has been disabled by my sys admin when I press CTRL-ALT-DEL and have the programs error cleaner, privacy protector, Spyware&...protection on my desktop, as well as fake pop-ups claiming to be system errors and offering to fix the problem.

I ran AVG and quaratined/deleted the files it found but everything I mentioned above is still going on. Any help would be greatly appreciated, Thanks

ok, i followed the instructions on the combofix website (+ windows recovery console) and here are my results (note: most of the problem is gone, however I'm sure there are still some lingering malware files.

ComboFix 08-09-11.02 - Benjamin Cohen 2008-09-12 17:26:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -4:00]
Running from: C:\Documents and Settings\Benjamin Cohen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Benjamin Cohen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Benjamin Cohen\Application Data\STEM3... Read more

A:Toolbar reads "VIRUS ALERT!", fake system alerts, fake AV programs on desktop

its been long enough I can bump right?

Read other 5 answers
RELEVANCY SCORE 52

Hello!I need some help managing my internet security. I think I may have downloaded some kind of Trojan of some sort. I keep getting pop-ups that interruptme from my work.It usually sends me to this site, that tells me I have a computer problem. The website says I shoulddownload an antivirus, but of course it's fake.hxxp://pcspeedmaximizer.s3.amazonaws.com/index.htmlSometimes, it redirects me to google and few random sites.Please Help me thank you! I will check daily for any responses.

A:Fake Alert Pop-Ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 2 answers
RELEVANCY SCORE 52

Hello

I recently fell for a fake alert that set off warnings from Avira, and noticed shortly after that internet searches were being redirected. Tried dealing with it on my own but am not sure I have had any success and in fact have made things worse. The computer is now very slow in general and takes longer to boot.

In the past Ive dealt with things of this sort and seemed to have worked through it. Have added an external drive in the last while and this may have added an element that has put me out of my league.

Could someone please spare some time, pretty sure I'm not going to get this solved without help.

Thank you
Cliff

A:Fake alert

Hello,Now that you have posted a topic here: http://www.bleepingcomputer.com/forums/topic359266.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.Please be patient. It may take several days to get a response but your log wi... Read more

Read other 1 answers
RELEVANCY SCORE 52

Hi there

I would really like your help with my issue.

A few days ago I started to get multiple alerts through AVG (free version) of a Fake Alert virus that was coming in through emails.

I've attached a jpg of the AVG Virus Vault so that you can see what's in it.

I ran a full scan and there was something like over 300 instances of Fake Alert and a few other viruses - Win/Heri, Woem/Agobot.IIV and Trojan horse Generic 24.WMQ.

All were healed and deleted.

As soon as I opened my email program (Chaos) the alerts were back.

They don't seem to come into my inbox - they seem to go direct to AVG vault. However, this is exactly what was happeneing before.

What makes it worse is that my partner is also using the same network and he is also getting the same problem. He also ran AVG and it found many Fake Alerts and a few other trojans that were deleted.

I have attached the "attach" file and copied the other files below.

I am running 64bit version, so didn't do the other.

Your help would be greatly appreciated.

Sys Info
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II P920 Quad-Core Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 4
RAM: 4090 Mb
Graphics Card: ATI Mobility Radeon HD 5650 , 1024 Mb
Hard Drives: C: Total - 463607 MB, Free - 386208 MB;
Motherboard: TOSHIBA, Portable PC, Base Board Version, None
Antivirus: Lavasoft Ad... Read more

A:Fake Alert

Hi

I have found more info that may help solve the issue.

The emails do seem to be coming in, even they don't show in my email program (Chaos). I watched the folder "My Documents>Chaos>Mail>Inbox as the mail was coming in and there were files being added (which weren't showing in my email program). As soon as the "retrieve email" had finished, all of the files in the "Inbox" mentioned above started to disappear.

I had a look in the AVG vault, and there they were.

Maybe this is some sort of a really FAKE virus. IF so, that's great, but I still need to get rid of this happening every time I check emails.

I usually just leave Chaos running in the background, but I have to close it now because itconstantly adds more "emails".

Hope this additional information helps solve my issue.

