Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having troubles with the "fake" Microsoft Antivirus Spyware/Malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 jimGbarclay

jimGbarclay

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 07 April 2010 - 10:53 PM

Hi Everyone -

So I'm turning to the forums to see if I cant fix the issues I'm currently having with my machine. I'm running WIN XP Pro Version 2002 Srv Pack 3.

My Machine is an AMD Athlon 64 Processor 4000+
2.41 GHz, 3.00 GB of RAM

I've been getting hit lately with the "fake" Microsoft Antivirus crap, and while doing some searching on the internet for help on how to remove it has led me to this site. Well just tonight I spent my second night in about a week trying to clean it up. So obviously it's not "completely" gone and just lingering around to piss me off.

I have currently been running the rkill application and then the Malwarebytes' Anti-Malware scan both times this has happened. Seems to work for a little bit but then....well, here I am again.

What has happened after tonight's episode is now when I'm trying to run an application from my desktop I'm getting a "Run As" window that's asking me "Which user account do you want to use to run this program". Some of my icons have also disappeared.

Could someone please give me some guidance on what I need to be doing. Rather annoying, (as I'm sure you haven't heard that before)

Many Thanks in advance!
Cheers

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 07 April 2010 - 11:28 PM

Hello and welcome.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 09 April 2010 - 07:33 PM

I might have some issues getting any of this done. Fortunately, my laptop is unaffected and I'm able to use internet that way but right now my PC is in a total lock down. I'm running Malwarebytes scan again to see if I can clean a few things up just so i can download some of these files. Otherwise I'll be going to plan 'B'

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 09 April 2010 - 08:07 PM

You may want to try booting it off a Rescue disk....Avira AntiVir Rescue System
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 09 April 2010 - 09:24 PM

Are you going to get anything useful out of a DDS scan that is run in SAFEMODE? That is about the only way I've been able to get to the files needed online to put them on my machine.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 09 April 2010 - 09:31 PM

Yes we need something to start with.. We will work on the rest in the DDS forum,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 09 April 2010 - 10:06 PM

Boopme -

Thank you so far for your VERY Fast responses. I'll tell you what I have done so far. I have been working in SAFE MODE most of the evening. I was logged in as Admin and was working through the download of DDS and creating the files and all of a sudden my machine just shut down on me. I booted back up and I did a system restore to a point back at the end of March (the 28th I think), prior to this happening.

I'm currently able to access the internet through Firefox on the PC and I'm working on creating the DDS logs. I'm able to access my wireless network HD (which I couldn't before), but still not able to access the internet using Google Chrome.

When the DDS logs are complete I will be posting in the DDS Forums.

#8 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 11 April 2010 - 06:48 PM

Boopme -

I've created my post on the other forum: http://www.bleepingcomputer.com/forums/t/308983/what-started-with-microsoft-2010-antivirus-spam-is-now-more/

Awaiting next steps...

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 11 April 2010 - 07:42 PM

Hello. log looks good. You defiately need the MRT teams response to clean this.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users