Over 1 million tech questions and answers.

Fake alert samples

Q: Fake alert samples

Hi Guys,Please help me how to get the fake alert samples.Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

RELEVANCY SCORE 200
Preferred Solution: Fake alert samples

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Fake alert samples

Bleeping Computer's main mission is to help people rid their computers of malware not infect them. For legal and liability purposes we do not endorse or permit the sharing of malware samples via the forums. There are plenty of 'in the wild' samples available by using unsafe browsing tactics.

By posting samples they may be taken and used for nefarious purposes. Which would defeat the main purpose of Bleeping Computer.

Read other 2 answers
RELEVANCY SCORE 60.4

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, af... Read more

A:Fake Alert, Ultimate windows security alert malware Help needed

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."So are you saying there is no one here willing to help me?

Read other 4 answers
RELEVANCY SCORE 58.4

Hi, hope you can help. I have been getting a fake AVG alert. It shows the AVG symbol with the words "Resident Shield Alert" Threat detected! File name: C:\Users\Andrew\AppData\Roaming\Microsoft Threat name: tojan horse Cryptic.BSB

I have run Spy Bot, AVG, Norton Security scan, and Windows Security, none of which have shown any problems with my computer.

I am not able to get on the internet at all because it had been hijacked by this virus and I have had to use another computer to download the scan programs you asked for and save to a disc, then put it on the infected computer and then transfer the scan result back to the uninfected computer in the same manor. Quite annoying and time consuming. When I tried to do the GMER scan, my computer automatically shut down and would not allow me to do it. Here are the results for the DDS scans...

A:Resident Shield Alert (fake AVG alert)

Hi, it's been five days, and I haven't heard anything from you guys yet. I know you are very busy, I am only writing this to ask you not to close my question. I am still very much needing your help. Thanks!===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with ... Read more

Read other 3 answers
RELEVANCY SCORE 56.8

I cannot connect to the internet with this virus so I couldn't download hijackthis or do any of the other steps suggested in the stickies. However my problem sounds alot like this thread I found on the site

http://www.techsupportforum.com/secu...se-advise.html

I'm also missing my C: and D: drives, am told task manager has been disabled by my sys admin when I press CTRL-ALT-DEL and have the programs error cleaner, privacy protector, Spyware&...protection on my desktop, as well as fake pop-ups claiming to be system errors and offering to fix the problem.

I ran AVG and quaratined/deleted the files it found but everything I mentioned above is still going on. Any help would be greatly appreciated, Thanks

ok, i followed the instructions on the combofix website (+ windows recovery console) and here are my results (note: most of the problem is gone, however I'm sure there are still some lingering malware files.

ComboFix 08-09-11.02 - Benjamin Cohen 2008-09-12 17:26:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -4:00]
Running from: C:\Documents and Settings\Benjamin Cohen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Benjamin Cohen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Benjamin Cohen\Application Data\STEM3... Read more

A:Toolbar reads "VIRUS ALERT!", fake system alerts, fake AV programs on desktop

its been long enough I can bump right?

Read other 5 answers
RELEVANCY SCORE 52

My computer has been infected by FakeAlertB and McAfee seems unable to do anything.

I would much appreciate some help.....

Best regards

Simon

A:Fake-Alert-B

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Opt... Read more

Read other 1 answers
RELEVANCY SCORE 52

Hello!I need some help managing my internet security. I think I may have downloaded some kind of Trojan of some sort. I keep getting pop-ups that interruptme from my work.It usually sends me to this site, that tells me I have a computer problem. The website says I shoulddownload an antivirus, but of course it's fake.hxxp://pcspeedmaximizer.s3.amazonaws.com/index.htmlSometimes, it redirects me to google and few random sites.Please Help me thank you! I will check daily for any responses.

A:Fake Alert Pop-Ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 2 answers
RELEVANCY SCORE 52

Hi folks being a newbie, no doubt I will be advised what I may have done incorrectly - constructive advice always welcome.

Windows 7 HP 64 on bog-standard Dell Inspiron 400 micro, 4gn RAM AMD X2 3250e with Avast antivirus (brand new system).

Getting Fake alert scam ? Avast didn?t pick it up, malwarebytes picked up a link but not the files, Sophos picked up nothing.

Thought I was stuck as Combofix doesn?t work on 64 bit machines ? but a little legwork based on the clue given by malwarebytes led me to the file 823306.exe ? Virus total 9 antivirus systems recognise but none of the big boys!!

