Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Alert, Ultimate windows security alert malware Help needed


  • Please log in to reply
4 replies to this topic

#1 champ123

champ123

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 16 February 2010 - 02:27 PM

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, after combofix completed i ran Malwarebytes "quick scan" and it found 4 more infected registry entries which i told it to remove. I am now running the full scan on both the internal and external hard drive.

All of this has been done without being connected to the internet, i will wait for your response before i reconnect the internet to this machine.

Edited by Orange Blossom, 16 February 2010 - 07:59 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 champ123

champ123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 16 February 2010 - 08:10 PM

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."

So are you saying there is no one here willing to help me?

Edited by champ123, 16 February 2010 - 08:10 PM.


#3 champ123

champ123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 18 February 2010 - 02:04 PM

Thanks for nothing! Computer working fine! Seems ok to use on my own to me!!!!

#4 champ123

champ123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 18 February 2010 - 02:06 PM

Used Combofix and then Malwarebytes several times which found total of 6 infections using both quick and full scan total of 4 times updating the definitions each time. Easy enough.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 PM

Posted 18 February 2010 - 05:29 PM

Sorry for the delayed response but we are all volunteers and sometimes a topic thread will get overlooked.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

:thumbsup: ComboFix logs, where should I post them?


With that said, and the fact that your machine appears to be running ok now, I recommend doing this.

Please perform a scan with SUPERAntiSpyware Online Safe Scan. Be sure to follow the instructions provided on that same page

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.[/i]
  • Vista users: need to right-click either the IE or FF Start Menu or Quick Launch Bar icons and select Run As Administrator) from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Edited by quietman7, 18 February 2010 - 05:30 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users