Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Ieav.exe Trojan. How Do I Remove It?


  • Please log in to reply
5 replies to this topic

#1 Devil_Angel

Devil_Angel

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 09 June 2008 - 12:47 PM

Hi,

I believe I'm infected with some virus that intends to trick me into downloading a antivirus software.


I keep seeing this alert screen and its getting on my nerves:

System Error!
Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!

Click OK to download the antispyware. (Recommended)


Upon clicking "OK", ieav.exe starts downloading, but I seriously dared not open the file. And when I do a search in the IE browser, along with valid search results, I get the some "extra" search results:

Your computer was infected by dangerous virus! Some results was changed by porn advertising, your passwords and other private info no more in safe! You must to clean your system immediately to prevent it. Download the newest anti-virus software!

YouTube - Porn - Watch Now


What do I do now? I'm kinda worried :thumbsup: The anit-virus that I am using is Avast! Version 4.8 Home Edition and I'm currently doing a thorough scan which might take forever.

Below is some specs about my lappy which might be useful to anyone who can help:

System OS Windows XP Pro SP2
System Make Apple Computer, Inc.
System Model MacBook1.1
Processor Description Intel Core Duo
Drive Format © NTFS

Thank you for your help! :flowers:

BC AdBot (Login to Remove)

 


#2 cornzey

cornzey

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 09 June 2008 - 01:43 PM

Download Malwarebytes Anti-Malware:

http://www.malwarebytes.org/mbam.php

Install and make sure the software and defintions are up-to-date (there should be an option during the installation).

Then run a scan and post the log produced at the end of the scan.

This will make it easier to identify the main problem

Hope this helps,
Cornzey.

Posted Image

If I'm giving you help and I don't reply within 24 hours PM me with the topic link.



Avast Anti-Virus - Zone Alarm Firewall
Stay Protected.


#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:09 AM

Posted 09 June 2008 - 09:46 PM

http://www.bleepingcomputer.com/malware-removal/ie-antivirus

Looks like MBAM will take care of it
Chewy

No. Try not. Do... or do not. There is no try.

#4 Devil_Angel

Devil_Angel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 10 June 2008 - 12:45 AM

Ok.... I've installed the software and scan as instructed. Seems like its found a number of virus, do i delete them? There's some in the quarantined list, do I delete them? Or has it been deleted??

I tried doing a search and the fake messages is not there anymore. Does that mean it's been completely removed??


Malwarebytes' Anti-Malware 1.16
Database version: 845

1:38:35 PM 6/10/2008
mbam-log-6-10-2008 (13-38-35).txt

Scan type: Quick Scan
Objects scanned: 38535
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\pusect8x.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{50ab4474-f8b5-4f66-bac5-4251e765b827} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{50ab4474-f8b5-4f66-bac5-4251e765b827} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50ab4474-f8b5-4f66-bac5-4251e765b827} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6549e485-c533-4e58-ba92-9fbcd2f6e839} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\pusect8x.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Acelin Chong\Local Settings\Temp\A46-tmpaPASI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#5 cornzey

cornzey

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 10 June 2008 - 01:43 AM

Delete everything virus or Trojan related.

Also, to check that the problem is gone re-boot the system and perform another scan. This is to check that the Trojan has not rooted itself to Windows startup processes.

Hope This Helps.

Posted Image

If I'm giving you help and I don't reply within 24 hours PM me with the topic link.



Avast Anti-Virus - Zone Alarm Firewall
Stay Protected.


#6 Devil_Angel

Devil_Angel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 14 June 2008 - 11:50 AM

Great! Thanks for all your help guys! I think it works fine now! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users