Guess that with the increased popularity of 64 bit machines that the low life are turning their attention to these!

A:Win 7 64 fake alert new?

Rob,
I'm in the same ballpark with you. One of our faculty has a Dell with Windows 7 x64 that picked up Smart Advisor(?) plus another one of it's friends. One positive thing I did find is that these jokers don't seem to be able to turn off Task Manager in x64 like they do when you get them in Windows XP 32bit. So you can swat them while you search for the files. But I'm still try to restore the Internet connection - and nothing in HiJackThis looks like a culprit. We use McAfee 8.7 commercial edition on campus and they sailed right by. So anyone with thoughts out there, I'd like to hear them too. And if I find stuff, I'll let you all know. And an x64 version of Combo Fix would be real nice to have just about now... Thanks!

Read other 1 answers
RELEVANCY SCORE 52

Good morning,

Yesterday I received a security alert from MSE. Unfortunately I ended up downloading something named Antispy Safeguard. It claims to be the world's leading security solution. And now it has taken over my startup. It also stops me from loading Microsoft Explorer until I download its' heuristics module. In order for me to continue the Antispy program is trying to extort $70 for a year's support. I have found no way around this devil. Can you assist?

A:Fake MSE-alert

hi !

that security alert was NOT from MSE !

it sound like a false antivirus (rogue) that pretends to be MSE.
there are som nasty rogues nowadays.

i suggest you create a NEW thread, and ask for support.
a tip: as subject write "Fake MSE-alert" or similar so you get attention....

Read other 9 answers
RELEVANCY SCORE 52

I could not do the dds scan because my computer wouldn't let me. But i got the GMER done and attached.

It keeps downloading Personal Gaurd 2009 without me telling it to do so. I can not change my background and this red circle with a X in it (located beside my clock in the bottom right corner) keeps telling me "Click here to protect your computer from spyware, Windows will now install the most up to date antispyware protecton for you"

Any information on how to get this off my computer would be greatly appreciated.

A:Can't get rid of Fake Alert-S.dll

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Try renaming dds to 123.com or 123.scr or 123.cmd

If that didn't work, see if RSIT will run: Download RSIT by random/random and Save it to your Desktop.
Double-click RSIT.exe to run the tool.
Click Continue at the disclaimer screen.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please copy/paste the contents of log.txt in your next reply.
Please attach info.txt to your reply.
To attach a file to a reply, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\rsit\info.txt
Click Upload
------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 52

Hi there

I would really like your help with my issue.

A few days ago I started to get multiple alerts through AVG (free version) of a Fake Alert virus that was coming in through emails.

I've attached a jpg of the AVG Virus Vault so that you can see what's in it.

I ran a full scan and there was something like over 300 instances of Fake Alert and a few other viruses - Win/Heri, Woem/Agobot.IIV and Trojan horse Generic 24.WMQ.

All were healed and deleted.

As soon as I opened my email program (Chaos) the alerts were back.

They don't seem to come into my inbox - they seem to go direct to AVG vault. However, this is exactly what was happeneing before.

What makes it worse is that my partner is also using the same network and he is also getting the same problem. He also ran AVG and it found many Fake Alerts and a few other trojans that were deleted.

I have attached the "attach" file and copied the other files below.

I am running 64bit version, so didn't do the other.

Your help would be greatly appreciated.

Sys Info
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II P920 Quad-Core Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 4
RAM: 4090 Mb
Graphics Card: ATI Mobility Radeon HD 5650 , 1024 Mb
Hard Drives: C: Total - 463607 MB, Free - 386208 MB;
Motherboard: TOSHIBA, Portable PC, Base Board Version, None
Antivirus: Lavasoft Ad... Read more

A:Fake Alert

Hi

I have found more info that may help solve the issue.

The emails do seem to be coming in, even they don't show in my email program (Chaos). I watched the folder "My Documents>Chaos>Mail>Inbox as the mail was coming in and there were files being added (which weren't showing in my email program). As soon as the "retrieve email" had finished, all of the files in the "Inbox" mentioned above started to disappear.

I had a look in the AVG vault, and there they were.

Maybe this is some sort of a really FAKE virus. IF so, that's great, but I still need to get rid of this happening every time I check emails.

I usually just leave Chaos running in the background, but I have to close it now because itconstantly adds more "emails".

Hope this additional information helps solve my issue.

