Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Popups - You Have A Secrurity Problem!


  • Please log in to reply
1 reply to this topic

#1 ddjmagic

ddjmagic

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 01 April 2009 - 12:45 PM

Hey

Having a problem with random pop up windows, they popup in the middle of the screen with various messages like-


Internet Explorer

Warning!!! Your computer contain various signs of viruses and malware programs presence.

Your System requires immediate anti virus check! SpywareRemover2009 will perform a quick and free scanning of your PC for virues and malicious programs.

or

Alert!!

You have a security problem! Do you want to scan your computer for virues?

when i close the opoup it directs to various websites a few i remember are

promotion-offer.com
my computer online scan
ffhdghdgh.com

I scanned with Malwarebtyes it found a few malware/trojans and removed them.
Still getting the popups
Then SCanned with superantispyware again it found a few, it deleted them but the popups still persist

here are the logs for malwarebytes and superantispyware -

Malwarebytes' Anti-Malware 1.35
Database version: 1927
Windows 5.1.2600 Service Pack 3

3/31/2009 8:57:35 PM
mbam-log-2009-03-31 (20-57-31).txt

Scan type: Quick Scan
Objects scanned: 81412
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Trojan.Fraudtool) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dan Lowey\Local Settings\Temp\5249.exe (Trojan.FakeAlert) -> No action taken.





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2009 at 12:51 PM

Application Version : 4.26.1000

Core Rules Database Version : 3822
Trace Rules Database Version: 1778

Scan type : Quick Scan
Total Scan Time : 00:11:05

Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 520
Registry threats detected : 0
File items scanned : 6450
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\dan lowey\Cookies\dan_lowey@msnportal.112.2o7[1].txt
C:\Documents and Settings\dan lowey\Cookies\dan_lowey@atdmt[1].txt
C:\Documents and Settings\dan lowey\Cookies\dan_lowey@doubleclick[1].txt
C:\Documents and Settings\dan lowey\Cookies\dan_lowey@redirectclicks[2].txt
.revenue.net [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.hitbox.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.doubleclick.net [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.atdmt.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.mediaplex.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
winantivirus.com [ C:\dan lowey\Application Data\Mozilla\Firefox\Profiles\qwak1qp4.default\cookies.txt ]
.atwola.com [ C:\dan lowey\Application Data\Mozilla\Profiles\default\jpsv5k9z.slt\cookies.txt ]
.toplist.cz [ C:\dan lowey\Application Data\Mozilla\Profiles\default\jpsv5k9z.slt\cookies.txt ]
winantivirus.com [ C:\dan lowey\Application Data\Mozilla\Profiles\default\jpsv5k9z.slt\cookies.txt ]

Adware.Media-Codec/ZLob
C:\Program Files\Applications

Adware.Rogue-Installer
C:\DOCUMENTS AND SETTINGS\DAN lOWEY\FAVORITES\LINKS\SONY\VAIO TOOLS\HQTUBE - WORLD OF STREAMING PORN!.URL

Trojan.MalwareWipe
C:\NEW FOLDER\MW_SETUP.EXE



Any help is appreciated

thanks!

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 01 April 2009 - 02:48 PM

Do a re-scan with MBAM but do a Full scan this time. Post the log when you are ready.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users