Cheers

Diamond
 

Read other 1 answers
RELEVANCY SCORE 52

I have a pc that got infected and ran malwarebytes, spybot s&d and lastly combo fix and i think it is all clean, however even after running unhide on it all the links in the start menu, all programs are still not there. all the folders came back, but nothing is in them?

any ideas?

Read other answers
RELEVANCY SCORE 52

I'm not sure I'm posting on the right board as I'm new to this but here goes.

I?m Running a fully patched Windows XP Pro on a Toshiba laptop, with fully up-dated Panda Anti-Virus Pro and Malwarebytes. I've started getting Panda pop-up alerts of a virus, variously identified as W32/cosmu.L, Trj/Ramnit.A and Trj/Starter.G and that it has been neutralised and the file disinfected. This happens at approx 1 minute intervals and the file and the virus is different each time. A full scan, after disabling system restore, with the latest Panda Anti-Virus Pro 2012 reveals 14 infected files, says is has deleted them but it hasn?t.

Malwarebytes finds the trojan fakealert.H. at C:\Docs and settings\username\local settings\application data\rigphigg\aoxcvwou.exe and HKEY_CURRENT_USER_SOFTWARE\microsoft\windows\current version\run\aoxcvwou.
It reports that it has been removed and the registry values will be deleted on re-boot, but no deletion takes place and the problem remains. Malwarebytes support says it can fully remove fake alert - but it would seem it can't.

Trojan Remover 6.8.2 says there is a suspect hidden entry with rootkit characteritics at HKLM\software\microsoft\windowsNT\current version\winlogon\userinit.

And the file
Docs and settings\username\local settings\application data\rigphigg\aoxcvou.exe.

It says it will delete them on a re-start but ... Read more

A:Fake Alert H

I'm afraid I have very bad news. Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus names VirusTotal Threat aliases for W32/Ramnit <- Win32.Ramnit!IK, W32.Ramnit!inf, Win32.Rmnet VirScan Threat aliases for W32/Ramnit <- Win32/Zbot, PWS.Panda.387, PE_RAMNIT, Trojan/Generic.arhm McAfee Threat aliases for W32/Ramnit - link 1 <- Trojan.Generic.KD, Win32/Zbot, W32/Cosmu McAfee Threat aliases for W32/Ramnit - link 2 <- SHeur3.AQRA, W32/Patched-I, Win32.Nimn... Read more

Read other 1 answers
RELEVANCY SCORE 52

Scanned and cleaned infected PC with UBCD4Win running Spybot SD, SuperAntiSpyware, MalwareBytes and finally booted to Windows safe mode with network support and ran Trend Micro House Call.Some of the items detected and removed:DNSFlushFraudSecurityMasterAVWin32.AgentWin32.delfWin32.FakeAlertZlob.VcodecAntiMalwareDoctorSecurityMasterAVRogue.Agent/Gen-Nullo(DLL)Symptoms persisted such as access denied when saving/closing msconfig to start in limited diagnostic mode.Internet Explorer would allow access to Google and Microsoft sites, but not the Windows Updates site. Internet Explorer would state cannot connect... When attempting to make changes with msconfig, the error stated something like your administrator has placed policies that prohibit or something like that. Also early on I noticed Internet Explorer redirects or hijacks. That was one of the first symptoms experienced along with fake alerts and security warnings. After cleaning with the tools mentioned, one of the scans (possibly house call) stated the hosts file could not be accessed or access denied. Attempted manual access and edit, access denied. Also note I created a new admin account just to complete these scans to get around any possible issues with the existing accounts. Didn't really help. Back to the hosts file, booted back up with UBCD4Win, edited the hosts file which contained a number of malicious site references. Deleted and copied a good host file from a known working PC same OS.Next Step was ... Read more

A:Fake Alert and others

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 19 answers
RELEVANCY SCORE 52

My computer is infected with the "fake B alert" thingy....My macafee virus scan detects it on my computer, but for some reason I can't delete it!! Symptons: When my computer is on, it shows a flashing (handicapped) icon and then tells me that my computer may be affected....and tells me to buy the program "quake" to clean my computer....Please, anyone tell me how to delete this trojan..( i believe it's a trojan, not sure)
 

A:Fake B alert

Read other 7 answers
RELEVANCY SCORE 52

Good morning,

Yesterday I received a security alert from MSE. Unfortunately I ended up downloading something named Antispy Safeguard. It claims to be the world's leading security solution. And now it has taken over my startup. It also stops me from loading Microsoft Explorer until I download its' heuristics module. In order for me to continue the Antispy program is trying to extort $70 for a year's support. I have found no way around this devil. Can you assist?

