Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It all started with fake antivirus


  • Please log in to reply
1 reply to this topic

#1 Reiyyy

Reiyyy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 14 September 2010 - 02:41 AM

About three weeks ago out of nowhere I had a fake antivirus program called "Security tools" popping out of nowhere. I had nod 32 and used to do regular scans with malware bytes they didn't work too well on removing the infection. With guides from the web It finally seemed gone and I downloaded Stopzillla!. The infection seemed to have gone for a while but the next day when i was least expecting it occured again. I did the same steps and removed it, ran a scan. It all seemed to have started when one of my google searches redirected to a wwwfreep2p2 ( or something like that) place. I saw the java icon loading, I saw a mediaplayer video file waiting to start buffering ( waiting for video ). I have been able to bypass this redirecting thing by copy pasting or directly typing the website name in the bar rather than clicking on the link but i realised whenever i got redirected stopzilla updated a definition and started scanning or found an infection and started scanning right away without needing a definition. This situation has been repeating itself for the past 3 weeks and driving me crazy and yesterday another fake security program (Analysis Security) draw the line. Among the infections i commonly see on the logs are vundo, Gasf, Sophos.DAT, some rootkits, userinit, and crptnet. dll. I am also suspecting there is a keylogger somewhere because i took my chances and did a search based on date on the changed files and found some very suspicious files and folders (CatRoot) some of which i havent been able to rename or delete because they are in use and i cant stop their process. I really need help. Im not sure which log i should post here because the moment i finish scanning on one anohter pops up saying there is an infection ( Its probably moving around as the AV trying to locate it or attempting to delete it)

Edited by Reiyyy, 14 September 2010 - 03:17 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:58 AM

Posted 14 September 2010 - 09:11 AM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users