Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Popups Everywhere And Fake Security Balloons In Toolbar


  • Please log in to reply
5 replies to this topic

#1 SummerSnow

SummerSnow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 25 March 2008 - 07:44 PM

Hello, I have been trying very hard to get rid of these viruses for two days straight now. I have Kaspersky antivirus, but it can't find these infections in scans. When it scans, it says I have a trojan, but when it tries to remove it, my computer shuts down.

I tried following the "manual removal instructions for antivermins" but none of the files I had to rename were found. :C
I also tried running SmitFraudFix.exe, but when it starts the scan, it disappears and never comes back. I don't know what to do.

Symptoms:

*** security warning balloons, yellow triangle with black exclamation point, bubble says:

Security Alert: Networm-i.virus@fp
Type- virus/network Worm
Damage level - High
Description- virus that damages executabe files
advice: delete/ quarentine immediately
Protection: click this balloon to download certified antivirus software.


*** Lots of ie popups telling me my computer is at risk, also trying to download "fake" antivirus softwares
-----------some say: unwanted popups detected, software is missing or corrupted, and it has charts
-----------some say an error occurred, and to click stuff to fix it

***Here is a screen shot: http://img149.imageshack.us/img149/5912/virusalertsla1.jpg

My computer specs:
microsoft xp 64 professional edition of windows

Dell Precision pws690
Intel ® xeon® CPU
5130 @ 2.00GHz
2.00 GHz, 4GB Ram
Two harddrives with Raid something so that the information is spread between them
grand total of 500GB between the two

Not sure what else you may need, but please help me get rid of this...

PS- AVG has found:
trojan horse delf.CHK
trojan horse agent.CBX
trojan horse lop.4.k
trojan horse downloader.Zlob.VKN

--Note, delf and Zlob are in the vault, but cannot be healed.
Scanning again, and it's finding more viruses, is it caused by the trojans?

still having all these popups... help

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:27 AM

Posted 25 March 2008 - 10:09 PM

Hello and welcome to BC.

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SummerSnow

SummerSnow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 25 March 2008 - 11:25 PM

Thank you,

I downloaded Smitfraudfix, but when I run it, it disappears after listing only two or three lines of the scan.

***EDIT***

I downloaded SUPERantispyware, and it took away the fake security balloons and popups. But now I am getting this:

Posted Image

**/EDIT**

Edited by SummerSnow, 26 March 2008 - 12:39 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:27 AM

Posted 26 March 2008 - 10:50 PM

Is Smitfraudfix on your desktop? If not, move it there and try running it again. Also make sure you did not dowload and use an old zipped version. If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive and run it from there. If your still having problems getting the tool to work, then go ahead and run it in normal mode.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 SummerSnow

SummerSnow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 26 March 2008 - 11:07 PM

Yes, it is definitely saved to the desktop, and it wasn't a zipped file. Also, it disappears in normal mode as well as safe mode. Difference being that in safe mode, everything on my desktop disappears with it, including the bottom taskbar. All that is left is my background. And where is the root system folder?

I will get back to you with the results from malwarebytes once I complete the directions tomorrow morning.

Thank you for your help so far, it's greatly appreciated <3

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:27 AM

Posted 27 March 2008 - 08:22 AM

where is the root system folder?

It is typically at C:\
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users