Cheers

Diamond
 

Read other 1 answers
RELEVANCY SCORE 52

I have a pc that got infected and ran malwarebytes, spybot s&d and lastly combo fix and i think it is all clean, however even after running unhide on it all the links in the start menu, all programs are still not there. all the folders came back, but nothing is in them?

any ideas?

Read other answers
RELEVANCY SCORE 52

I'm not sure I'm posting on the right board as I'm new to this but here goes.

I?m Running a fully patched Windows XP Pro on a Toshiba laptop, with fully up-dated Panda Anti-Virus Pro and Malwarebytes. I've started getting Panda pop-up alerts of a virus, variously identified as W32/cosmu.L, Trj/Ramnit.A and Trj/Starter.G and that it has been neutralised and the file disinfected. This happens at approx 1 minute intervals and the file and the virus is different each time. A full scan, after disabling system restore, with the latest Panda Anti-Virus Pro 2012 reveals 14 infected files, says is has deleted them but it hasn?t.

Malwarebytes finds the trojan fakealert.H. at C:\Docs and settings\username\local settings\application data\rigphigg\aoxcvwou.exe and HKEY_CURRENT_USER_SOFTWARE\microsoft\windows\current version\run\aoxcvwou.
It reports that it has been removed and the registry values will be deleted on re-boot, but no deletion takes place and the problem remains. Malwarebytes support says it can fully remove fake alert - but it would seem it can't.

Trojan Remover 6.8.2 says there is a suspect hidden entry with rootkit characteritics at HKLM\software\microsoft\windowsNT\current version\winlogon\userinit.

And the file
Docs and settings\username\local settings\application data\rigphigg\aoxcvou.exe.

It says it will delete them on a re-start but ... Read more

A:Fake Alert H

I'm afraid I have very bad news. Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus names VirusTotal Threat aliases for W32/Ramnit <- Win32.Ramnit!IK, W32.Ramnit!inf, Win32.Rmnet VirScan Threat aliases for W32/Ramnit <- Win32/Zbot, PWS.Panda.387, PE_RAMNIT, Trojan/Generic.arhm McAfee Threat aliases for W32/Ramnit - link 1 <- Trojan.Generic.KD, Win32/Zbot, W32/Cosmu McAfee Threat aliases for W32/Ramnit - link 2 <- SHeur3.AQRA, W32/Patched-I, Win32.Nimn... Read more

Read other 1 answers
RELEVANCY SCORE 52

I have a windows xp operating system and mcafee security tells me i am protected but i get a lot of pop ups and I can't change my background screen. At the begining mcafee told that it removed Fake Alert-s.dll many time but it didn't.

Could someone please tell me how to get this off my computer, in simple steps, as i am not so bright with computers. Thanks

A:Can't get rid of Fake Alert-S.dll

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 52

Hi,
I just got infected with some kind of Fake Alert virus/trojan.
Question 1. Can it infect other machines on the same router?
Question 2. Can it delete documents/folders?
Question 3. How do I get rid of it?
Question 4. Why did AVG8 (updated each day) not see it?
thanks
Nick
 

Read other answers
RELEVANCY SCORE 52

My computer is infected with the "fake B alert" thingy....My macafee virus scan detects it on my computer, but for some reason I can't delete it!! Symptons: When my computer is on, it shows a flashing (handicapped) icon and then tells me that my computer may be affected....and tells me to buy the program "quake" to clean my computer....Please, anyone tell me how to delete this trojan..( i believe it's a trojan, not sure)
 

A:Fake B alert

Read other 7 answers
RELEVANCY SCORE 52

Scanned and cleaned infected PC with UBCD4Win running Spybot SD, SuperAntiSpyware, MalwareBytes and finally booted to Windows safe mode with network support and ran Trend Micro House Call.Some of the items detected and removed:DNSFlushFraudSecurityMasterAVWin32.AgentWin32.delfWin32.FakeAlertZlob.VcodecAntiMalwareDoctorSecurityMasterAVRogue.Agent/Gen-Nullo(DLL)Symptoms persisted such as access denied when saving/closing msconfig to start in limited diagnostic mode.Internet Explorer would allow access to Google and Microsoft sites, but not the Windows Updates site. Internet Explorer would state cannot connect... When attempting to make changes with msconfig, the error stated something like your administrator has placed policies that prohibit or something like that. Also early on I noticed Internet Explorer redirects or hijacks. That was one of the first symptoms experienced along with fake alerts and security warnings. After cleaning with the tools mentioned, one of the scans (possibly house call) stated the hosts file could not be accessed or access denied. Attempted manual access and edit, access denied. Also note I created a new admin account just to complete these scans to get around any possible issues with the existing accounts. Didn't really help. Back to the hosts file, booted back up with UBCD4Win, edited the hosts file which contained a number of malicious site references. Deleted and copied a good host file from a known working PC same OS.Next Step was ... Read more

A:Fake Alert and others

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 19 answers
RELEVANCY SCORE 52

Hello

I recently fell for a fake alert that set off warnings from Avira, and noticed shortly after that internet searches were being redirected. Tried dealing with it on my own but am not sure I have had any success and in fact have made things worse. The computer is now very slow in general and takes longer to boot.

