Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am also infected


  • Please log in to reply
3 replies to this topic

#1 ochaye

ochaye

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 14 July 2010 - 07:18 AM

I have the same problem as raceace and have read the postings in that thread - including the directions by m0le.
Problem is that I can't follow the instructions as I can't get past the web page which reads
"Internet Explorer Warning" - "visiting this web site may harm your computer!"
so I can't download any of the Malwarebytes Anti-Malware or any of the following programs.
Any help would be greatly appreciated
thanks

BC AdBot (Login to Remove)

 


#2 ochaye

ochaye
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 14 July 2010 - 07:45 AM

the raceace post was

My laptop just became infected with some unknown malware. I am logging in from my desktop seeking a solution.

I am running Windows Vista Home Edition. I use Google Chrome as a browser.

The first indication of a problem came up in the system tray where an icon came up that looks like the Norton Antivirus shield. (I don't have Norton on this laptop). A pop up window came up stemming from this icon that says

"Windows Security Alert. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."


The few grammatical errors were a clue. Then a window popped up with the name "Antivir Solution Pro" and looked like it was performing a scan. When trying to close, it asks "Are you sure ? Your PC will not be protected against spyware." 2 choices below, "Yes, continue unprotected" and "No, purchase full version"

When closing the pop up window that looks like the program another window pops up with "Antivirus software alert" again with the fake looking shield logo.

I attempted to surf over to Trend Micro's Housecall to beging a scan. I am unable to surf to any website that may be of any assistance, cannot go to google and security windows pop up saying that chrome is infected. There is another window that popped up in the lower right corner with the little fake shield logo that says:

"Antivirus software alert
INFILTRATION ALERT Virus Attack
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trogan - dropper or similar.
DETAILS
Attack from:152.179.59.20, port 4703
Attacked port: 29484
Threat: BankerFox.A
Do you want block this attack ?
Yes No"


Again grammar errors indicate it is part of the problem.

When going to Internet Explorer to surf for a solution, it limits access there and continues to try to open windows to places like "porn.com" "viagra.com" "porn.org" "adult.com" etc. By this time I had right clicked and pulled the computer offline and began looking for a solution on another computer.

Additionally, the error message that comes up in Google Chrome says, "Internet Explorer Warning" - "visiting this web site may harm your computer!"

Interesting since it is chrome and not IE.

The links on that page point to "http://antiviractive.com/purchase?pgid=4&r=57.5]http://antiviractive.com/purchase?pgid=4&r=57.5" [/i][/b]



I SUPPOSE MY CASE IS A BIT DIFFERENT

In my case

1. It is Windows XP professional and IE is the web search

2. virus protector is Symantec end point protection

3. I have restarted the computer

4. On restart the following appears

RUNDLL

Error loading C:|WINNT\iwoxuqotolixaqa/dll
The specified mode could not be found

then from the folllowing appears

X Windows security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Without touching anything the following appears at the bottom right corner of the screen

...



Antivirus software alert
INFILTRATION ALERT virus attack
Your computer is being attacked ..etc ..

DETAILS
Attack from 202.141.52.75, port 47407
Attacked port: 8836
Threat:abnkerfox.A

Do you want to block this attack?

yes no


then again touching nothing

a scan starts


Antivir Solution Pro scan

even trying to stop it the scan proceeds and finds viruses

then a message in the middle of the screen



Antivirus software alert

ATTENTION ! SPYWARE ALERT (there is a shield with a !)

Vulnerables found

it refers to 34 serious threats etc


If the OK is clicked you are taken to the antiviractive .com/purchase?pgid=4&r=57.4 web addreess

clicking home just goes back to the

Page with

Internet Explorer warning - visiting this site may harm your computer

it is possible to get rid of the messages but the browser comes up with the same message

and the antivirus alert reappears with a different attack from and attacked port
and the same bankerboxA

than the other sites mentioned by raceace start appearing without and clicking of anything


and can't get further than that

any help would be rellly appreciated

thanks

#3 ochaye

ochaye
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 15 July 2010 - 02:53 PM

Symantec seems to be finding two risks put into quarantine

Trojan Zefarchlgen

Trojan Zefarch

I try IE but the result is a

Internet Explorer cannot display this message

so it seems that I can download any malware programs

or create any logs

#4 ochaye

ochaye
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 16 July 2010 - 11:07 AM

Hopefully I have fixed the problem by following your spyware removal guide .. thanks .. a great guide ... even I could understand the directions ...
(fingers crossed)
will post again later if I am wrong ....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users