Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Protect 2009 Alert!


  • Please log in to reply
6 replies to this topic

#1 2-Cups

2-Cups

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 03 March 2009 - 09:52 AM

First thing, let me explain that i'm having to post this using my daughters computer, because after this attack, I can no longer connect to BleepingComputer web site with my PC.

Sunday evening I turned on my computer and found there was a Windows "Alert" on the right lower corner (click on the balloon) and it was listed as "Spyware Protect 2009 Alert" (looked original for a second), and when I clicked the ballon it started scanning my system. I noticed it wasn't from AVG, and after a few seconds I cancelled it a quick as I could. However, the pop-up screen could not be removed from the middle of my screen, and after several attemps, I just decided to reboot the PC. It rebooted, but this time it had the error box stating:
"Windows has encountered a problem with this program (WMI) and has closed it" (or something close to that). I noticed my PC was running very slow, but I could pull up an internet speed checking site (through my DSL provider), and the speed was actually showing good. The Spyware Protect 2009 Alert "windows" were still loaded in the middle of my screen.

I decided to run a virus scan, and it did find 4 trojans, and moved them to the vault (i guess). I then rebooted into safe mode, and ran another scan which didn't really seem to be working correctly. So, I rebooted back to normal Windows XP, and the Spyware protect alert was still there, along with the "WMI" problem.

I have since re-scanned the PC several times, and the last 2 were clean of any viruses (none listed anyway), but still get the "Windows has encountered a problem with the program WMI and has closed it" box. The normal click here to send Microsft the info, and it takes about 3-4 times of clicking these send info boxes to finally clear the box, every time I start up my PC. The Spyware alert 2009 seems to be gone now, but the computer is still running very slow, and I can't pull up BC site, or Windows update, or alot of other pages. Some small pages will pull up. I can do a google search, but can't go to any of the links from the search page.

My email seems to be working if anyone can advise me on what is going on with my computer. I can do a HighJack this scan, but i'm not sure how to post the information on this computer from mine.

Also my MalwareBytes program stopped working after this attack happened as well. It won't even start up from the icon on the desktop, or from the start/programs/run



Any help for this puter idiot would be greatly appreciated :thumbsup:

Thank You,
2-Cups

Edited by KoanYorel, 03 March 2009 - 11:21 AM.
Email address removed to protect from spam bots and worse.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:09:38 AM

Posted 03 March 2009 - 11:22 AM

Moved from HJT forum to the more appropriate.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 03 March 2009 - 11:32 AM

Let's try to get an MBAM log and/or a SAS(SUPERAntiSpyware) log,(see below)
Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.
***
Open up command prompt, type in following commands:
XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".
Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.

regsvr32 mbamext.dll
regsvr32 ssubtmr6.dll
regsvr32 vbalsgrid6.ocx
regsvr32 zlib.dll


If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 2-Cups

2-Cups
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 03 March 2009 - 08:32 PM

I added the "exe" on the MBAM filename, and it loaded up for me. I ran a quick scan, and it found a few infections, but I then remebered that I hadn't "updated" the program. Sure enough, it was still trying to act up at restart, so after the updating, I ran another scan & it found several more infections.

This reboot seems to be working correctly so far *as i'm using my own computer now), but I am going to spend tomorrow going through all the programs just to be sure.

Thanks for the information, and if something turns bad on here, i'll check back in with the BC site.

This is one great site!!!


Laterz,
2-Cups

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 03 March 2009 - 09:40 PM

Ok, I hope none of them are regenerative or info stealer's. Did you also run the other "Super " scanner?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 2-Cups

2-Cups
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 04 March 2009 - 07:39 AM

I haven't downloaded the other spyware program yet (Superantispyware), as for the MBAM has always worked well (as long as it's updated), but I did go to the other site to look at the Super scanner program. The free version only listed a few of the tools that comes with that version, and I thought that MalwareBytes already had those covered. Also, when I did reach the download page, a pop-up was blocked by my browser, and i'm not sure why.

I might go back later and look through it again, and see if the free version would help.

Thanks again for your responses.
Have a great day, 2-Cups

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 04 March 2009 - 04:34 PM

I use the 2 or 3 tools commonly as no one tool get's them all.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users