Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus removal - sudden pop-up


  • Please log in to reply
8 replies to this topic

#1 thestudent09

thestudent09

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 19 February 2010 - 08:54 PM

I think I have a virus. Even though I have virusScan, i randomly get this supposed virus removal. Without my permission it starts to scan (it's logo is a green shield with a check mark). When I try to stop it, other pop-ups start all to pop-up and the virus removal seems to be scanning my laptop

Edited by Orange Blossom, 19 February 2010 - 11:13 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 20 February 2010 - 05:28 PM

Hello :thumbsup:

Start here:
Follow instructions by quietman7 for use of Rkill and Malwarebytes':
For those having trouble running Malwarebytes Anti-Malware
See post by quietman7 (Global Moderator).

http://www.bleepingcomputer.com/forums/t/267354/for-those-having-trouble-running-malwarebytes-anti-malware/


How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial

Please report back with the results of the Malwarebytes' scan.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 thestudent09

thestudent09
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 21 February 2010 - 08:50 PM

I seem to have a new problem, my computer freezes :thumbsup:. I had to run malwarebytes in safe more. Below is the logfile:


Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/21/2010 8:36:54 PM
mbam-log-2010-02-21 (20-36-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 272676
Time elapsed: 2 hour(s), 31 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Ayo\Local Settings\Application Data\vciurx\xnmnsftav.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP42\A0027634.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 21 February 2010 - 11:28 PM

Get the free programs ATF Cleaner and SUPERAntiSpyware: (Save both to your Desktop.)
ATF Cleaner
http://www.atribune.org/index.php?option=c...5&Itemid=25

SUPERAnti-Spyware:
http://www.superantispyware.com/
-----------------------------------------------------------------------------------------------------------------------
  • Reboot into Safe Mode.
  • Run ATF Cleaner.
  • Scan with SUPERAntiSpyware (Do a COMPLETE scan).
Make sure all items (infections) that are found have a checkmark, then quarantine all infections found.

-----------------------------------------------------------------------------------------------------------------------
INSTRUCTIONS FOR ATF CLEANER:
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Notes for Windows Vista users:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
-----------------------------------------------------------------------------------------------------------------------
The Malwarebytes' log shows you had an infected restore point.
You will want to turn System Restore OFF
(which will delete your restore points, to ensure there are no infected restore points).
To turn OFF System Restore, go to Control Panel, System, System Restore tab, put a checkmark in "Turn Off System Restore" and hit Apply.

(After you get all of this fixed, you will probably want to turn System Restore back on.
To turn System Restore back on, go to Control Panel, System, System Restore tab, click to take the checkmark out of "Turn Off System Restore" and hit Apply. Then hit OK to close. )
-----------------------------------------------------------------------------------------------------------------------

When you report back, please post (copy/paste) the contents of the SUPERAntiSpyware scan results and whether you are still experiencing symptoms or not.

If we don't change the direction we are going,
We are likely to end up where we are headed.

#5 thestudent09

thestudent09
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 22 February 2010 - 06:36 AM

I ran ATF cleaner and Superantispyware in safe mode. Superantispyware said no threats found. I was able to start in normal mode but after being online for like 20 mins (I use firefox), my laptop froze again. The way the freeze work is I can still move the mouse around but can't click on anything or open anything. I can't even open task manager.
My laptop is ~4yrs, is it just that it's old and I need a new laptop?

#6 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 23 February 2010 - 12:58 AM

At this stage of the game, it isn't readily apparent what is causing you to freeze up.

Did you turn off System Restore (deleting all restore points) ?

Let's see what we can do with the "Cat in the Hat" Calculatus Eliminatus method (ruling things out).

Get the free program Autoruns:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
Our goal here is to find out what all is set to run on boot, and see if we can get it down to bare minimum, meaning only what is absolutely necessary.
Here's a description of Autoruns (copied/pasted from the technet.microsoft.com website):
"shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
To disable an auto-start entry uncheck its check box."

Do not disable your antivirus program. If you have a firewall program, do not disable that either. Anything else, temporarily disable using Autoruns. See if that helps your freezing up problem.

Just curious, have you looked to see how much of your hard drive is "used" and how much is "available" ?
My Computer, C drive, Right Click, Properties, will show a pie chart that tells Total Capacity of your hard drive, how much used, and how much available. If you don't mind, please let me know this information. I don't know how much of a packrat you are, or how many programs you have installed, but on a 4yr old computer, things do tend to accumulate. I doubt seriously this is the cause of your freezing up, but it's probable that your computer isn't as fast now, as when it was "new".

Also, have you looked to see if you have any hardware conflicts in Device Mngr. ? A hardware conflict is marked with a yellow circle with a black exclamation mark in it. Start Button, Control Panel, System, Hardware tab, Device Manager button. If there are any hardware conflicts, that category will automatically appear "popped open" and you'll see the tell-tale yellow circle with a black exclamation mark". If you have any hardware conflicts, please advise on what device(s). I doubt this is the cause of the freezing up, but it doesn't hurt to check.

More than likely, the cause of your freezing up has to do with something (or several somethings) running, that are using up alot of resources, which is why we're going to try getting you to bare minimum on what you allow to run on boot.
Since you froze up once you got back to "normal mode", that tells me that whatever is causing the freezing wasn't running in "Safe Mode". It's going to be a matter of figuring out what that is.

Are you using the latest version of Firefox? Do you experience freeze up when you use IE (Internet Explorer) also ?
If we don't change the direction we are going,
We are likely to end up where we are headed.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 23 February 2010 - 01:10 AM

Personally this doesn't appear to be a malware issue but perhaps a Hardware or software issue.

EDIT;; Sorry before I move it Do you still have the pop up or security warning?
Are you getting a message when you try to open Task Manager?
I may be moving this to the XP forum at the top.

Edited by boopme, 23 February 2010 - 01:15 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 thestudent09

thestudent09
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 23 February 2010 - 02:45 AM

Yes, i disabled system restore and used atkcleaner and superantispyware in safe mode, then I returned to normal mode and enabled system restore.

Total capacity of 108GB, used space of 24.5GB and free space of 84.1GB.

Nothing was marked in device manager.

I only use firefox, and i did update to the latest version a while back. it does tend to freeze up after being online for a couple of minutes.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 23 February 2010 - 11:51 AM

Ok I was hoping you did NOT do the restore point. I don't care for that instruction till last. Now we can't go back.
I looked this over and it looks like you do have this infection and need to fix it and Task manger thru this guide.

Remove Windows Antivirus Pro (Uninstall Guide)

Please post back the Malwarebytes log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

May as well run 2 more as we have you here and will have all the logs in one section.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now one more:

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Post back the MBAM,SAS and RootRepeal logs... Tell me how it's running.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users