In the past Ive dealt with things of this sort and seemed to have worked through it. Have added an external drive in the last while and this may have added an element that has put me out of my league.

Could someone please spare some time, pretty sure I'm not going to get this solved without help.

Thank you
Cliff

A:Fake alert

Hello,Now that you have posted a topic here: http://www.bleepingcomputer.com/forums/topic359266.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.Please be patient. It may take several days to get a response but your log wi... Read more

Read other 1 answers
RELEVANCY SCORE 52

I did some reading and i guess this is a real threat I found "fake alert" in my virus vault this morning, and as soon as I signed on and opened myspace, I got another pop up for the same thing. Any recomendations? Im running windows XP home with AVG antivirus.

A:fake alert?

Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will s... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

I have a Dell Dual Core XPS 410, running XP Pro (additional slave drive installed). I've started getting pop-ups, sometimes when I'm not even surfing. The thing has grown quite slow in accessing some websites (work email for example, on GoDaddy, where it won't even let me send email). I used PC-Cillin 14 which didn't detect anything, MS Live One which detected them but could not remove them, and AVG Anti-Virus which said it removed them but the pop-ups & slowness persisted. I did a Hijack This scan, and here's what I got:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:59 AM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
... Read more

Read other answers
RELEVANCY SCORE 51.6

Hello,I just recently on the internet and then all of a sudden a yellow flashing yield sign popped up in the system tray. It says "System Alert: Spyware detected". Then says all this fake stuff. I am also getting pop-ups like a fake symantec scan, and from a casino website. My internet explorer was also hijacked. I turned the computer back on and i had 4 extra icons. one was spyware remover, free games, and two troubleshooters. I deleted them all from the desktop, but the stupid blinking thing wont go away. I scanned ad-aware, and it found something called istbar. Here is the Hijack this.Logfile of HijackThis v1.99.1Scan saved at 12:17:39 AM, on 6/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exeC:\Program Files\WIDCOMM\Bluetooth Software\bi... Read more

A:Fake Spyware Alert! Will Not Go Away,

Hi MongoJerry36 and Welcome to the Bleeping Computer!Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).Please download the trial version of ewido anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is in... Read more

Read other 30 answers
RELEVANCY SCORE 51.6

Hey, I'm not sure where to post this so...I've been getting some fake alert messages and can't seem to get rid of it. I've ran anti-virus programs that aren't working. What should I do next to remove this problem?I'm using a Microsoft Windows XP - Media Center Edition Version 2002 Service Pack 2 Some of the messages I see are as follows:Any help would be wonderful

A:Fake Alert Messages

Hello and welcome please run these next. If you have Spybot installed temporarily disable it. (I'll be back in the morning)Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start a... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

I've been trying to get rid of this stupid virus all day. I have run AVG, Malwarebytes Anti-Malware, Spybot, ATF-Cleaner, and SUPERAntiSpyware and the thing STILL pops up.

ATF-Cleaner got rid of this thing on the corner notification area, but I still get a few windows popups and Internet Explorer going to either a site with a antispyware ad or a 404 page. It's quite annoying.

Any help?

Here's the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:14 AM, on 2/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\MouseWare\system\... Read more

A:Fake Alert Trojan!! Help!

Apparently, once again, I spoke too soon. I have the warning popup in the corner constantly telling me that "Warning! You have a Security problem!" And if I click on it it tries to go to spyware remover 2009 plus and stablility trace online. AVG keeps on telling me that I have the FakeAlert virus, and every time I try to move to the vault, it keeps on coming back. Help!
 

Read other 2 answers
RELEVANCY SCORE 51.6

I have a laptop : Dell Inspiron 1525, Core 2 Duo, with vista basic. Suddenly, since approximately 1 month, i get fake USB alert, with the sound & the little icon that appears down to the right beside the clock icon ( as if i plugged & unplugged a USB cable) .. I get this icon about every 3 minutes It disappears spontaneously within seconds.. Please Help
 

A:Found USB fake alert

Read other 12 answers
RELEVANCY SCORE 51.6

I got one of those virus alerts somehow that puts a never ending Windows Secutiry Alert pop up every minute.When online and opening another window like trying to even get to this web page, I get IE blocked and this is the page addy that it automatically goes to <hxxp://security-problem.microsoft.com/block.php?r=21.1>The bubble in the taskbar will pop up Anti Virus System Pro Alert every two minutes. Says I am infected with Win32/Nuqel.E , attacked port 46126 and has an IP addy where its from. Ask Yes or NO to block the attack.A AV installer window appears after that wanting me to install, etc.My HiJack This logfile is below. Hope I did it correctly for you guys to help me.Appreciated in advance.BTW, I cant do CtrlAltDel. Says disabled by administrator. Somehow that got removed.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:15:48 PM, on 5/31/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exeC:\WINDOWS\System32\svchost.exeC:\Program... Read more

A:Another Fake Spyware Alert

Hello, Mikz86TA.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.ThanksAlso, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

Read other 3 answers
RELEVANCY SCORE 51.6

Just wanted a little assist deleting the apporpriate files under Hijack This file as this is the first time I have used this program. Would appreciate any help you can give. I notice 2 & possibly 3 files i feel need to be deleted but would appreciate a more experienced eye. Here is a copy of my Hijack This saved log. Thanks, in advance.Logfile of HijackThis v1.99.1Scan saved at 4:17:09 PM, on 5/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\windows\runservice.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\windows\system32\nvsvc32.exeC:\windows\system32\UAService7.exeC:\WINDOWS\system32\dllhost.exeC:\windows\Explorer.EXEC:\w... Read more

A:Fake Alert-b Trojan

Hello,It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\windows\system32\hp100.tmpO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!* Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 on a non infected computer will... Read more

Read other 5 answers
RELEVANCY SCORE 51.6

I was recently infected with spyware and was able to fix the problems i was having. However I had downloaded spware programas that turned out to be some sort of malware i guess. Now i am getting this fake system alert that tells me i've been infected and that i need to download antispyware. I ran both norton and also windows defender and both programs did not find any spyware or other malicious programs. I keep on getting this system alert which is annoying. It appears as a red/blue blinking shield in the system's tray. Whenever IE is launched the homepage is redirected to a different page that claims to be a safe page which tells me to dowbload antispyware programs. I know this is not so and i need help fixing the problem.

A:Fake System Alert

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

I've tried searching around using google for quite a while and tried using a few fixes, but haven't found any that work. I use Win XP Pro SP3 and I downloaded a file that was about 4.2 MB in size which I thought was something else. as soon as I ran the .exe for what I thought I was getting, a fake virus alert came up claiming to be called Vista AntiVirus said my system was infected. it replaced my desktop background with a red wall paper with a quarantine symbol on it. it also removed admin rights.

I was able to trick it into allowing me to run Lavasoft's Ad-Aware 2008 which I already had installed. it removed the pop up of Vista AV that was slowing my machine down a lot, but couldn't remove a few items which keep coming up.

here's my HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14: VIRUS ALERT!, on 8/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.co... Read more

A:fake virus alert

also, I tried making a limited account to try to fix some things with it but when I make it then log off, the new account doesn't show up, but when I go to remake it, it says the name is already taken.

so for the moment, I only have access to an administrator account.

Read other 3 answers
RELEVANCY SCORE 51.6

Hello,

My computer recently was attacked by a virus. I was able to remove the virus, but every couple of minutes, a pop-up shows, saying I have a security problem. When every I turn on my computer, McAfee says they blocked a "fake security alert", which I'm guessing is what's shown below. I don't know what I need to download to get rid of it, or what steps I need to take, but I would like some help to get rid of this. I do have HijackThis installed. I am running Vista as my operating system.

Please and thank you!
 

A:Fake Virus Alert, Won't Go Away

Read other 13 answers
RELEVANCY SCORE 51.6

I removed Fake.Alert via Ad-Aware and since then this computer cannot connect to the internet. I'd appreciate any help anyone can offer!

Thanks!


DDS (Ver_09-09-29.01) - NTFSx86
Run by John at 11:45:56.32 on Fri 09/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1165 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\M... Read more

A:Fake.Alert Removal

Welcome to TSF :)

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


===========================================

Download OTL.exe to your desktop.
Double-Click on OTL to run it.
When the window appears, underneath Output at the top change it to Standard Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CR... Read more

Read other 19 answers
RELEVANCY SCORE 51.6

hi hope someone can help me,i had the above trojan which i removed with malwarebytes,but since then i cannot load windows in normal mode only in safe mode i have tried to repair with my xp disc but nothing has changed hope you can help thanks

A:fake alert trojan

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 51.6

I found this spyware today morning. I am using CA Security Suite. It detected the spyware. I removed it. But it keeps appearing. There is no other spyware in my PC. I ran the anti-virus and it's all ok.

The places this spyware is found are:

hkey_users\S-1-5-21-........
hkey_local_machine\software\mozilla\msfox

How can i remove it?

I tried regcure and they are asking me to buy a full version. Regcure detected over 500 problems in my computer.

Please help
 

A:Fake Alert QM keeps appearing

Hi,

Can anyone help please?
 

Read other 1 answers
RELEVANCY SCORE 51.6

In short: I'm being pulled out of everything I do by a fake windows security message that freezes my mouse for about 10-15 seconds and makes my computer beeeeeep for the same time amount. It Reads, and this is Verbatim, bad spelling and syntax included,
! Your computer is low on memory!
It can happend because this computer is infected by viruses! Save your files and press "Close Programs" button. you must install any antivirus software and check this computer!

|Close Programs| | Cancel |

The bad syntax is kind of what tipped me off. More as follows, but may not be necessary.

In long: I've been having malware problems lately, notably the Winiguard fake virus removal program. Anyway, I installed, one at a time, 4 different anti-malware programs, including windows defender, Norton 360, Malware bytes, AVG (my main virus protector), as well as Spybot Search and Destroy. I Think I've nailed 99.9 percent of my problems. I haven't seen the Winiguard pop-up since yesterday, (although i am not entirely convinced its gone.) Here is my Hijack This report.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:09 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.e... Read more

A:Fake sercurity alert

Read other 7 answers
RELEVANCY SCORE 51.6

Hi guys. My computer is infected with a rogue antispyware infection. I have run AdAware, Spybot, and SmitFraudFix. The problems associated with the original infection have mostly been solved(Incessant pop-up windows, etc.) However, the one remaining problem is a notification in my toolbar declaring "Tracking Process Activated. ***ADDRESS:0x17DA839A *** Cannot deactivate spyware program. Click this balloon to fix this problem."Here is a copy of my HijackThis log:Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:&... Read more

A:'fake Alert'/zlob

Please visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

Read other 12 answers
RELEVANCY SCORE 51.6

Hey guys, I am infected with the virusburst fake alert. I have tried running my virus scans and all my spyware and ad aware programs and I just can't seem to get rid of all the traces. Here is a copy of my HJT log. Any help will be appreciated.Logfile of HijackThis v1.99.1Scan saved at 3:23:50 AM, on 12/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exec:\Toshiba\IVP\swupdate\swupdtmr.exeC:\Program Files\TOSHIBA\TOSHIBA Applet&... Read more

A:Virusburst Fake Alert

Hey MobysFanSmitFraudFix:Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 6 answers
RELEVANCY SCORE 51.6

I am having an issue with a fake security alert pop-up - it says the system has detected a number of active spyware applications on my computer - To get rid of them click on the icon and download an up to date antispyware solution - if you click the icom it takes you to a site to purchase Spycrush software? I have used defender, spybot, ad aware an my Freedom security to try and get rid of them - with no luck? Here is my log from HijackLogfile of HijackThis v1.99.1Scan saved at 1:47:27 AM, on 6/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Zero Knowledge\Freedom\Freedom.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\System32\spool\DRIVERS\... Read more

A:Fake Security Alert Pop-up

Hello Hootchie, I am SifuMike and I will be helping you. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file wi... Read more

Read other 4 answers
RELEVANCY SCORE 51.6

I've tried everything on my own to try to get rid of this, but I guess I need professional help

Logfile of HijackThis v1.99.1
Scan saved at 6:11:50 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Network Associates\SCP\Rogue System Sensor\RSSensor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:... Read more

A:HJT log - Fake Alert - B trojan

Read other 7 answers
RELEVANCY SCORE 51.6

I recently downloaded (or at least try to download) Minesweeper, and that apparently downloaded Web Discover, which ended up in scareware. I am slightly worried about the health of my computer, and any help would be appreciated.
 

