Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rogue Antispyware Spyware Protect. [Moved]

  • Please log in to reply
2 replies to this topic

#1 eddy7


  • Members
  • 1 posts
  • Gender:Male
  • Location:Australia
  • Local time:04:10 PM

Posted 22 June 2009 - 12:41 AM

I was surfing the net when small square popped up..........Warning you have virus infection, do you want to scan?

I have AVG8 and Malaware, so I thought they should take care of this! But that was not the case.

The screen popped up,and got more frequent. I spent all yesterday trying to locate the problem. To no avail.

After several hours I had to give in. Why? Simple! It started to change my URLs! Then I checked the security, and it appeared I had none! I got Smitfraud down eventually after many tries. This would not work either, Malaware was neutralised and of no value, I tried to get Spybot down, no good! The rogue was really getting at me.

I read your pages for a short while, then it cut me off and put a Chinese screen up. This then was the pattern that took place. Every page I tried I got the URL change and the Chinese screen.

I spoke to someone who is familiar with computers, and they said it looks as if you will have to give in, the Mafia are knocking on your door.

I did then submit, and had the scan and then paid them US$49-95 to leave me in peace. The computer worked OK then. Malaware has been neutralised and AVG8 appears to be doing the Firewall and antivirus etc I paid them for.

What I am concerned about now: To what extent has that rogue compromised my computer? Can I get to taking it off, but if I do, will I be left with a messy computer, will it still be in the Registry?

They oddly offer a 30 day trial.

How could I have stopped them in the first place? It was a nightmare.

Any kind person got any ideas that I could use?

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,012 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:10 AM

Posted 22 June 2009 - 03:37 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

.Warning you have virus infection, do you want to scan?

To what extent has that rogue compromised my computer? Can I get to taking it off, but if I do, will I be left with a messy computer, will it still be in the Registry?

They oddly offer a 30 day trial.

What is the name of this rogue?

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,780 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 AM

Posted 22 June 2009 - 09:35 AM

Sounds like you downloaded a rogue security program which infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware and is often seen with a Vundo infection. Vundo is a Trojan that infects a system with malicious Browser Helper Objects and .dll (Dynamic Link Library) modules attached to system files like Winlogon and Explorer.exe. The infection is responsible for launching unwanted pop ups, advertising for rogue antispyware programs, and downloading more malicious files which hampers system performance. Newer variants of Vundo typically use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a malicious security application to fix it. The messages can mimic system messages so they appear as if they are generated by the Windows Operating System. The problem with these types of infections is that they can download other malicious files so the extent of the infection can vary to include backdoor Trojans and rootkit components which make it more difficult to remove.

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
  • Double-click on mysetup.exe to start the installation.
  • If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the report in your next reply.

Note: MBAM uses Inno Setup instead of the Windows Installer Service to install the program. If installation fails in normal mode, try installing in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users