Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups Appear Telling Me I Have An Infection


  • Please log in to reply
10 replies to this topic

#1 koduck

koduck

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 01 September 2006 - 09:36 PM

My friend was showing me a funny clip on the internet when it asked us to update our internet explorer so i did. When I updated it my webpage was set to a site that was giving out downloads for viruses and trojans. I did not download any of these. I followed all the instructions on the preperation guide and most of my function are back to normal except i will occasionally get a few pop ups. One pop up is a date finder, the other directs me to a site that has anti-virus downloads, and the last is for an online casino. A little yellow ballon {looks like this: /!\ } will appear in the bottom right saying my computer is infected by a backdoor trojan or a "NetWorm-1.Virus@fp" it then goes on to: (i am using the networm ballon for the info below) _
/!\ Security Alert: NetWorm-virus@fp |X|
Type: Virus/Network Worm
Damage Level: High
Description: Virus that effects executable files.
Recommendation:Delete/quarantine immediately.
Protection: Click this ballon to download certified Antivirus software

. When i click on this it sends me to the same site the pop up mentioned above sends me too. There is also a pop up that says my computer is infected and says that there are sites to go to, but it is in the shape of:
______________
|X|
|
|
__ ______ |
_OK__CANCEL_|
I hope that tells you what type of window it is, it only has an X in the top right, an OK or a Cancel on the bottom. It has a bunch of writing telling me about viruses, but i have never seen this window before. None of these have ever appeared untill i updated my internet explorer.
I hope this is enough information. I can provide some more details if needed.

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:31 PM

Posted 04 September 2006 - 07:25 AM

Hey there koduck, welcome to Bleeping Computer.
Sorry for the delay in the reply.

This program is a rogue application and you aren't actually infected with the Virus/Network Worm that it reports. Have you tried any scanners to try and remove the infection? I would imagine that a special tool is needed to remove this, and I have posted instructions below:

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

David

#3 koduck

koduck
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 04 September 2006 - 08:02 PM

Ok, here is the message i got. I do not understand it at all, so i hope you do. Thanks again.
-Koduck

SmitFraudFix v2.83

Scan done at 17:34:47.95, 04/09/2006
Run from C:\Documents and Settings\Dave\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dave\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Media-Codec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:31 PM

Posted 05 September 2006 - 06:27 AM

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter to delete infected files.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted: "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will now check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process. If your computer does not restart automatically, please do it yourself manually (restart again in Safe Mode).

A text file will appear onscreen with results from the cleaning process. Please copy/paste the content of that report into your next reply. Again that report can be found in the root of the system drive at C:\rapport.txt.

Clean out your Temporary Internet files as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click "Delete Files" under Temporary Internet Files.
  • In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".
  • On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".
  • Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".
  • Click "OK".
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click "Ok" then "Apply" and "Ok".

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Post the contents of rapport.txt in your next reply and let us know how your computer is running.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 koduck

koduck
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 08 September 2006 - 09:28 PM

SmitFraudFix v2.83

Scan done at 18:32:49.68, 08/09/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

This is what the rapport said.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:31 PM

Posted 09 September 2006 - 02:26 AM

Are you still recieving popups that state your system is infected?

#7 koduck

koduck
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 09 September 2006 - 11:25 PM

Yep, all is back to normal. :thumbsup: Thank you guys very much.

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:31 PM

Posted 10 September 2006 - 03:27 AM

Glad we could help! :thumbsup:
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David

#9 Derk

Derk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 10 October 2006 - 08:25 AM

I have followed the instructions in the "safe mode" and once I double click smitfraudfix.cmd a window pops up in red, then says click any key to continue (something like this) I clicked on 2, the window disappears and nothing happens. So I then double click again on smitfraudfix.cmd, same thing again, reddish coloured window, try to type in clean and after first key stroke the window disappears again.
I even tried this in the regular operating system and same thing happens.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:31 PM

Posted 10 October 2006 - 09:30 AM

This is a known issue that results if you did not extract the file properly. A ZIP file requires an unzip utility. Read "How to create and extract a ZIP File in Windows". Win 9x/2000 users read here. If you need an unzipping utility, download 7zip (its free).

BTW Derk you should start your own thread topic when asking for assistance rather than asking in someone else's to avoid confusion.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Oldschoolvillian

Oldschoolvillian

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 11 October 2006 - 10:56 AM

I was having the same problem that the original poster was having. I had tried a few spyware removers before finding a link to this forum. I followed the steps you gave him and it worked! Thank you guys so very very much. You guys(or gals) are the best.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users