A:Help Removing Fake Alert

Hello,
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Read other 1 answers
RELEVANCY SCORE 51.6

My girlfriend was online playing farmville (yeah i know), and shouted to me to say a virus detection came up.

Im currently running Windows Ultimate 64bit, with bullguard.9 and usual ad-adaware/malware software in the background.

Its pretty crazy..im the 4th person today to post of this trojan and no one seems to know whats going on.

ive ran all current anti malware/ad-aware and anti virus suites with all results showing 0.

Im currently booting into Safe mode as it wont open anything normally.

Is skynet taking over?

A:Trojan Fake Alert 5

Seems to be a bad update from Bitdefender, reporting many system files including apparently it's own, as infected. Do not act on these finds. I think Bullguard shares technology with Bitdefender.

http://forum.bitdefender.com/index.p...ndpost&p=78984


Quote:




The problem is only affecting users of the x64 versions of BitDefender.
A fix will be delivered via automatic updates as soon as possible.
Please disable the real time scanning feature until further notice.
We are sorry for the inconvenience.




http://forum.bitdefender.com/index.p...c=18759&st=300

Please contact them for support.

Or...this info in the Bullguard forum might help you

http://forum.bullguard.com/forum/15/...4-u_83982.html

http://www.bullguard.com/support/system-status.aspx

Read other 1 answers
RELEVANCY SCORE 51.6

Hi all,

So yesterday, I went to craigslist.com (or at least I thought I did), and that apparently downloaded some virus. In the bottom right corner of my screen, I would get a message along the lines of "unauthorized person has access to system, please click here to install anti-virus." I knew it was a fake so I looked it up on the internet, and people had suggested using the McAfee Stinger, and then the MalwareBytes program to remove what appeared to be the fake alert issue. I scanned with stinger once, and it appeared to come back, so I thought I would get a step ahead of it by removing the hard drive from the computer, attaching it through usb to another computer, and have the second computer scan through the hard drive with the problem. Again, I ran the McAfee stinger, and the MalwareBytes programs. Stinger first revealed two issues that were deleted, and then MalwareBytes revealed 14 issues (a couple of which were on the computer using to scan the problematic hard drive). After deleting those viruses, I put the problematic hard drive back into its original computer, and now it is saying that the System Config file is missing or corrupt..

I downloaded Hijack this, but it won't let me scan a secondary hard drive, it is only scanning the primary hard drive (so I can't attach the hard drive to another computer and have it scanned). I tried putting in the XP System Restore disk, and it said it had to stop and that I should remove the hard drive to check ... Read more

Read other answers
RELEVANCY SCORE 51.6

This past week, Security Alerts started popping up. The alerts appear to be a windows based warning and when you click ok or close, it opens up an internet explorer window that appears to be performing a scan of my system. I'm able to close out the window, but the processor stays at 100% with svchost processes using the majority of the percentage.

We've also started getting a ton of just random pop-up adds and internet windows.

I've had Norton anti-virus installed on this PC, but it appears to have expired. This is the family pc and I don't really use it so I don't have a good idea how long ago it expired. When I try to open the internet web site to re-subscribe, I get an error saying that my internet is not connected, but I'm able to visit all other sites without issue. When I try the McAfee site, it redirects me to some other anti virus software.

Thanks in advance for the help.
bigB



DDS (Ver_09-12-01.01) - NTFSx86
Run by Brian at 13:56:38.71 on Tue 02/16/2010
Internet Explorer: 7.0.6000.16982
Microsoft? Windows Vista? Home Basic 6.0.6000.0.1252.1.1033.18.1527.829 [GMT -7:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

======... Read more

A:Fake Security Alert

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords to any and all online accounts should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complet... Read more

Read other 17 answers
RELEVANCY SCORE 51.6

i have the same problem as some other people here. my computer gives me these fake alerts, that i have a virus and my computer isnt safe. "windows has detected an internet attak attempt..."i read the old topics to my problem and i figured, i have to post this hijaked log fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:11:59 PM, on 8/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Supp... Read more

A:Fake Windows Alert

Welcome to the BleepingComputer HijackThis Logs and Analysis forum benisnaked My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java versions.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:&#... Read more

