Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Alert Pop-up , Fake?


  • Please log in to reply
11 replies to this topic

#1 Jordan64

Jordan64

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 03 September 2007 - 09:11 PM

Hey guys , recently ive been getting a repeating error message which says exactly as follow :

----
Windows Security Alert

Warning! Potential Spyware Operation!

Your computer is making unauthorized copies of your system and Internet Files. Run full scan now to prevent any unauthorized access to your files! Click YES to download spyware remover ..


----

Now usually i use FireFox to do all my surfing , but my girlfriend got on my system and was using IE , i didnt think anything of it.. and have no idea if this has anything to do with it... but about an hour later of surfing with that browser i started getting this message... it looks exactly like a Windows Message, but sounds too corny to me , i havent clicked yes , cause i know moste likely leads to more spyware... or more junk.. now... Ive attempted to get rid of it already.... I fully updated and ran the following...

- Spybot- Search&Destroy - Full Scan

-Lavasoft AdAware SE - Full Scan

- SuperSpyware PRO - Ran a scan in Safemode as suggested , found lots.. but didnt remove my current noticable issue.


My current OS ---

Windows XP Pro


Any ideas on what i should do next!?

Thanks in advance to whoever contributes!


Im new here.. so if i did anything wrong in my post , or didnt give enough info , let me know.. il be checking this thread very regularly.

Edited by Jordan64, 03 September 2007 - 09:13 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:23 PM

Posted 03 September 2007 - 10:27 PM

Can you tell us more about what Super Antispyware found? Did it mention Zlob or vundo or virtumonde, etc.?
By the way you said you ran Super Spyware---did you mean Super Antispyware? Hope so.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Jordan64

Jordan64
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 03 September 2007 - 10:58 PM

haha, yes i meant SuperAntiSpyware... and no , it didnt list any of the 3 things you listed... i checked the Quarantined list....

#4 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:23 PM

Posted 04 September 2007 - 05:38 AM

Check if Windows Messenger is the culprit. If this isn't where the ads are coming from, please tell us what Super Antispyware quarantined other than cookies.

1) Select "Start"
(2) Choose "Control Panel"
(3) Choose "Administrative Tools"
** note in Windows XP Home edition, Admistrative Tools is in Performance and Maintence
(4) Choose "Services"
(5) Right-click on "Messenger"
(6) Select "Stop"
To permanently disable Messenger:
(7) Right click "Messenger"
(8) Select "Properties"
(9) Change "Startup Type" to "Disabled" and click "OK"
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 kosmas

kosmas

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 04 September 2007 - 02:44 PM

I have the same problem please any solution???

#6 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:23 PM

Posted 04 September 2007 - 04:00 PM

kosmas--------please start your own topic and describe what problem you are having.
Here are links to two programs to use.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Jordan64

Jordan64
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 04 September 2007 - 05:16 PM

Alright, so im gonna sound like an idiot , but im so annoyed at this point you have no idea... i went to follow the windows messenger intructions , i clicked start.. opened my control panel , clicked Administrative tools... and the window froze , i sat there and waited and waited...... 5 mins later... i decide to end " Task " the window , it closes.... and for some reason the " Control panel " icon in my start menu dissapeared , and when i right click properties on ' My Computer ' it says "

" This operation has been canceled due to restrictions in effect on this computer. please contact you system Administrator "...

Now i cant find my Control Panel , or Administrative tools.... What the hell is going on.. lol.. how do i restore the icon.

#8 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:23 PM

Posted 04 September 2007 - 06:18 PM

Well it looks like the malware has been very active. Probably downloaded some more. It is obviously not Windows Messenger Service causing the problem.
Suggest you post a Hijack This log. Once you have downloaded Hijack This, find the file on your computer and right click on it. Select rename. Change from Hijackthis.exe to lastchancescan.com and then double click on the file to run it.

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Desert_Jewel

Desert_Jewel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 06 September 2007 - 06:26 PM

I'm having the same exact problem. And now I have two new problems. While doing a spyware scan, every time I try it, my computer shuts down and restarts. AND my active desktop isn't working. I am sooooooooo frustrated!

#10 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:23 PM

Posted 06 September 2007 - 07:42 PM

Desert Jewel---Try doing your scans in safe mode.

Here are links to two.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

If That doesn't solve your problem,
Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Desert_Jewel

Desert_Jewel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 08 September 2007 - 09:44 PM

Thanks buddy! I wasn't running in Safe Mode. DOH! :thumbsup:

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,733 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 PM

Posted 08 September 2007 - 11:25 PM

Windows Security Alert! Warning! Potential Spyware Operation is a fake warning alert intended to goad you into purchasing a rogue anti-spyware programs to fix it.

If your using Win XP or 2000, please print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions)
If you have downloaded SmitfraudFix previously please delete that version and download it again as the tool is frequently updated!

Next, download RogueRemover and save to you Desktop. (This program is for Win XP, 2000, NT only)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.
  • During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program and select Check for Updates.
  • If prompted, click Download to receive the latest updates.
  • When completed, close the update window.
  • Select "Scan" and the program will walk you through the remaining steps.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users