A:Fake MSE-alert

hi !

that security alert was NOT from MSE !

it sound like a false antivirus (rogue) that pretends to be MSE.
there are som nasty rogues nowadays.

i suggest you create a NEW thread, and ask for support.
a tip: as subject write "Fake MSE-alert" or similar so you get attention....

Read other 9 answers
RELEVANCY SCORE 52

Hi,
I just got infected with some kind of Fake Alert virus/trojan.
Question 1. Can it infect other machines on the same router?
Question 2. Can it delete documents/folders?
Question 3. How do I get rid of it?
Question 4. Why did AVG8 (updated each day) not see it?
thanks
Nick
 

Read other answers
RELEVANCY SCORE 52

My computer has been infected by FakeAlertB and McAfee seems unable to do anything.

I would much appreciate some help.....

Best regards

Simon

A:Fake-Alert-B

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Opt... Read more

Read other 1 answers
RELEVANCY SCORE 52

I have a windows xp operating system and mcafee security tells me i am protected but i get a lot of pop ups and I can't change my background screen. At the begining mcafee told that it removed Fake Alert-s.dll many time but it didn't.

Could someone please tell me how to get this off my computer, in simple steps, as i am not so bright with computers. Thanks

A:Can't get rid of Fake Alert-S.dll

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 52

I did some reading and i guess this is a real threat I found "fake alert" in my virus vault this morning, and as soon as I signed on and opened myspace, I got another pop up for the same thing. Any recomendations? Im running windows XP home with AVG antivirus.

A:fake alert?

Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will s... Read more

Read other 1 answers
RELEVANCY SCORE 52

I could not do the dds scan because my computer wouldn't let me. But i got the GMER done and attached.

It keeps downloading Personal Gaurd 2009 without me telling it to do so. I can not change my background and this red circle with a X in it (located beside my clock in the bottom right corner) keeps telling me "Click here to protect your computer from spyware, Windows will now install the most up to date antispyware protecton for you"

Any information on how to get this off my computer would be greatly appreciated.

A:Can't get rid of Fake Alert-S.dll

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Try renaming dds to 123.com or 123.scr or 123.cmd

If that didn't work, see if RSIT will run: Download RSIT by random/random and Save it to your Desktop.
Double-click RSIT.exe to run the tool.
Click Continue at the disclaimer screen.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please copy/paste the contents of log.txt in your next reply.
Please attach info.txt to your reply.
To attach a file to a reply, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\rsit\info.txt
Click Upload
------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 52

Hi folks being a newbie, no doubt I will be advised what I may have done incorrectly - constructive advice always welcome.

Windows 7 HP 64 on bog-standard Dell Inspiron 400 micro, 4gn RAM AMD X2 3250e with Avast antivirus (brand new system).

Getting Fake alert scam ? Avast didn?t pick it up, malwarebytes picked up a link but not the files, Sophos picked up nothing.

Thought I was stuck as Combofix doesn?t work on 64 bit machines ? but a little legwork based on the clue given by malwarebytes led me to the file 823306.exe ? Virus total 9 antivirus systems recognise but none of the big boys!!

Guess that with the increased popularity of 64 bit machines that the low life are turning their attention to these!

A:Win 7 64 fake alert new?

Rob,
I'm in the same ballpark with you. One of our faculty has a Dell with Windows 7 x64 that picked up Smart Advisor(?) plus another one of it's friends. One positive thing I did find is that these jokers don't seem to be able to turn off Task Manager in x64 like they do when you get them in Windows XP 32bit. So you can swat them while you search for the files. But I'm still try to restore the Internet connection - and nothing in HiJackThis looks like a culprit. We use McAfee 8.7 commercial edition on campus and they sailed right by. So anyone with thoughts out there, I'd like to hear them too. And if I find stuff, I'll let you all know. And an x64 version of Combo Fix would be real nice to have just about now... Thanks!

