Win32:FakeAlert-FC [Trj] how to get rid off it

View previous topic View next topic Go down

Win32:FakeAlert-FC [Trj] how to get rid off it

Post by sport_vaasa on Tue Dec 15, 2009 1:32 am

my avast! 4.8 professional edition detects this virus:

Malware name: Win32:FakeAlert-FC [Trj]
Malware type: Trojan Horse
file infected: C:\WINDOWS\TEMP\xxxx.tmp\svchost.exe

Ive tried everythig, deleted file, moved it to chest, renamed it, no action...but this virus just keeps appearing every few mins in TEMP folder...what shall I do...

btw I've already scanned with Malwarebytes AM and it doesnt find any infected files(at least not with quick scan)...so is it avast! error only?? shall I change my antivirus??

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 02:26:24, on 12/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
D:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\BOLT\My Documents\Downloads\Aero_Ultimate_7_6901_Beta_by_fediaFedia\Aero_Ultimate_7_6901_Beta_by_fediaFedia\FindeXer win7 kit\FindeXer\FindeXer.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

--
End of file - 9330 bytes

sport_vaasa
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-14
Gender Gender : Male
OS OS : Windows 7 Ultimate
Protection Protection : Avast! Internet Security
Points Points : 25574
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32:FakeAlert-FC [Trj] how to get rid off it

Post by Dr Jay on Tue Dec 15, 2009 10:28 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32:FakeAlert-FC [Trj] how to get rid off it

Post by sport_vaasa on Tue Dec 15, 2009 7:05 pm

ok heres the log:

"BOLT" - 2009-12-15 20:01:43 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\BOLT\Desktop\"
Command switches used :: "/stepdel"


((((((((((((((((((((((((((((((( Files Created from 2009-11-15 to 2009-12-15 ))))))))))))))))))))))))))))))))))


2009-12-15 19:54 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-12-15 02:14 d-------- C:\Program Files\TrendMicro
2009-12-15 00:17 38,224 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-12-15 00:17 19,160 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-12-15 00:17 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-15 00:17 d-------- C:\DOCUME~1\BOLT\APPLIC~1\Malwarebytes
2009-12-15 00:17 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-12-14 23:28 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-12-13 20:43 97,480 --a------ C:\WINDOWS\system32\AvastSS.scr
2009-12-13 20:43 94,160 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2009-12-13 20:43 93,424 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2009-12-13 20:43 48,560 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2009-12-13 20:43 27,408 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2009-12-13 20:43 23,120 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2009-12-13 20:43 114,768 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2009-12-13 20:43 1,280,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2009-11-25 11:26 d-------- C:\DOCUME~1\BOLT\APPLIC~1\Apple Computer
2009-11-24 22:46 d-------- C:\DOCUME~1\BOLT\APPLIC~1\Spore
2009-11-17 20:08 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-12-08 19:06:29 -------- d-----w C:\Program Files\Lexmark X1100 Series
2009-11-24 22:35:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-11-24 21:06:22 36,880 ----a-w C:\WINDOWS\DIIUnin.dat
2009-11-17 16:30:28 -------- d-----w C:\Program Files\BS.Player ControlBar
2009-10-30 17:48:30 -------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2009-10-30 17:48:15 -------- d-----w C:\Program Files\ABBYY FineReader 6.0
2009-10-30 17:48:02 -------- d-----w C:\Program Files\FaxTools
2009-10-24 14:56:36 -------- d-----w C:\Program Files\Chicken Invaders 3
2009-10-21 10:42:44 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2009-10-21 10:29:50 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2009-10-21 10:29:50 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2009-10-11 03:17:27 411,368 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-10-07 04:05:14 232,712 ----a-w C:\WINDOWS\system32\PDBoot.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 13:07]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 14:25]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}=C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 16:49]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL [2006-10-26 23:48]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 14:41]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 04:17]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}=C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 17:17]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}=D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 04:17]
{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}=C:\Documents and Settings\BOLT\My Documents\Downloads\Aero_Ultimate_7_6901_Beta_by_fediaFedia\Aero_Ultimate_7_6901_Beta_by_fediaFedia\FindeXer win7 kit\FindeXer\FindeXer.dll [2006-07-28 22:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 08:03]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2009-07-27 03:37]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2009-05-26 16:18]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 06:58]
"RTHDCPL"="RTHDCPL.EXE" []
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 04:08]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 12:08]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"SunJavaUpdateSched"="D:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 04:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-25 00:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 13:42]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 15:44]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"_nltide_2"=regsvr32 /s /n /i:U shell32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [2006-10-26 23:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a442583d-d1d1-11de-8f99-00508dca0aea}]
AutoRun\command- H:\RECYCLERBIN\autorun32.exe
open\command- H:\RECYCLERBIN\autorun32.exe


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-15 20:03:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JavaQuickStarterService]
"ImagePath"="\"D:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

Completion time: 2009-12-15 20:04:26
C:\ComboFix2.txt ... 2009-12-15 19:54

--- E O F ---

sport_vaasa
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-14
Gender Gender : Male
OS OS : Windows 7 Ultimate
Protection Protection : Avast! Internet Security
Points Points : 25574
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32:FakeAlert-FC [Trj] how to get rid off it

Post by Dr Jay on Tue Dec 15, 2009 10:22 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum