Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake anti-virus software, redirections


  • Please log in to reply
3 replies to this topic

#1 ablegreen

ablegreen

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 22 December 2010 - 07:10 PM

Hello,

Problems:
1) fake anti-virus software prevents pages from being visited (screenshot: http://i55.tinypic.com/mrzd4x.jpg)
2) browser redirects to random advertisement sites at random times
3) can't access windows update (screenshot: http://i51.tinypic.com/35cg45j.jpg)

I tried using the following:
- Malwarebytes' Anti-Malware
- SUPERAntiSpyware
- combofix.exe

I'm not sure if I used the above tools correctly though (used them in safemode with networking). They picked up some other things but didn't seem to eliminate the problems.

I've removed fake anti-virus software before but I'm not sure what the name of this malware/spyware is called, so I couldn't google much about them.

Thanks!

Edited by ablegreen, 22 December 2010 - 07:14 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 22 December 2010 - 11:32 PM

Hello, see the blue text above this forum. You shouldn't use ComboFix on your own.
That said, now we'll need to see that log and you have to start a new topic.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you have.

Let me know if that went well.

Edited by boopme, 23 December 2010 - 10:57 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ablegreen

ablegreen
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 23 December 2010 - 12:41 AM

Hi,

I just managed to fix all of the problems! I used a combination of Rkill, combofix, and atfcleaner. Sorry I did this on my own!

For the fake anti-virus, Rkill's log revealed that the process was coming from some .exe file in the temp folder. I scanned this file with an online file scanner and it turned out to be a trojan. I simply deleted the folder and that somehow stopped the fake av from running. I'm not sure why malwarebyte did not pick it up.

The browser redirects magically disappeared, and the windows update is working again. I ran windows update, which hasn't been run in 2 years. Got around 100 security updates to download and install.

I used CCleaner to remove any registry tracks and scanned with malwarebytes again.

Should I still post a log to ensure all the infections are gone?

Thanks.

Edited by ablegreen, 23 December 2010 - 12:45 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 23 December 2010 - 10:59 AM

I think you should and include the ComboFix log so it can be reviewd.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users