Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Alert - Suspect a Virus


  • Please log in to reply
3 replies to this topic

#1 cad4567

cad4567

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 12 April 2010 - 01:24 PM

Hello,

I am encountering a problem with my machine, its a windows XP. I had received an email and opened the email but suspected something amiss as I didn't know who this person was, so I didn't open the attachment. Normally such mails goes in the spam folder. After opening that email, I am having this problem, a pop up next to the windows system bar comes up and it says " Windows Security Alert. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan of your computer. Your system might be at risk now" and then it opens up IE which is not my default browser and goes to a site called "http://avprocess.com/purchase?r=57.6" and after closing this browser, it also opens up an Antivirus Suite Demo called as "Antivirus Suite" and tries to perform a scan. I stopped the scan. Then again in the System bar it shows another pop-up which shows an "Infiltration Alert which says your computer is being attacked by an internet virus. It could be password-stealing attack, a torjan- dropper or similar. and then it gives details like the IP address 91.156.176.121", and then it asks, "do you want to block it YES or NO" .

I ran SuperAntispyware and it showed couple of infected files. I removed them using SuperAntispyware, but still the computer was behaving abnormally. I then ran Malwarebytes AntiMalware in normal mode and it also showed infections. I removed them using the same software. Again, the next day I had the same problem when I accessed the internet. This time I ran Malwarebytes AntiMalware in Safe mode and the following was found " Trojan.fraudpack" with the Register key "HKEY_loc..Mc.../software/avsoft" and "Trojan.dropper" with the file location as "C:\docs...\admin\local\temp\e.exe". The infected items were removed and then working in the normal mode I am having the same problem. I cannot access any files in the system and even notepad, it says notepad.exe is infected. I would appreciate if you could help.

Regards

EDIT: Moved to more appropriate forum from XP ~ Hamluis.

Edited by hamluis, 12 April 2010 - 01:46 PM.


BC AdBot (Login to Remove)

 


#2 ReeceK

ReeceK

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 13 April 2010 - 08:42 AM

Hey, i've just picked this up a second ago too

Java started up for no reason, then this happened...............so at least we know how we got it!!! Damn Java!!!

I'm totally blocked from running anything now. Can't even run MBAM off a usb key

#3 JimMcGowanInlet

JimMcGowanInlet

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 13 April 2010 - 08:55 AM

I'm a newbe to the site and no where near the experts that hover here but I have cleaned my share of computer virus.

With that in mind here is what i would do.

Sounds like one I have worked on before. Had very good luck running combofix in safemode with networking, followed by Malware bytes in safemode with networking. Make sure you only get combofix from bleepingcomputers web site. Then boot in normal and run the heck out of windows update till you get all criticals. And of course update your java.

#4 cad4567

cad4567
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 April 2010 - 02:26 PM

Hello,

I ran MBAM and SAS in Safe mode and also ran CCleaner in safe mode with networking and removed more than 6-7 Malware. I ran all the three utilities thrice to ascertain that I didn't have any residual viruses lurking behind. I then ran all of them again in normal mode to see if I don't get them back in normal mode. So far, I have no unwanted pleasantries to report, which makes me feel that there are no viruses running behind without my knowledge. I also downloaded TCPView as suggested in the tutorial (http://www.bleepingcomputer.com/tutorials/have-i-been-hacked/) a good way of identifying if there are any ports open without my knowledge and also the remote addresses who is trying to access my computer.
I replied to my own problem so that, if anyone has encountered, can probably do so as I have done, but the circumstances might also be different. So far, touch wood, I am cleared for three days. I will be running all three again in normal mode for a couple of days to ascertain there are no more of these security alerts.

Thanks for all who responded with their suggestions.

Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users