Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot Help! Fake Alert And Spyhunter


  • Please log in to reply
13 replies to this topic

#1 jongrohne

jongrohne

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 07 July 2008 - 11:02 AM

Hey all-
Thank you in advance for reading my question and with any help you may be able to provide.

I generally run a Sypbot scan a couple times a month and this last time, it found
Fake Alert and SpyHunter as two problems. I have updated my spybot with the latest downloads, but am unable to remove these two programs.
Does anyone know anything about either one, or how I need to go about removing them?

Once again, thanks for all your help.
Jon

BC AdBot (Login to Remove)

 


m

#2 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 07 July 2008 - 01:52 PM

Try in Safe Mode.

#3 jongrohne

jongrohne
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 07 July 2008 - 09:12 PM

hmmm...I know I am an idiot when it comes to computers, but the Spybot would not load in Safe Mode.
I even tried asking politely if it would "please run" but I got nothing.
Any ideas?
Thank you for you help.

#4 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 07 July 2008 - 09:20 PM

Hmmmmmm......... :thumbsup:

To remove Spy Hunter ( I think it'll work) go to add and remove programs, find Spy Hunter, then follow what it says.
For Fake Alert, download Malwarebytes Anti Malware.
Download

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:56 AM

Posted 07 July 2008 - 09:22 PM

also u can download SAS and update it and run in safe mode. LINK:http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE. this is a good program. also post ur log when ur done so bc team can look at it

Edited by fireman4it, 07 July 2008 - 09:37 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 07 July 2008 - 09:29 PM

go to malwarebytes.org and download the newest version.

You copyed what I said. Well, sort of.

Edited by Richard Fu, 07 July 2008 - 09:29 PM.


#7 jongrohne

jongrohne
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 09 July 2008 - 01:32 PM

Alright! So I am making progress here, was able to get rid of fake alert.
Here's the log report below.
I still am showing SpyHunter as being present whenever I run spybot. SAS does not show it when I run a scan......
SpyHunter does not seem present under programs to remove, so I still don't have a solution to get rid of it.
Any ideas?
Once again, thank you for you help.

Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 6.0.6000

5:12:35 PM 7/8/2008
mbam-log-7-8-2008 (17-12-35).txt

Scan type: Quick Scan
Objects scanned: 40472
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mp3avi.mp3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d4fd35a3-101c-4faa-a9ca-e8c9461c3cef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mp3avi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 09 July 2008 - 01:53 PM

Did you install SpyHunter or it just appeared anyway?

#9 jongrohne

jongrohne
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 10 July 2008 - 10:26 AM

I don't recall ever installing it.
I am pretty sure it was installed without any knowledge of doing so.

#10 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 10 July 2008 - 11:00 AM

Then go to search and then make sure that hidden folders files and the search in system files is checked. Then type SpyHunter. Then click search. Then post the name and the location of weather it found. Don't close the search window.

#11 Fran1404

Fran1404

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 10 July 2008 - 11:01 AM

If you read the post i added earlier you will see in the middle of my worried babbling that i also had spyhunter on mine aswell as antivirus 2009 im asuming the spyhunter came from when i was looking for a cure and found a site telling me to download this scanner to remove the antivirus 2009 which i did as i didnt know better and my other scanners werent picking it up.
I downloaded the scanner that was recomended on other post and it has removed all of the viruses (i hope)

#12 jongrohne

jongrohne
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 July 2008 - 05:35 PM

HA!!! We found that little ba%&!rd!!!!
I did the search and included hidden files. Apparently, it showed up under Enigma Software Group. When I open the folder however, there doesn't seem to be any files.
Under the Search Results in Everywhere, there are 7 items it found. One is a file folder, under the Enigma Software, and the other 6 are WinZip Files that say Recovery (C:\ProgramData\Spybot - Search & Destroy).
So now that I found him, now what? :thumbsup:

Edited by jongrohne, 16 July 2008 - 05:41 PM.


#13 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 16 July 2008 - 06:27 PM

Delete the folder.

#14 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:06:56 AM

Posted 16 July 2008 - 08:08 PM

HA!!! We found that little ba%&!rd!!!!
I did the search and included hidden files. Apparently, it showed up under Enigma Software Group. When I open the folder however, there doesn't seem to be any files.
Under the Search Results in Everywhere, there are 7 items it found. One is a file folder, under the Enigma Software, and the other 6 are WinZip Files that say Recovery (C:\ProgramData\Spybot - Search & Destroy).
So now that I found him, now what? :thumbsup:


Where is the Enigma Software Group folder located? Exact path? The zip files that say recovery are the items you had Spybot remove. You can clear those from within the program itself by going to the Recovery section of Spybot.

Could you also post the exact information of what Spybot finds? You can access the info in Tools - View Report. Just post the item it flags...
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users