Read other 1 answers
RELEVANCY SCORE 51.6

I've been trying to get rid of this stupid virus all day. I have run AVG, Malwarebytes Anti-Malware, Spybot, ATF-Cleaner, and SUPERAntiSpyware and the thing STILL pops up.

ATF-Cleaner got rid of this thing on the corner notification area, but I still get a few windows popups and Internet Explorer going to either a site with a antispyware ad or a 404 page. It's quite annoying.

Any help?

Here's the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:14 AM, on 2/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\MouseWare\system\... Read more

A:Fake Alert Trojan!! Help!

Apparently, once again, I spoke too soon. I have the warning popup in the corner constantly telling me that "Warning! You have a Security problem!" And if I click on it it tries to go to spyware remover 2009 plus and stablility trace online. AVG keeps on telling me that I have the FakeAlert virus, and every time I try to move to the vault, it keeps on coming back. Help!
 

Read other 2 answers
RELEVANCY SCORE 51.6

I was recently infected with spyware and was able to fix the problems i was having. However I had downloaded spware programas that turned out to be some sort of malware i guess. Now i am getting this fake system alert that tells me i've been infected and that i need to download antispyware. I ran both norton and also windows defender and both programs did not find any spyware or other malicious programs. I keep on getting this system alert which is annoying. It appears as a red/blue blinking shield in the system's tray. Whenever IE is launched the homepage is redirected to a different page that claims to be a safe page which tells me to dowbload antispyware programs. I know this is not so and i need help fixing the problem.

A:Fake System Alert

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

Hey, I'm not sure where to post this so...I've been getting some fake alert messages and can't seem to get rid of it. I've ran anti-virus programs that aren't working. What should I do next to remove this problem?I'm using a Microsoft Windows XP - Media Center Edition Version 2002 Service Pack 2 Some of the messages I see are as follows:Any help would be wonderful

A:Fake Alert Messages

Hello and welcome please run these next. If you have Spybot installed temporarily disable it. (I'll be back in the morning)Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start a... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

I removed Fake.Alert via Ad-Aware and since then this computer cannot connect to the internet. I'd appreciate any help anyone can offer!

Thanks!


DDS (Ver_09-09-29.01) - NTFSx86
Run by John at 11:45:56.32 on Fri 09/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1165 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\M... Read more

A:Fake.Alert Removal

Welcome to TSF :)

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


===========================================

Download OTL.exe to your desktop.
Double-Click on OTL to run it.
When the window appears, underneath Output at the top change it to Standard Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CR... Read more

Read other 19 answers
RELEVANCY SCORE 51.6

I recently downloaded (or at least try to download) Minesweeper, and that apparently downloaded Web Discover, which ended up in scareware. I am slightly worried about the health of my computer, and any help would be appreciated.
 

A:Help Removing Fake Alert

Hello,
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Read other 1 answers
RELEVANCY SCORE 51.6

I'm new to fixing my pc issues, so please help if you can! I keep getting these pop ups with the fake windows screen. I have McAfee and SpyBot Search & Destroy, but when I run a scan it keeps showing that there isn't any virus or malware. I did run Hijack this, and the log is below. Currently backing up my pc, just in case something gets lost too. Thanks in advance, MidwestStartupList report, 10/9/2009, 9:56:54 AMStartupList version: 1.52.2Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXEDetected: Windows Vista SP1 (WinNT 6.00.1905)Detected: Internet Explorer v7.00 (7.00.6001.18294)* Using default options==================================================Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\RtHDVCpl.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\pp12.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\System32\mobsync.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.e... Read more

A:Fake Alert Virus

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 4 answers
RELEVANCY SCORE 51.6

Hi guys. My computer is infected with a rogue antispyware infection. I have run AdAware, Spybot, and SmitFraudFix. The problems associated with the original infection have mostly been solved(Incessant pop-up windows, etc.) However, the one remaining problem is a notification in my toolbar declaring "Tracking Process Activated. ***ADDRESS:0x17DA839A *** Cannot deactivate spyware program. Click this balloon to fix this problem."Here is a copy of my HijackThis log:Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:&... Read more

