Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Running AVG 2014 shows constant Virus found FakeAlert messages. About 20 a day


  • Please log in to reply
9 replies to this topic

#1 RMac0001

RMac0001

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 02 December 2013 - 04:05 AM

Hi there,

I keep get a Virus found FakeAlert message from AVG but I can't seem to find what is causing it. I have done a full system scan and no viruses were found. I ran Malwarebytes and it found nothing either.

 

I am running AVG Internet Security 2014 and Malwarebytes Anti-Malware 1.75.0.1300 on Windows 8.1.

 

Please help if you can.

 

avg-alert.png



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 02 December 2013 - 10:46 AM

Hello RMac... Please run

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 RMac0001

RMac0001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 02 December 2013 - 11:11 AM

Here is the report:

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Roger [Admin rights]
Mode : Remove -- Date : 12/02/2013 08:07:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] b197c4062c311b0fb9c349d1c30bd08c
[BSP] c58f1af6c67d61b28a42f86039d27d61 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD3200BEVT-00A0RT0 +++++
--- User ---
[MBR] 87b9dabfcda12ad9d45aa049498c6254
[BSP] 2261472195cde68d680ef67967020d09 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12022013_080745.txt >>
RKreport[0]_S_12022013_080733.txt



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 02 December 2013 - 12:31 PM

Please run two more, ESET may need more than an hour.

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .
    ..
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 RMac0001

RMac0001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 02 December 2013 - 03:39 PM

ok here is my log from AdwCleaner

# AdwCleaner v3.014 - Report created 02/12/2013 at 09:42:07
# Updated 01/12/2013 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Roger - ROGER-PC
# Running from : D:\Downloads\Fake Alert Fixes\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\4oykmidp.default\StumbleUpon

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v19.0 (en-US)

[ File : C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\4oykmidp.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [7275 octets] - [01/12/2013 10:20:32]
AdwCleaner[S0].txt - [971 octets] - [02/12/2013 09:42:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1030 octets] ##########
 

 

And here is the log from ESET

C:\Users\All Users\InstallMate\{4B554CF1-5673-40A3-A248-1E5190B66E07}\Custom.dll    Win32/InstalleRex.L application    
C:\Users\All Users\InstallMate\{93951088-63E6-441F-A6F4-2BC44876327E}\Custom.dll    Win32/InstalleRex.L application    
C:\ProgramData\InstallMate\{4B554CF1-5673-40A3-A248-1E5190B66E07}\Custom.dll    Win32/InstalleRex.L application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{93951088-63E6-441F-A6F4-2BC44876327E}\Custom.dll    Win32/InstalleRex.L application    cleaned by deleting - quarantined
C:\Windows\Installer\1a543cde.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 02 December 2013 - 03:59 PM

Good, check your AVG again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 RMac0001

RMac0001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 02 December 2013 - 04:20 PM

I just received another warning



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 02 December 2013 - 08:14 PM

Ok I cannot get convincing info that the first item ,the bg4...Microsoft is safe.. It resolves to 3 IP's
see... https://www.virustotal.com/en/domain/bg4.v4.a.dl.ws.microsoft.com/information/
2 appear O ,the last is in Kabul Afghanistan.


I feel for safety sake we should get a deeper look. Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 RMac0001

RMac0001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 02 December 2013 - 11:53 PM

DDS will not run on windows 8.1

 

I did however get rid of avg as I don't feel confident with a virus scanner that misses a virus. I bought bitdefender total security and ran a ful system scan. It found 184  threats so hopefully that took care of the problem.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 03 December 2013 - 10:52 AM

Yes, DDS is not yet ready for 8.1. Glad to hear you are good. Thanks for coming by.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users