Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Virus Warning


  • This topic is locked This topic is locked
2 replies to this topic

#1 edtronic

edtronic

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 25 November 2011 - 02:22 PM

One of my users with a fairly new Dell running Windows 7 professional encountered a fake virus warning. Even though he closed the popup window without any further action, several things began to happen:

1) The peer-to-peer network failed to connect to the computer involved.
2) Windows firewall was not operational and would not start when requested to in the Control Panel.
3) Trend Micro Titanium 2011 did not find malware, but Windows Defender and Malwarebytes did. After Defender and Malwarebytes ran, problems 1 and 2 still existed.
4) Malwarebytes kept complaining that it was blocking communication between the computer and several outside IP addresses.
5) Downloaded and ran combofix. It took well over an hour to run. I have attached the log (ComboFix_1.txt) from that run.
6) After we rebooted, everything worked again.
7) Ran Malwarebytes again. This time it found one item: POP.bitminer. Had it quarantine and remove the offending file.
8} Ran combofix again. The log from that run is also attached {ComboFix.txt).

Everything seems to be OK, but I'd appreciate it if someone with ComboFix experience would look over the attached logs and tell me if there is more we need to do to avoid having these symptoms reappear.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:07 PM

Posted 30 November 2011 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your ComboFix log is clean.

I suggest you delete these two folders.

c:\users\WP\AppData\Roaming\LNyxA1uvSoFpGaJ
c:\users\WP\AppData\Roaming\duvD2obF4m5Q6E8
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the log for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:07 PM

Posted 05 December 2011 - 10:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users