Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake System Alerts


  • Please log in to reply
9 replies to this topic

#1 remit

remit

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 31 August 2007 - 01:42 PM

Ok, first of all, this all started when I tried downloading some porn. I originally was not looking for porn, and that was probably my mistake. One should never trust an open invitation to download porn.

Anyhow,

After realizing that the porn being offered was a deceptive way of getting me to download infections, my PC has apparently become infected to some degree. I'm getting pop ups and system alerts every few minutes, one saying that I have a back door Trojan, another saying that I have visited porn sites that are etched into my computer, which could damage my career and marriage, and that I need to click the link to download a solution. I don't think these are really solutions, and whatever it is I have, I don't think it's a destructive virus, because I have Zone Alarm security suite, and I've done scans and it hasn't found anything. These fake system alerts are encouraging me to download either virus ranger, anti-spy golden, or virus locker. Judging from my google searches, these security programs are fake.

The alerts pop up from the lower right side of my taskbar.

Anyway, I did a google search on 'fake critical system errors' and discovered this message board. I read the posts of others who seem to have had the same problem as me, and they seemed to be getting some good help from you folks.

I'd be grateful for some help here.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 31 August 2007 - 02:40 PM

Use the smitfraudfix tool in the link below. Follow the directions closely.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Follow up with the two programs below to remove any leftovers and malware that accompanies the smitfraud malware.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

Please let us know the results.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 remit

remit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 31 August 2007 - 05:54 PM

Hey buddy215,

When I bring up SmitFraud, I'm presented with 5 options.

1. Search
2. Clean (safe mode recommended)
3. Delete Trusted Zone
4. Check for updates
5. Search and Clean DNS highjack


Am I supposed to do each one?

And what about option 2(clean)? What does 'safe mode recommended mean?' Do I have to somehow have to change the mode my computer is normally in?

#4 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 31 August 2007 - 07:44 PM

How to start Windows in Safe Mode.
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

You can skip the first option to create a report.
Select clean. Make sure you can see the Smitfraudfix icon on your desktop before entering safe mode.
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 remit

remit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 31 August 2007 - 08:19 PM

Sweet! The problem appears fixed.


Thanks again Buddy.


PS: Do you somehow get paid for doing this kind of service?

#6 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 31 August 2007 - 09:22 PM

Be sure to complete all three scans if you haven't. Very important as there is almost always other malware to contend with.
After completing all the scans and you are satisfied that you are no longer infected with malware, you should remove ALL restore points as some of them are infected and if you need to use restore in the future you could reinfect your computer.

Bleeping computer's tutorial for resetting system restore in link below if you need it.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

My pay is your saying thank you and what I learn from participating. If you would like to donate to Bleeping Computer just click on "donate" at the top of the page. Glad you got rid of your problem.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 remit

remit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 04 September 2007 - 10:10 AM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/


Hey Buddy215,

What is the risk of running super antispyware in normal mode?

What is the purpose of putting the computer in safe mode?

Edited by remit, 04 September 2007 - 10:10 AM.


#8 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 04 September 2007 - 11:26 AM

There is no risk to running SAS in regular mode. The reason for using safe mode is that the malware is likely not to be running and the chances are better for removal. My daughter called me last night to tell me her computer had malware. She first ran SAS in regular mode and it hung on a file in AIM. She successfully ran the program in safe mode. Quiet a coincidence you would ask this question of me today.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 remit

remit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 04 September 2007 - 03:47 PM

There is no risk to running SAS in regular mode. The reason for using safe mode is that the malware is likely not to be running and the chances are better for removal.


So is this dormant malware programed to 'awaken' at random or scheduled times?

My daughter called me last night to tell me her computer had malware. She first ran SAS in regular mode and it hung on a file in AIM.


What does it mean for a malware to hang onto a file in AIM? What does AIM stand for?

She successfully ran the program in safe mode. Quiet a coincidence you would ask this question of me today.


Yeah, strange coincidence.

#10 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 04 September 2007 - 04:16 PM

In safe mode most programs/ processes have not started. Most malware will not load in safe mode.
Sometimes ALL programs will hang/freeze/stop functioning. Malware in an infected file can cause the scan to stop functioning.
AIM is AOL's Instant Messenger. We think that is where the malware entered her computer, too. Thanks to one of my grandkids. AIM is now gone from her computer.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users