Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispyware Soft scanner fake?


  • This topic is locked This topic is locked
12 replies to this topic

#1 grg.clny

grg.clny

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 05 May 2010 - 04:57 PM

I have windows XP Service Pack 3. I had the Antispyware Soft virus scanner pop-up and start scanning. It looked like a fake so I tried to shut it down by clicking on the "X" Then I got pop-up message "cannot be executed. The file hprblog.exe is infected.." I had to pull the plug to shutdown. I rebooted in safe mode. I scanned with Superantispyware and found a threat that had soft in the title. I removed that threat and then scanned with Malwarebytes. It found several threats and I removed those.

After restarting in normal mode I have these problems: iTunes will not connect to the internet to update podcasts or use the iTunes store. Internet Explorer will not connect to the Internet for Microsoft updates or even my google home page. When I try to update Superantispyware I get the message "cannot connect. make sure firewall is not blocking SAS EXE." I have Zone Alarm for a firewall, but not sure what settings I should use.

I can connect to the Internet using Firefox and I have been able to update Malwarebytes and Spybot S&D. I would appreciate any help I can get on what I need to do next. Thank you.

BC AdBot (Login to Remove)

 


#2 marktreg

marktreg

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 May 2010 - 05:39 PM

Please try this and see if it helps.

First I would update Malwarebytes to the latest database and run a Quick Scan in normal mode to make sure there are no signs of infection detected.

Then open Internet Explorer, click on File and make sure the there is not a tick next to Work Offline.

If that does not work, please try this:

Verify Your Internet Connection Settings:
  • Open Internet Explorer
  • Click on Tools at the top and select Internet Options
  • Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
  • Click on the Connections tab
  • Click on the LAN settings button
  • Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
  • Under Proxy server make sure that the box next to Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections). is not checked and if it is, click the box next to it to uncheck it
  • Click on the OK button to close the Local Area Network (LAN) Settings window
  • Click on the OK button to close the Internet Options window
  • Try browsing the internet with Internet Explorer
Please let me know how you get on and if you need further assistance.

Edited by marktreg, 05 May 2010 - 05:59 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 AM

Posted 05 May 2010 - 11:32 PM

Hello it would be very helpful to see what was found by Malwarebytes and SAS,

Let us know if noknojon's advice worked on the update.
@ marktreg.. It's really not fair to copy someone else's advice ,verbatim and not give them any credit.
http://forums.malwarebytes.org/lofiversion....br/t40319.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 marktreg

marktreg

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 06 May 2010 - 04:14 AM

Hi boopme,

That 'Verify Your Internet Connection Settings' piece is part of a standard canned speech written by exile360, who is an employee of the Malwarebytes Corporation. (Samuel E Lindsey, Malwarebytes Quality Assurance)

ALL the helpers in the Malwarebytes forums use that canned speech ALL THE TIME. noknojon and I are good friends over at the Malwarebytes forum, and we share research and canned speeches regularly in order to give better help to people with malware/MBAM problems. So, basically, I did not steal noknojon's advice and then take the credit for it, as you seem to be implying. All of exile360's, noknojon's and my own canned speeches are free for anyone to use in the Malwarebytes forum if they can help to solve a problem.

I have sent noknojon a PM and I'm pretty sure he will soon post here and verify what I have just said.

Edited by marktreg, 06 May 2010 - 04:52 AM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 PM

Posted 06 May 2010 - 06:56 AM

Hi boopme -

The above canned (used by marktreg) is the same one I use at MBAM - There are several minor changes at times , depending on the current version of MBAM being used at the time - That is an earlier one and I have slightly modified mine to suit situations as they arise - This part is very relevent to the XP Series -
It was based on a version from exile360 (MBAM Quality Assurance) and was used a lot prior to Version 1.45 (current is now V 1.46) - There were problems setting
I.E. to recieve updates and this is part of the full script used - If the error was related to a 732 Error Message then the full script was posted - If the error was only partly related to connection/updates then this part of the script would first be used, followed by the full script if the first part would not work - After almost 2 years on MBAM forum and over 2000 posts I have helped develop several scripts (with marktreg and others) to solve the more common problems -
Un/ReInstall problems as well as I.E. Connection were bad in some early editions and I will PM these to you when I finish this -

Thank You - :thumbsup:

Edited by noknojon, 06 May 2010 - 07:57 AM.


#6 grg.clny

grg.clny
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 06 May 2010 - 08:47 AM

I updated Malwarebytes and ran a Quick scan. It came up clean. I changed the settings to IE and everything seems to work. I connected to the Internet without any trouble. I have printed out these settings and put them in my troubleshooting file.
Thank you. I have changed my ZoneAlarm firewall settings form medium to high.

#7 marktreg

marktreg

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 06 May 2010 - 09:25 AM

Excellent news, grg.clny. I'm glad the 'canned fix' worked for you. :thumbsup:

If you get any further symptoms of malware, please post again and we will provide additional help.

After being infected by one of these 'rogues', it is always a good idea to run full computer scans with both your antivirus program and Malwarebytes to make sure they come up clean. (Always update both your antivirus program and Malwarebytes before doing any scanning.)

Edited by marktreg, 06 May 2010 - 09:46 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 AM

Posted 06 May 2010 - 01:27 PM

This is a good fix.. Thanks to all and for your clarifications.. Hope no one minds m,I was just moderating and making sure all involved are good to go.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 grg.clny

grg.clny
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 07 May 2010 - 07:28 AM

I will update and run my virus scans again to make sure I am still good. Then I will create a new restore point. Thanks for all the help.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 AM

Posted 07 May 2010 - 09:40 AM

You're welcome from all of us here at BC. We are glad to have helped.
Please take a few minutes to read our quietman7's excellent Tips to protect yourself against malware and reduce the potential for re-infection:,in post 17. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 grg.clny

grg.clny
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 08 May 2010 - 10:15 PM

I thought I was going to be good to go, but no.
I tried to update Adobe to 9.3 but when I did the install I get this message:
ERROR 1402 Could not open Key HKEY_LOCAL_MACHINE_\Software\Micorsoft\Window ws\...\MFS- Verify you have sufficient access to that key.

Later Firefox locked up and Avira found: FAKE AV.KYW Trojan
I ran the quick scan for Malwarebytes and SAS and found nothing.
I just noticed Firefox google searches are being redirected. Sorry to be a pain. What next?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 AM

Posted 08 May 2010 - 11:09 PM

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:51 AM

Posted 09 May 2010 - 04:03 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/315717/started-with-antispyware-soft-virus-fake-scanner/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users