Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

question about fake AV


  • Please log in to reply
10 replies to this topic

#1 belteck

belteck

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 22 December 2010 - 10:52 PM

So I was given a very very slow xp laptop. Slow due to lack of maintenance and possible infection. I cant get online and get a fake av message popping up in normal mode. I run ccleaner and super antispyware, SAS finds around 500 infections total and cleaner was nothing really significant. I run tdskiller and to my suprise it finds something. I reboot hoping the fake av is gone and its moving a bit faster. Its still getting the av message but seems to be a bit quicker. I boot back into safe mode run the rsskill and malwarebtyes. Now im waiting for it finish, should I have done my last two steps in normal mode or was I correct to try it in safe mode.

BC AdBot (Login to Remove)

 


#2 belteck

belteck
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 22 December 2010 - 10:56 PM

Also I installed the Malwarebytes from a installer I downloaded to a usb stick from a while ago maybe 5 months ago. Is there a way to grab just a newer definition and upgrade it manually?

#3 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:07:28 AM

Posted 23 December 2010 - 07:05 AM

Please post the logs from SAS, TDSSKiller and MBAM so that we can see what we are up against.

How to find the SUPERAntispyware log:
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
------------
How to find the MBAM log:
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
-------------
How to find the TDSSKiller log:
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:). Copy and paste the contents of that file in your next reply.
---------------

You said: "I cant get online"
Log on to your account (with the internet access problem).

Open Internet Explorer > Tools > Internet Options > Connections > LAN settings

.... and under "Proxy Server", remove the checkmark from the box beside "Use a proxy server ... " (if it is checked).

Click "OK" > "OK".

Does that fix the issue with your internet connection?
---------------

What is the name of the fake anti-virus program?

Have a look at the following link:
Virus, Spyware, & Malware Removal Guides

If you cannot see there, the name of the malware (infection) that you have, enter the exact name in the search box under "Search Guides", on the right-hand side of the page, and search for the appropriate removal guide.

Let us know if you don't have any luck with finding a guide that matches your infection.

If you do find the appropriate guide, follow the instructions closely. Ensure that you do download the latest version of MBAM (1.50) update the MBAM (Malwarebytes Antimalware) database definitions before scanning. Please post the log when finished.


Let us know how the system is running now.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 belteck

belteck
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 23 December 2010 - 08:07 AM

Hey Austra thanks for responding..I will post up the logs in a bit. I was searching for a guide for the fake AV I have and couldnt find anything. I took a picture off the screen maybe you might have some insight on it??

Posted Image

#5 belteck

belteck
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 23 December 2010 - 09:38 AM

Also am I correct for thinking to do all this while using safemode? When in regular mode everything is marked by the fake AV as a virus. I cant even run Rkill which I renamed to winlogo.exe it labels its a virus.

#6 Sue Hardy

Sue Hardy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 23 December 2010 - 09:46 AM

Hi beltek - hope you don't mind me adding my bit to your thread - I need a fix for this too. Whatever I have looks almost identical to the photo you posted. I don't know where it came from, I'm usually so careful - this is the first rubbish I've had on my laptop and I've had it nearly 6 years!

I've tried Rkill and then Malwarebytes, in that order. Rkill found nothing, Malwarebytes 3, which I got rid of, all in Safe Mode. Start up in normal and the thing is still there - I'm lost.

So I'd be interested to see if you have a fix.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 23 December 2010 - 10:31 AM

Welcome to BC Sue Hardy

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Sue Hardy

Sue Hardy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 23 December 2010 - 11:05 AM

Okay, noted, it's now here....

My link

#9 belteck

belteck
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 23 December 2010 - 11:33 AM

I was able to finally run Rkill in normal mode and it actually found it and killed it! Im currently running MBAM but its very slow due to its 256 mbs of ram. Here is my rkill log for right now it may help you guys out.


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Admin on 12/23/2010 at 10:38:59.


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\Admin\LOCALS~1\Temp\ljfcpvmcq\yccftgwlajb.exe
C:\Documents and Settings\Admin\Desktop\winlogo.exe.com


Rkill completed on 12/23/2010 at 10:39:03.

#10 belteck

belteck
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 23 December 2010 - 12:41 PM

I was able to finally run Rkill in normal mode and it actually found it and killed it! Im currently running MBAM but its very slow due to its 256 mbs of ram. Here is my rkill log for right now it may help you guys out.


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Admin on 12/23/2010 at 10:38:59.


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\Admin\LOCALS~1\Temp\ljfcpvmcq\yccftgwlajb.exe
C:\Documents and Settings\Admin\Desktop\winlogo.exe.com


Rkill completed on 12/23/2010 at 10:39:03.



MBAM just finished and found nothing..man im confused

#11 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:07:28 AM

Posted 23 December 2010 - 03:49 PM

I was searching for a guide for the fake AV I have and couldnt find anything. I took a picture off the screen maybe you might have some insight on it??

Thanks for the pic: It helps narrow the possibilities.

Try this removal guide: Remove Antivirus IS (Uninstall Guide)

Ensure that you do download the latest version of MBAM (1.50), and update the database definitions to the latest available.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please post the logs and let us know how the system is running now.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users