Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning! Security report nightmare


  • Please log in to reply
4 replies to this topic

#1 indigo2aqua

indigo2aqua

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 07 January 2009 - 01:16 AM

I am paying for all of those years of not keeping up.
I have been wrestling for two days now with extremely irritating malware that is blocking my attempts to download any defense. It has blocked Spybot, Adaware, etc from downloading by covering critical message boxes with bogus error messages. It has also disabled Task Manager. I have made some crude attempts to go in and find the file culprits and delete them but no luck and I don't really know what I'm doing anyway. I know this problem is way beyond my expertise and I have a feeling it won't be easy to get rid of.

-In addition to the above, a text bubble with the grammatically correct "Warning! Security report Your computer is infected! It is recommended to start spyware cleaner tool."
-I've also been gravely advised to have my computer scanned by "special program" to prevent my personal information from falling into "the third hands".
-Random porn thumbnails have popped on my desktop.
-"My Documents" pops up repeatedly. I closed my laptop, came back a few hours later to find that window neatly tiled over 90 times.

I've seen descriptions of similar malware in several other places, but I have not seen anyone else have the problem with the dratted thing blocking downloads.

Short of wishing a slow painful death on the parties responsible for creating this lovely monster, buying a new computer and keeping my security software up to date from now on, what can I do to get rid of this #@$%?

BTW my OS is Windows XP.

Edited by indigo2aqua, 07 January 2009 - 01:40 AM.


BC AdBot (Login to Remove)

 


#2 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:04:25 AM

Posted 07 January 2009 - 08:36 AM

Please download MalwareBytes Anti-Malware to your desktop.


1.Ensure that your computer is connected to the internet and your software firewall is disabled until instructed to re-enable it.
2.Double click on the mbam-setup.exe to begin the installation process.
3.When the installation begins, please do not change any of the settings and follow the prompts.
4.Please make sure that when you finish the installation, these options remain checked;
5. *Update MalwareBytes' Anti-Malware
6. *Launch MalwareBytes' Anti-Malware
7.You may now click finish...
8.When MBAM launches, you will be prompted to update before running a scan. If an update is found, MBAM will automatically download and apply the updates and you can then click 'OK' button to close the box and continue. You may now re-enable your firewall
9.Please ensure that while you are on the scanner tab the 'Perform Quick Scan' option is selected, then click the 'Scan' button.
10.If you are asked which drives to scan, please leave all of them ticked, and click 'Start Scan'.
11.The scan will now begin and you will see “Scan in progress” at the top; It may take a while to complete so please be patient.
12.When the scan completes, you will see “The scan completed successfully. Click 'Show Results' to display all objects found”
13.Click the 'OK' button to close the box and continue with the removal process.
14.Back on the main scanner screen, click 'Show Results' to see a list of any found Malware.
15.Ensure that all items are checked and then click the 'Remove Selected' button.
16.When the removal process is complete, a log will open in notepad; this log will be automatically saved and you can view it in the logs section of the program.
17.Copy and paste the contents of the log file that is open into your next reply and exit MBAM.


Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the Malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Please PM me if i have been assisting you and do not reply for 24 hours!

#3 indigo2aqua

indigo2aqua
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 08 January 2009 - 01:15 PM

I can't download the progam...this is the error message I'm getting:

"Exception EInvalidOp in module mbam-setup[1].tmp at 778500D5.
Invalid floating point operation"

The window duplicates itself several times when I click on it.

I've been getting similar messages with every antimalware/spyware/virus program I've tried to download.

#4 monkier

monkier

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 17 January 2009 - 11:06 PM

I am having the same problem. Anyone have any ideas?

#5 Makakilo MooN

Makakilo MooN

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 20 January 2009 - 01:31 PM

The same thing happened to me and it appears I have fixed it.

I did so by finding an antivirus program called Avast! and restarting. It began working immediately so the virus couldn't pop the error message up. You can find it on google.

After that, I could run the Malwarebytes thing and it cleaned everything out. Anyway, for the smart people, here is the malwarebytes log. Hopefully it can clue someone in to what the virus was.


Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

1/20/2009 8:03:42 AM
mbam-log-2009-01-20 (08-03-42).txt

Scan type: Quick Scan
Objects scanned: 56436
Time elapsed: 14 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 11
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users