Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fake alert virus


  • Please log in to reply
3 replies to this topic

#1 brandymiller2013

brandymiller2013

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 20 May 2013 - 08:13 AM

Hi I had a fakealert virus and I have ran malwarebytes, logged the infected files, ran ComboFix, and went into regedit and deleted affected files.  I am still, however, getting the windows security alerts everytime I reboot.  How can I stop this and/or find what is still affecting my computer function.

 

Also, I want to look in my startup but I can't remember what the stupid word is that opens it.  File, Run, ??? 

 

Thanks!


Edited by hamluis, 20 May 2013 - 08:28 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 mr.meyer

mr.meyer

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palm Bay, FL
  • Local time:11:27 PM

Posted 20 May 2013 - 09:07 AM

word your looking for is "msconfig"



#3 brandymiller2013

brandymiller2013
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 20 May 2013 - 09:18 AM

Okay so I got into my startup services, thanks.  Now I see NvCpl is at the top of startup items and the location is:

HKLM/software/microsoft/windows/currentversion/run

 

which is one of the items I found as a virus.  Does that mean this is a virus as well, or is this something that is supposed to be running???  I have 4 items running with this location:

 

NvCpl Command: RUNDLL32.EXE C:Windows/system32/NvCpl.dll,NvStartup

RunDLL32 Command: RunnDLL32.exeNvMCTray.dll,NVTaskbarInit -login

avp (which is the Kaspersky Lab supposed antivirus software I just installed over the weekend)

ctfcom Command: C;/Windows/system32/ctfmon.exe

 

Any help with this will be appreciated!

 

 



#4 jamiep87

jamiep87

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 21 May 2013 - 05:26 PM

Those that start with Nv are usually nvidia drivers or programs loading and should be legit. I haven't heard of a virus infecting one of those files but its possible.

Everything you listed it legit as far as i can tell. Reboot into safe mode and run those 2 scans again and throw TDSSkiller as well as it could be a root kit thats hiding itself from the other programs.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users