Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Message! Click Here For Details


  • Please log in to reply
7 replies to this topic

#1 Adas

Adas

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 30 July 2008 - 08:41 AM

Hello there!

I'm very new at using ComboFix so I had no idea about some of the things I should have done with ComboFix.

I have had from time to time a system tray message that kept appearing >> "System message! click here for details" <<

I clicked that thing, and an Internet Explorer opened up with PCPrivacyCleaner dot com, I'm not sure of it's exact name, and advised me to install their software to get rid of infection that I have, but knowing the shallow nature of these type of advertisments that I have dealt with in the past, I opened up Task Manager and closed all of their active advert IExplore windows.

Trying to get rid of the nuissance "System message! click here for details" I stumbled upon ComboFix, used it without a review of it's nature, and I got rid of that pop up message "System message! click here for details". I must say that ComboFix worked wonders when dealing with this problem and others that I may have had.

The problem I have is that I would like to re-enable my autorun functions, it that's ok, and I would like for someone to help me proceed with the enabling of some if not all the autorun functions.

Thank you

Later edit, my system specs:
Microsoft Windows XP Professional Version 2002 Service pack 2, IntelŪ PentiumŪ 4 CPU 2.00GHz, 512 MB of RAM DDRAM.
Defensives: Zone Alarm Security in conjuncture with ESET Nod32.

Edited by Adas, 30 July 2008 - 10:00 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:40 AM

Posted 30 July 2008 - 09:07 AM

I'm very new at using ComboFix so I had no idea about some of the things I should have done with ComboFix...used it without a review of it's nature

Using tools you have no knowledge about is very dangerous.

Please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Adas

Adas
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 30 July 2008 - 10:06 AM

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2

18:05:53 30.07.2008
mbam-log-7-30-2008 (18-05-53).txt

Scan type: Quick Scan
Objects scanned: 36421
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This is the log.

No restarts were required, nothing else was wrong afterwards.
Is there a way to re-enable my autorun functions for drives, would that be ok?

Edited by Adas, 30 July 2008 - 10:10 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:40 AM

Posted 30 July 2008 - 11:06 AM

If the issue with autoruns is the only thing remaining please note that keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that use that feature to infect your computer. Read Danger USB! Worm targets removable memory sticks.

These types of infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a removable drive becomes infected, the Trojan will infect a system when the media is inserted if autorun has not been disabled. I recommend keeping the Autorun disabled as a method of prevention. This will help keep the malicious file(s) that use this feature from automatically running and infecting your system.

If you are insistent on enabling Autorun please contact me via PM.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Adas

Adas
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 30 July 2008 - 11:21 AM

Alright, you have a valid argument for not enabling Autorun function on drives.

Thank you for the assistance.

Edited by Adas, 30 July 2008 - 03:36 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:40 AM

Posted 30 July 2008 - 12:13 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 pulcynella

pulcynella

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 13 December 2008 - 06:34 AM

Hi QUIENTAM,
i've the same problem: POPUP "System Message! Warning Click Here For Details"which is a call to"VIRUSREMOVER2008" or "ANTISPYWARE EXPERT" two fake antispyware.
I send you the log of MALWAREBYTES could you please help me? At reboot no action is taken,and the 4 registry keys can't be deleted..Is this the problem??
The XoftSpySE software find FREESCRATCHCARDS troyan,too.

Thanks in advance
Enrico

Malwarebytes' Anti-Malware 1.31
Versione del database: 1492
Windows 5.1.2600 Service Pack 1

13/12/2008 12.31.45
mbam-log-2008-12-13 (12-31-45).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 52760
Tempo trascorso: 8 minute(s), 18 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 4
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:40 AM

Posted 13 December 2008 - 09:42 AM

Welcome to BC pulcynella

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users