Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think i have a virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 skippy3481

skippy3481

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 19 March 2009 - 11:59 PM

My computer on startup comes up with a black background. In the middle of that background is a box saying

Warning dangerous spyware
Many viruses were found on your computer such as trojan horse, passcapture etc.
your information can fall into third party hands

It also pops up an icon on my tray. Its a red X and flashes a message about every thirty seconds telling me i have an infection and i need to run a anti-virus program .

Clicking on the balloon brings up a webpage for antivirusxp pro which instructs me to buy the program to fix my computer

I have malwarebytes however it will not load.
I have spy bot, but it also will not load
I have no access to the web besides the purchase screen for the antivirus xp pro

Any help or advice would be greatly appreciated. Thank you in advance

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:05 PM

Posted 20 March 2009 - 06:21 AM

Try task manager

Start run taskmgr


Stop Antivirus XP Pro processes:

c:\Program Files\AntivirusXP\AntivirusXP.exe
%program_files%\AntivirusXPPro2009\uninstall.exe
%program_files%\AntivirusXPPro2009\AntivirusXPPro2009.exe
brastk.exe


Once these processes's are stopped you can run MBAM and kill the nasty.

If task manager is blocked with the newer infection you would have to use process explorer as a substitute

as show in this new guide for another infection

http://www.bleepingcomputer.com/forums/topic212436.html

The procedure will be the same, you are just looking for a different process to kill

If this works to get MBAM to run, please post that log and we can go from there to suggest some other scans.

Edited by DaChew, 20 March 2009 - 06:24 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 skippy3481

skippy3481
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 21 March 2009 - 11:48 AM

okay downloaded procexp from another computer and transferred it over. Killed everything in my explorer window i think the virus name is frmwrk32. tried to run malwarebytes with no success. Uninstalled and transferred a new copy over and changed the mbam.exe file to something else. it also did not work. Any other ideas? Thank you again for your help

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:05 PM

Posted 21 March 2009 - 12:24 PM

This looks like a newer variant of a nasty rootkit

I would suggest posting in the HJT forum

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you have any trouble running the requested scanner we might be able to help
Chewy

No. Try not. Do... or do not. There is no try.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:05 PM

Posted 21 March 2009 - 10:35 PM

Hello skippy3481,

Now that you have a log posted here: http://www.bleepingcomputer.com/forums/t/212822/antivirus-xp-pronewer-variant-of-a-nasty-rootkit/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users