Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN Anti-Spyware Pro??


  • Please log in to reply
7 replies to this topic

#1 pegastarzs

pegastarzs

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 05 December 2009 - 02:22 AM

well today i went to myspace... noticed i had 500++ msgs, most were notifications.. so i decided to delete them, as i was deleting... my computer was running very slow, my browser froze up and my McAfee Anti-virus popped saying they detected and blocked a virus... this virus was in the pop-up 4 or 5 times(same description Trojan Anti-Spyware Pro.Fake Alert) i noticed for a brief moment, it was in my Documents under TempFiles

Now when i got to Firefox, i decided to do a search... when i click on the link on my search topics, it re-directs me to a totally different site... even the "Anti-Spyware Pro" pops up.... i didn't click on anything, i ctrl, alt, delete and ended the session.... i ran my anti-virus(still currently running) as i'm running my anti-virus, i decided to do a search again... the search topics re-directs some but the "Anti-Spyware Pro" hasn't popped up.... is it hiding?

i use to have an awesome de-bugger and another software that i got from here but had gotten a virus(LOL go figure) i had to wipe everything and lost it... can't remember what they were, can't find the topic, it was back about 3-4 months ago....

ANY help would be greatly appreciated.. thanks for your time :-)

Edited by pegastarzs, 05 December 2009 - 02:41 AM.


BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:03:05 PM

Posted 05 December 2009 - 04:08 PM

Run Malwarebytes and then SUPERAntiSpyware.

Delete what those find and then I would update the antivirus software and run a full scan with it as well.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 pegastarzs

pegastarzs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 07 December 2009 - 05:33 AM

Run Malwarebytes and then SUPERAntiSpyware.

Delete what those find and then I would update the antivirus software and run a full scan with it as well.









hi! thanks for getting back to me :-) i was able to scan everything, in total-found 14 infected files yikes! MBAM found 10, i scanned again with the same program and it didn't find any... i scanned with SuperAntiSpyware and it found 3, scanned again.. didn't find any. then i scanned with McAfee and it found 1.... i scanned my computer with the anti-virus before this and it didn't find any... i was wondering, i'm sure if this isn't the right topic.. in your opinion, should i ditch McAfee? i hear avast is good? Also the last time i had this problem, i was given a link to a couple of other programs.. one i believe is call ATF Cleaner? deletes your Temp Files and the other, not sure(i had to run it in safe mode) not sure if i could use these in this case but i did like the Temp File remover. Thanks Again for your time and help!

#4 pegastarzs

pegastarzs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 07 December 2009 - 01:02 PM

i went to search something on firefox just now and it still re-directs me to different websites....

#5 pegastarzs

pegastarzs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 07 December 2009 - 01:19 PM

Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/7/2009 12:16:35 AM
mbam-log-2009-12-07 (00-16-35).txt

Scan type: Quick Scan
Objects scanned: 110015
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vovodrkr (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdfcvnqc (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vovodrkr (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdfcvnqc (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Zack\My Documents\downloads\Antivir-683_2002-8.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zack\My Documents\downloads\Antivir-ce41_2002-8.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristine\Local Settings\Temp\trt.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristine\list.txt (Malware.Trace) -> Quarantined and deleted successfully.






this is what SuperAntiSpyware Found.......

Quarantined:

Adware.Tracking Cookie
C:\Documents and Settings\Zack\Cookies\zack@ads.pointroll[1].txt
C:\Documents and Settings\Zack\Cookies\zack@atdmt[1].txt
C:\Documents and Settings\Zack\Cookies\zack@ads.pointroll[2].txt





this is what McAfee found.........

One or more items were detected on your computer.

Detection name: Artemis!2403E596A199 (Trojan), Artemis!2403E596A199 (Trojan)

C:\DOCUMENTS AND SETTINGS\KRISTINE\LOCAL SETTINGS\TEMP\575.EXE

these say Repaired and Removed





my search engines still re-direct me to other websites....

#6 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:03:05 PM

Posted 07 December 2009 - 06:36 PM

Yeah ATF is good for getting rid of temporary internet files and cookies. Have you updated and run MBAM and SAS again by any chance? What are you searching that keps redirecting you? What sites are you being redirected to? Have you tried a full browser reset yet?
DJ Digital Gem

I gave up on computers and now I just DJ!

#7 pegastarzs

pegastarzs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 10 December 2009 - 01:25 PM

Yeah ATF is good for getting rid of temporary internet files and cookies. Have you updated and run MBAM and SAS again by any chance? What are you searching that keps redirecting you? What sites are you being redirected to? Have you tried a full browser reset yet?



sorry it takes me awhile to respond, i'm a lil paranoid LOL

i go online today and noticed, a lil icon on the bottom right corner(looks like the same icon as my firewall) it says i'm infected with viruses click here, i didn't click on it(i know better) but as fast as lightning, a pop-up/page comes up.. downloading, i guess it was running a fake anti-virus... the icon was still in the corner, i didn't click on it.. i automatically ran MBAM... this is what came up...........


Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/10/2009 11:42:21 AM
mbam-log-2009-12-10 (11-42-21).txt

Scan type: Quick Scan
Objects scanned: 110193
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ludtweot (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kaijjavt (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpopayqx (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Zack\Local Settings\Application Data\xjbanw\ifpfsysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zack\Local Settings\Temp\575.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zack\Local Settings\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zack\Local Settings\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zack\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zack\Local Settings\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.






I ran Super Anti-Virus thereafter, this is what came up..........

Quarantine - 12-10-2009

Trojan.Dropper/Gen-C

C:\DOCUMENTS AND SETTINGS\ZACK\LOCAL SETTINGS\TEMP\H.EXE
C:\DOCUMENTS AND SETTINGS\ZACK\LOCAL SETTINGS\TEMP\I.EXE
C:\WINDOWS\Prefetch\H.EXE-067758A2.pf





As i was scanning with MBAM, my Anti-virus came up numerous of times saying it blocked and deleted Trojan(downloader) as if it never detected it from the start.......





I've tried to Update both MBAM and SuperAntiSpyware..... it won't let me, this is what comes up...............


MBAM:
An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team.
Error code: 732 (12029,0)

SUPERANTISPYWARE:
There was an error trying to retrieve definitions. Make sure your firewall is not blocking SUPERANTISPYWARE.EXE from accessing the Internet.








How do you do a full browser reset? anything i search for on any of my browsers... i have IE, Firefox and Chrome... it re-directs me to random sites, i could be searching cheese, and it'll take me to a shoppers inc. website... i also tried to search for some of the viruses i have, it'll re-direct me to a STOPzilla website
Anything, you could think of to search for, it won't take me to the right website, it'll even say "Redirecting" in the tab, you try to click back... you can't even do that....

thanks again for your time and help

#8 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:03:05 PM

Posted 10 December 2009 - 04:18 PM

It's possible the MBAM error is being casued by an update or a conflict with your antivirus software. I have gotten a similar error before after I updated it.

Try going in to safemode with networking and running the MBAM and SAS scans from there.
DJ Digital Gem

I gave up on computers and now I just DJ!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users