A:'fake Alert'/zlob

Please visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

Read other 12 answers
RELEVANCY SCORE 51.6

Hi guys. i keep receiving this fake pop up alert. Here is the image to be more specific. When i was about to post a introduction in this forums I received the pop up again. i noticed it mostly happens on forums. Here is the image to be more specific. - The window+Message + Inside site.I am not sure when i received this message the first time. It was about a week before i think. I knew exe files were not safe to download. Something about the wordings kept me away from it. However i was getting really annoyed by this, and i thought it might be the site or some sort. When i was browsing a different forum,it came up again i accidently hit allow instead of dont allow, and then all was a horrible nightmare. It downloaded setup.exe and automatically activated a fake virus protector antivirus, asking me to register to protect my system. I knew this was a fake, and i immediatly started scanning with malaware bytes- Anti malaware. It detected some items and asked for a reboot and i did. When i logged back in normal mode, the virus was not gone. Instead it covered up the whole desktop with the program running. I couldnt run task manager or anything. I restarted in safe mode with networking and tht didnt do the trick either. The virus protector covered my whole screen. I couldnt even get access to the desktop. Then i logged in my laptop trying to find a way to get rid of this. I found somewhere to restart in safe mode with cmd. In the site it said to type this on the notepad[Version]... Read more

A:Redirecting, Fake pop Alert,

I have the same pop up. NO clue what is going on and nothing seems to be working for me. Good luck!

Read other 16 answers
RELEVANCY SCORE 51.6

I checked the quarantined files on McAfee and noticed that it had two files called Fake-Alert-Rena, which I recognize as being the file names of one of the infinite rogue anti-malware infections. I deleted them immediately but I want to make sure my computer is clean. Guidance would be much appreciated! Thanks!

A:Fake-Alert-Rena

Hello,lets do these next then..Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Upda... Read more

Read other 10 answers
RELEVANCY SCORE 51.6

Any help would be greatly appreciated it. Mcafee keeps alerting me of malware detections. I have been receiving a lot of fake alerts to install spyware protection. I have run full scans of Superantispyware, Malwarebytes as well as combofix. Here is my combofix log and thanks in advance!ComboFix 10-05-31.03 - tpadmin 06/01/2010 10:11:06.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2599 [GMT -5:00]Running from: c:\documents and settings\tpadmin\Desktop\ComboFix.exeAV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C} * Created a new restore point * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).Infected copy of c:\windows\system32\drivers\ws2ifsl.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_PRAGMAcpxpbvfulb-------\Service_PRAGMAcpxpbvfulb((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 ))))))))))))))))))))))))))))))).2010-06-01 14:56 . 2010-06-01 14:57 -------- d-----w- c:\documents and settings\tpadmin\Application Data\U32010-05-26 18:44 . 2010-05-26 18:44 0 ----a-w- c:\windows\nsreg.dat2010-05-26 18:06 . 2010-05-26 18:06 -------- d-----w- c:\doc... Read more

A:Fake Alert/Generic please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Hi I have this virus, accoridng to my Bit defender softeware (trial version) . Do I need to do anything to get rid of it will Bit defender be enough? I tried Trevd micro inline scanner but it wouldn't load ..every time I clicked next the web page disappeared!
Jules
 

A:Trojan fake alert DT help!

Read other 7 answers
RELEVANCY SCORE 51.6

i just got rid of fake alert but not sure if i've done it got done right. using Zone Alarm Security Suit. it did find some trojans and spyware but still not right. really slow log into windows (XP) (desktop background appears and then sticks with no taskbar, start menu or iconsfor about half an hour till it actually works)everything is generally slow and i am still getting pop-ups. here is my HJT log. hope someone can help. cheers
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:34:46, on 02/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonito... Read more

A:30 min OS log on (previously had fake alert)

Welcome to TSG

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt in your next reply.

===============================... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Hello Folks. I have made a very bad mistake when my curiosity got the better of me and now I cannot rid myself of this pest. Wiil you please Help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:52 AM, on 4/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\BTModemProtection.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\userload.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\... Read more

A:trojan fake alert.

Hello There. I know that many people are seeking your help but now short cuts are not responding and when they do it takes a long time for them to initiate. I have purchased PC doctor and tried spyware terminator in an attempt to resolve this problem even the icons on the desktop disappeared and I had to switch off at the mains and reboot and finally firefox does not respond.
 

