Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Plus


  • Please log in to reply
7 replies to this topic

#1 G3OPS

G3OPS

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 November 2009 - 11:51 AM

I'm running Win XP Professional. a Fairly recent installation. I mistakenly clicked a link after searching for something on Yahoo and got the fake virus warning. I immediately Alt+F4'd but it was too late.

I have Symantec EndPoint. I ram endpoint, it claimed it removed this infection but it is obviously still there. I am also getting pop up ad's as a result of this infection. I downloaded and tried to install MAlwarebytes.. But after it installs, windows searches but cannot find the .exe to launch the program. I go to the malwarebytes folder and the .exe file is missing. I tried to reinstall it 3 times with the same results...

I will post a Hijackthis log when instructed..

I need your help, I cannot use this machine on my business network and risk compromising the entire network...

BC AdBot (Login to Remove)

 


#2 G3OPS

G3OPS
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 November 2009 - 11:53 AM

Additionally - system restore has been disabled by this Virus.. I get a message that it was turned off by Group Policies to contact the Administrator.. this is obviously something the Virus has changed as I did not disable system restore..

#3 G3OPS

G3OPS
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 November 2009 - 12:59 PM

Symantec End Point found and removed the following after reboot..

Trojan.FakeAV
Trojan.Vundo
SafeStrip

The pop up's stop. I no longer get the fake virus alerts and warnings...

I rescanned with Endpoint and it found nothing...

I am still worried I may still be infected....

Help me verify for certain...

Thanks...

#4 G3OPS

G3OPS
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 November 2009 - 01:17 PM

Update

Looks like I am still infected with some kind of Google search redirect.. when I search using google, when I click on one of the links I get a message in the browser window (Internet Explorer) Insecure Internet Activity. Threat of Virus Attack..

the URL that it directs me to when I click on any link in the search results is:

http://inetgateway1.com/warning/?id=70367&...gp5bkmj3c9ds6m1

What the hell is this? and how do I get rid of it???

#5 G3OPS

G3OPS
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 November 2009 - 01:24 PM

Same thing happens when I search using Yahoo... I get the same message in my browser window...

It also happens when I use Google Chrome not just IE.. I assume the same would happen using firefox..

I did notice some program I never installed called "BrowserPlus" among my list of installed programs

Edited by G3OPS, 10 November 2009 - 01:27 PM.


#6 bluu423

bluu423

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 November 2009 - 04:39 PM

Any updates on how to get rid of this???
Im experienceing the same EXACT problem and I dont know how to get rid of it. I cant log into my gmail account or search for anything and I get a fake antivirus scan.

Thanks!



Same thing happens when I search using Yahoo... I get the same message in my browser window...

It also happens when I use Google Chrome not just IE.. I assume the same would happen using firefox..

I did notice some program I never installed called "BrowserPlus" among my list of installed programs



#7 G3OPS

G3OPS
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 13 November 2009 - 08:30 AM

I haven't figured it out yet.. I guess I am not going to get help from this forum.

#8 G3OPS

G3OPS
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 09 December 2009 - 07:52 PM

I haven't figured it out yet.. I guess I am not going to get help from this forum.


This problem has been resolved..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users