Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help please..."Antivirus sofware alert


  • Please log in to reply
3 replies to this topic

#1 isuhunter

isuhunter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 15 September 2010 - 10:08 PM

Hi everyone...you have successfully guided me through my first spyware infection (sorry if I used wrong wording) now I have another one that I can't seem to get rid of.

So...

Here is what is happening...Dell Laptop with XP Home

1. Security Warning (in heading) Then message reads "Application cannot be executed. The file jucheck.exe is infected. Do you want to activate your antivirus software now? YES OR NO

2. Window Security Alert (pops up in bottom right)

3. Antivirus software alert (pops up in middle of screen) "Attention ! SPYWARE ALERT" followed by big red ! Vulnerabilities found.

4. Antivirus software alert (pops up on bottom right) " Infilitration Alert" "Your computer is being attacked by an internet virus. It could be a passwor0stealing attack, a trojan - dropper or similar."

5. It brings up a internet page to porno.org

If you guys can point me to a guide that would be great. It doesn't allow me to do anything outside of these programs. If I attempt ctrl+alt+delete it will close automatically within 2 seconds.

Thanks for you help in advance.

BC AdBot (Login to Remove)

 


#2 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:03:49 AM

Posted 15 September 2010 - 10:58 PM

Can you boot into safe mode? (Turn it on, immediately after the Dell splash screen begin tapping the F8 key until you get a menu with Safe Mode at the top. Select Safe Mode with Networking and press Enter).

If you can boot into safe mode with networking, log into your main account or any administrator account. As soon as you get to the desktop, open your web browser and insure you are connected to the internet by viewing your home page.
Please download Malwarebytes Anti-Malware and save it to your desktop from here.

Double-click on mbam-setup-1.46.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When the installation has finished, leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click the Finish button.

MBAM will download the most recent updates and should start after a minute or so.

From the scanner tab, select a QUICK SCAN and click the Scan button.

After the scan finishes, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. This log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire contents of that report in your next post.

MBAM may tell you to reboot your computer to complete the process. If so, then reboot into Normal mode and post the contents of the log afterwards.
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#3 isuhunter

isuhunter
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 16 September 2010 - 05:31 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4631

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

9/16/2010 5:25:21 PM
mbam-log-2010-09-16 (17-25-21).txt

Scan type: Quick scan
Objects scanned: 152362
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bkwvbhav (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bkwvbhav (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Sara\Local Settings\Application Data\lxjmgdllk\xeugrknuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

#4 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:03:49 AM

Posted 16 September 2010 - 06:18 PM

Now, in normal mode, open Malwarebytes and update it. After updating, run a full scan. When MBAM finishes, reboot if necessary and post the log from the full scan in your next reply.
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users