Read other 3 answers
RELEVANCY SCORE 51.6

Hey guys, I am infected with the virusburst fake alert. I have tried running my virus scans and all my spyware and ad aware programs and I just can't seem to get rid of all the traces. Here is a copy of my HJT log. Any help will be appreciated.Logfile of HijackThis v1.99.1Scan saved at 3:23:50 AM, on 12/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exec:\Toshiba\IVP\swupdate\swupdtmr.exeC:\Program Files\TOSHIBA\TOSHIBA Applet&... Read more

A:Virusburst Fake Alert

Hey MobysFanSmitFraudFix:Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 6 answers
RELEVANCY SCORE 51.6

Avast is telling that I am infected by Fake Alert when I open Mozilla firefox for the first time. Firefox is unstable and I have problem managing Windows Xp background desktop.

Thanks in advance for the help!

Here is the Hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 15:06:05, on 2007-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric Demers\Desktop\antivirus\hij... Read more

A:Solved: Fake Alert please help!

Read other 16 answers
RELEVANCY SCORE 51.6

I've seen plenty of posts for "virus alert" viruses, but I want to make sure to take the right steps to remove. I'm getting the pop-ups telling me "taskeng.exe" is damaged and fake Windows Security Alert pop-ups. It references different "threats" like BankerFox.A, and seems to disable SpyBot. Can someone walk me through the removal process?

System details:
Windows Vista Home Premium (SP2)
Acer Aspire X1200
Athlon 64 Dual Core
64-bit OS

I have Hijack This, SpyBot, Avast installed. Avast identifies it but can't remove it, SpyBot won't run because of it. Avast identifies it as HTML:FakeWarn-A. Thanks in advance for any help!
 

Read other answers
RELEVANCY SCORE 51.6

I was on a site this morning when Avast alerted me that I had encountered a virus. (It's really annoying with the sirens and alarms, but it did get my attention!) It told me not to panic, so I didn't. I simply did what it recommended and clicked on 'move to virus chest" thinking it would solve the problem. I then closed down my connection, unplugged my power source and internet cable, then opened avast.

From there, I'm not sure what happened, but it certainly didn't get rid of the problem. Long story short, I've spent the better part of the day running malwarebytes (which did detect 16 or more infected files labeled "trojan.fakealert) then deleting them. That didn't fix the problem, so since then I have updated avast and run it at least twice -- it detected nothing. I've run spyhunter twice -- the first time it deleted several files, one of which was a "trojan.fakealert, the second time it detected nothing. i've run trendmicro housecall and it deleted a file called "sinowal". I've tried to download and run pandasecurity, but it gives me an error message. I'm currently in safe mode, having deleted all temp files, cookies, etc. and turning off system restore. From there I've tried scanning using the microsoft OSC (i think that's what it's called?) It gets to 25% of the scan, detecting at least 6 infections, 2 issues each time, then closes down (this has happened three times -- I've given up.) I've run bitdefender and it tells me all i... Read more

A:Help! Trojan Fake Alert?

Hello swellsie Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please perform the following:Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gme... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

My second computer has several recurring viruses that Trend Micro could not get rid of. This is an older dell computer running windows xp. Member Boopme helped with me with issues on my other computer and I have followed his recommendations on this computer as well. (refer to previous thread http://www.bleepingcomputer.com/forums/t/181542/cryp-fakeav-wont-go-away/ )I ran the atf cleaner, then Super Antispyware in safe mode and finally rebooted and ran a quick scan with Malwarebyte's Antimalware.SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 11/24/2008 at 11:27 PMApplication Version : 4.22.1014Core Rules Database Version : 3649Trace Rules Database Version: 1632Scan type : Complete ScanTotal Scan Time : 05:45:17Memory items scanned : 186Memory threats detected : 0Registry items scanned : 7069Registry threats detected : 8File items scanned : 181539File threats detected : 10Trojan.FakeAlert-IEBT HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKLM\Software... Read more

A:Fake alert, zlob & others

Hello again, well again the ones left is system restore we will get at the end as we would like to at least have an infected restore than none.How is this PC running now.Lets also run a Siri's Smitfraudfix scan. This is an excellent Zlob killer.Please post the scan report. The report can be found at the root of the system drive, usually at C:\rapport.txt.SmitFraudFix

Read other 18 answers
RELEVANCY SCORE 51.6

From your forums I can see that I'm not the only one infected with the fake Windows Security Alert pop-up. I have run AVG scan, SpyBot S&D, SuperAntiSpy, and MBAM. Each time, the pop-up reappears. My web page is sabatoged also. This is more than just annoying for me because I run some rather involved programs and each time the pop-up appears (about every 10 min.) my program minimizes and takes 1 to 3 minutes to reboot. Can you :crazy:please help me?

