Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ieantivirus ?


  • Please log in to reply
11 replies to this topic

#1 eatit151

eatit151

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 28 April 2008 - 11:31 AM

I am getting a warning saying that my computer has been infected. It tells me to download a antivirus program. if I click cancel then it goes away for a few minuets. If I click ok the it automaticaly starts to download ieantivirus.exe .... I have done some checking and this is not a good program. However I still have this problemb. I have scaned with AVG PRO and Spy Sweeper. It has not helped. However if I get online like I am now, Then when I log off I can scan and have new adware/spyware and misc. unwanteds. However nothing is finding what is making this happen. I am just abought to the point of running fdisk and kill my computer. so that I can start over. However I would like to avoid it.



I gues the question is do I have to download and install this dangerous program inorder for these scans to find what it giving me these fake warnings.


Thank You

P.S. I do not get this when using AOL only when using Internet Explorer.

Edited by eatit151, 28 April 2008 - 12:55 PM.


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 28 April 2008 - 01:39 PM

I gues the question is do I have to download and install this dangerous program inorder for these scans to find what it giving me these fake warnings.


erm..nope :thumbsup:


may one ask your windows version
and have you yet run a scan with either superantispyware or asquared?

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 AM

Posted 28 April 2008 - 02:05 PM

Please print out and follow the generic instructions for using "SmitfraudFix".
-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!
-- If using Windows Vista be sure to Run As Administrator
  • Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
  • The tool will go through a series of cleanup processes and automatically start the Disk Cleanup program to remove Temporary files. Wait for it to complete and Disk Cleanup to finish.
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 eatit151

eatit151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 30 April 2008 - 08:06 AM

I am using the horible windows vista. I have thought abought installing XP Pro. I use that on my desk top but when I went to buy my laptop I could not find one without vista.

#5 eatit151

eatit151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 30 April 2008 - 08:11 AM

Also I ran a scan with AVG Pro and Spysweeper in safe mode and then when I restarted I did not have a problemb for abought 15 min then a warning poped up saying that viewpoint was not installed and asked me if I wanted to install it. I clicked no and within secounds started geting the same warning as before.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 AM

Posted 30 April 2008 - 08:42 AM

One thing at a time. Did you follow the instructions I previously provided?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 eatit151

eatit151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 30 April 2008 - 09:33 AM

Yes I just compleeted those steps. It seems to have worked Ill give it a few and see if the problemb comes back. Thank You

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 AM

Posted 30 April 2008 - 09:53 AM

Ok, don't forget to post the log results from MBAM.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 eatit151

eatit151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 30 April 2008 - 11:19 AM

Log Results


Malwarebytes' Anti-Malware 1.11
Database version: 700

Scan type: Quick Scan
Objects scanned: 38018
Time elapsed: 10 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{29bf1b1f-0106-4881-a7c7-a71035c54825} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{99e591b6-a5ad-4a2d-b349-334020760ef2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdx.videostream (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15977918-3a04-4982-8e45-edc618371ebe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{15977918-3a04-4982-8e45-edc618371ebe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15977918-3a04-4982-8e45-edc618371ebe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareCore 7.4.exe 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\wol.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 AM

Posted 30 April 2008 - 11:26 AM

How is your computer running now? Any more reports/signs of infection?

Although Viewpoint is not technically malware, it is considered to be foistware since it usually is not mentioned in the license agreement and is often installed without a user's knowledge or approval.

Viewpoint Media Player is a web browser plug-in that enables users to view 3D content and other media, such as Flash content and video on the Internet. Viewpoint MP serves as the graphics engine for AOL Instant Greeting, AIM Themes and other popular web applications. For AOL and AIM it is needed to use their 3D icons known as Super Buddies and for customized themes, etc. As such it is often bundled with AOL, AIM, versions of Netscape, certain Adobe products. Removing Viewpoint Media Player may cause the program that bundled it to not function as intended.

Viewpoint Manager is used by various products of Viewpoint Corporation and is responsible for managing and updating Viewpoint Media Player’s components. Viewpoint Manager will access the internet and check for updates periodically. If it detects an update, it will automatically download and install the change. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto-updating for the Viewpoint Manager" -- the player will no longer attempt to check for updates.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 DavidOz

DavidOz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 13 May 2008 - 08:42 AM

Hi Quietman7,

I just used the fix your listed here to get rid of a constant pop-up warning me that "Your system is infected with dangerous virus!"

And it looks to have worked a treat, so a big thankyou. I was using McAfee Security Centre and did a scan in DOS which dod not seem to pick it up, but the steps you gave have sorted it, so a big thank you.

I thought I would post my results from MBAM:

Malwarebytes' Anti-Malware 1.12
Database version: 744

Scan type: Quick Scan
Objects scanned: 92196
Time elapsed: 31 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AntispywareD (Rogue.SpywareDestructor) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Hayley\Local Settings\Temporary Internet Files\Content.IE5\R8DJX33Y\drv32[1].data (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 AM

Posted 13 May 2008 - 08:55 AM

Hello DavidOz

When you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Anyway, I'm glad to hear you were able to resolve the issue. Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup to remove all but the most recently created Restore Point.

If you have problems again please start a new topic in the Am I infected? What do I do? forum.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users