Read other 7 answers
RELEVANCY SCORE 51.6

Hi guys. i keep receiving this fake pop up alert. Here is the image to be more specific. When i was about to post a introduction in this forums I received the pop up again. i noticed it mostly happens on forums. Here is the image to be more specific. - The window+Message + Inside site.I am not sure when i received this message the first time. It was about a week before i think. I knew exe files were not safe to download. Something about the wordings kept me away from it. However i was getting really annoyed by this, and i thought it might be the site or some sort. When i was browsing a different forum,it came up again i accidently hit allow instead of dont allow, and then all was a horrible nightmare. It downloaded setup.exe and automatically activated a fake virus protector antivirus, asking me to register to protect my system. I knew this was a fake, and i immediatly started scanning with malaware bytes- Anti malaware. It detected some items and asked for a reboot and i did. When i logged back in normal mode, the virus was not gone. Instead it covered up the whole desktop with the program running. I couldnt run task manager or anything. I restarted in safe mode with networking and tht didnt do the trick either. The virus protector covered my whole screen. I couldnt even get access to the desktop. Then i logged in my laptop trying to find a way to get rid of this. I found somewhere to restart in safe mode with cmd. In the site it said to type this on the notepad[Version]... Read more

A:Redirecting, Fake pop Alert,

I have the same pop up. NO clue what is going on and nothing seems to be working for me. Good luck!

Read other 16 answers
RELEVANCY SCORE 51.6

Any help would be greatly appreciated it. Mcafee keeps alerting me of malware detections. I have been receiving a lot of fake alerts to install spyware protection. I have run full scans of Superantispyware, Malwarebytes as well as combofix. Here is my combofix log and thanks in advance!ComboFix 10-05-31.03 - tpadmin 06/01/2010 10:11:06.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2599 [GMT -5:00]Running from: c:\documents and settings\tpadmin\Desktop\ComboFix.exeAV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C} * Created a new restore point * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).Infected copy of c:\windows\system32\drivers\ws2ifsl.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_PRAGMAcpxpbvfulb-------\Service_PRAGMAcpxpbvfulb((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 ))))))))))))))))))))))))))))))).2010-06-01 14:56 . 2010-06-01 14:57 -------- d-----w- c:\documents and settings\tpadmin\Application Data\U32010-05-26 18:44 . 2010-05-26 18:44 0 ----a-w- c:\windows\nsreg.dat2010-05-26 18:06 . 2010-05-26 18:06 -------- d-----w- c:\doc... Read more

A:Fake Alert/Generic please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

i just got rid of fake alert but not sure if i've done it got done right. using Zone Alarm Security Suit. it did find some trojans and spyware but still not right. really slow log into windows (XP) (desktop background appears and then sticks with no taskbar, start menu or iconsfor about half an hour till it actually works)everything is generally slow and i am still getting pop-ups. here is my HJT log. hope someone can help. cheers
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:34:46, on 02/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonito... Read more

A:30 min OS log on (previously had fake alert)

Welcome to TSG

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt in your next reply.

===============================... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

My second computer has several recurring viruses that Trend Micro could not get rid of. This is an older dell computer running windows xp. Member Boopme helped with me with issues on my other computer and I have followed his recommendations on this computer as well. (refer to previous thread http://www.bleepingcomputer.com/forums/t/181542/cryp-fakeav-wont-go-away/ )I ran the atf cleaner, then Super Antispyware in safe mode and finally rebooted and ran a quick scan with Malwarebyte's Antimalware.SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 11/24/2008 at 11:27 PMApplication Version : 4.22.1014Core Rules Database Version : 3649Trace Rules Database Version: 1632Scan type : Complete ScanTotal Scan Time : 05:45:17Memory items scanned : 186Memory threats detected : 0Registry items scanned : 7069Registry threats detected : 8File items scanned : 181539File threats detected : 10Trojan.FakeAlert-IEBT HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKLM\Software... Read more

A:Fake alert, zlob & others

Hello again, well again the ones left is system restore we will get at the end as we would like to at least have an infected restore than none.How is this PC running now.Lets also run a Siri's Smitfraudfix scan. This is an excellent Zlob killer.Please post the scan report. The report can be found at the root of the system drive, usually at C:\rapport.txt.SmitFraudFix

Read other 18 answers
RELEVANCY SCORE 51.6

Hi I had a fakealert virus and I have ran malwarebytes, logged the infected files, ran ComboFix, and went into regedit and deleted affected files.  I am still, however, getting the windows security alerts everytime I reboot.  How can I stop this and/or find what is still affecting my computer function.
 
Also, I want to look in my startup but I can't remember what the stupid word is that opens it.  File, Run, ??? 
 
Thanks!

A:fake alert virus

word your looking for is "msconfig"

Read other 3 answers