A:Another Fake "Security Alert" Bug

Hi,

i know how u feel, I have just been hit with this and I am getting annoying virus alert pop ups that take an age to get rid off.

My windows Defender identifies them and deletes but as soon as I re-boot there back.

If you solve your problem please contact me and hopefully you can tell me what to do and vice versa if I solve mine I will drop you a line, but what a pain

Read other 2 answers
RELEVANCY SCORE 51.6

Hi there,

Running Vista home premium.

AVG free picked up and quarantined the fake alert infection. I was unable to delete it from the the vault so I ran malwarebytes and that deleted it. I ran another AVG scan and windows defender and nothing else was picked up. I then ran AVG, defender and malwarebytes from safemode with explorer options set to view hidden files etc and again nothing found.

Can I be certain that the PC is clean now? I'm getting no windows popping up and it seems to be running normally.

Thanks in advance.

A:Fake alert virus

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here so we can double-check

Read other 6 answers
RELEVANCY SCORE 51.6

I have just been getting a pop up fake firewall security alert window that says I have the win32.Brontok virus. I also noticed that at the same time my Windows Live One Care virus protection comes up with an alert that I have the win32/Afrootix.gen!B virus and when I click clean all, it cleans it, but everytime I boot it returns. I have run hijack this and here is the log. Thank you in advance for your help
Les.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:48 PM, on 5/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mi... Read more

Read other answers
RELEVANCY SCORE 51.6

I've tried searching around using google for quite a while and tried using a few fixes, but haven't found any that work. I use Win XP Pro SP3 and I downloaded a file that was about 4.2 MB in size which I thought was something else. as soon as I ran the .exe for what I thought I was getting, a fake virus alert came up claiming to be called Vista AntiVirus said my system was infected. it replaced my desktop background with a red wall paper with a quarantine symbol on it. it also removed admin rights.

I was able to trick it into allowing me to run Lavasoft's Ad-Aware 2008 which I already had installed. it removed the pop up of Vista AV that was slowing my machine down a lot, but couldn't remove a few items which keep coming up.

here's my HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14: VIRUS ALERT!, on 8/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.co... Read more

A:fake virus alert

also, I tried making a limited account to try to fix some things with it but when I make it then log off, the new account doesn't show up, but when I go to remake it, it says the name is already taken.

so for the moment, I only have access to an administrator account.

Read other 3 answers
RELEVANCY SCORE 51.6

I am having a Trojan-induced problem that I have not been able to work around yet. This machine has been infected in the past, but with help from this forum, has run for a few months with no problem. Since my last problem, I deleted McAfee and keep Free AVG running. This infection got past AVG. I also run MBAM every few days. O.S. is XP Pro and i use IE8.Currently, I am able to boot up normally under my personal User profile, send and receive email and AIM chat. I can't connect to the internet otherwise. If I boot normally under my Administrator profile, I can get to the internet.After discovering the intial infection, I was able to boot in Safe Mode. I was able to run ATF Cleaner and MBAM. I then booted in Normal mode, Administrator, and update/ran MBAM. It found and deleted 2 instances of Trojan Fake Alert. I also updated/ran Dr. Web Cure-It, which found nothing. I then booted in normal mode under my personal profile, ran MBAM and found and deleted Fake Alert. Subsequent scans have found nothing, including Sophos. I am still unable to connect to the 'net from my profile.I'd really appreciate any help with this problem. Thanks!I ran HJT. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:36, on 12/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\sy... Read more

A:Trojan Fake Alert

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

I was previously infected with a malware and I did several full scans using NOD32, MBAM and Superantispyware. Currently the said programs do not anymore detect any infections but my problem now is that I cannot open the drive C: a bar would open indicating which program should open the drive C:. Here's the latest hijackthis log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:31:48 PM, on 8/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20583)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.... Read more

A:Fake Alert Trojan

here's a log file of the DDSDDS (Ver_09-07-30.01) - NTFSx86 Run by Ryan at 22:46:27.54 on Thu 08/17/2006Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1215.746 [GMT -7:00]AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\HP\Digital Imaging... Read more

Read other 6 answers
RELEVANCY SCORE 51.6

Hi all,

So yesterday, I went to craigslist.com (or at least I thought I did), and that apparently downloaded some virus. In the bottom right corner of my screen, I would get a message along the lines of "unauthorized person has access to system, please click here to install anti-virus." I knew it was a fake so I looked it up on the internet, and people had suggested using the McAfee Stinger, and then the MalwareBytes program to remove what appeared to be the fake alert issue. I scanned with stinger once, and it appeared to come back, so I thought I would get a step ahead of it by removing the hard drive from the computer, attaching it through usb to another computer, and have the second computer scan through the hard drive with the problem. Again, I ran the McAfee stinger, and the MalwareBytes programs. Stinger first revealed two issues that were deleted, and then MalwareBytes revealed 14 issues (a couple of which were on the computer using to scan the problematic hard drive). After deleting those viruses, I put the problematic hard drive back into its original computer, and now it is saying that the System Config file is missing or corrupt..

I downloaded Hijack this, but it won't let me scan a secondary hard drive, it is only scanning the primary hard drive (so I can't attach the hard drive to another computer and have it scanned). I tried putting in the XP System Restore disk, and it said it had to stop and that I should remove the hard drive to check ... Read more

Read other answers
RELEVANCY SCORE 51.6

what is trojan fake alert 5?
My Bitdefender internet security 2010 is CRAZY and start delete everything.
always shows the mesage trojan fake alert 5.
Help please!

A:trojan fake alert 5?

download and scan with...
1.mbam Malwarebytes' Anti-Malware : Malwarebytes
2.sas SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

and this is a specific tool from mcafee
McAfee Labs Stinger

McAfee Threat Center






Quote:
A new Stinger has been developed to specifically target "FakeAlert" threats being seen in the wild. This version of Stinger Detects and removes the following "FakeAlert" Variants


hope this helps

Read other 9 answers
RELEVANCY SCORE 51.6

Hello,

My computer(I have xp home edition) is contaminated by FakeAllert Trojan. In order to remove it I followed the guidelines in AVG Free Forum. I turned off system restore then run AVG 8. It found 19 threats and wanted to restart the system. I accepted. But it didn't restart automatically. So I did it manually. Everythig was normal until I got to the page of user accounts. But then when I clicked on my user name it wanted to open my desktop and then instead of logging in it logged off immediately and came back to the page of user accounts. I tried other accounts and under safe modes too. Still I cannot access to my desktop.

Do you have any idea what is going on?

I need one file desperately, the rest was already backed up. So any solution that will help me to get that file will be extremely appreciated.

Thanks and happy thanksgiving

Emin
 

Read other answers
RELEVANCY SCORE 51.6

In short: I'm being pulled out of everything I do by a fake windows security message that freezes my mouse for about 10-15 seconds and makes my computer beeeeeep for the same time amount. It Reads, and this is Verbatim, bad spelling and syntax included,
! Your computer is low on memory!
It can happend because this computer is infected by viruses! Save your files and press "Close Programs" button. you must install any antivirus software and check this computer!

|Close Programs| | Cancel |

The bad syntax is kind of what tipped me off. More as follows, but may not be necessary.

In long: I've been having malware problems lately, notably the Winiguard fake virus removal program. Anyway, I installed, one at a time, 4 different anti-malware programs, including windows defender, Norton 360, Malware bytes, AVG (my main virus protector), as well as Spybot Search and Destroy. I Think I've nailed 99.9 percent of my problems. I haven't seen the Winiguard pop-up since yesterday, (although i am not entirely convinced its gone.) Here is my Hijack This report.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:09 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.e... Read more

A:Fake sercurity alert

Read other 7 answers