Virus - Fake Windows Security Scan

View previous topic View next topic Go down

Virus - Fake Windows Security Scan

Post by sehsails on 30th December 2009, 10:57 pm

Hello,

I believe my computer has been infected with a few viruses and would really appreciate some help in fixing it. Thank you in advance!

I noticed a few days ago that when I did a google search and clicked on a link, I was redirected to a different page completely (more often than not - it was some sort of gaming or porn site). And then just yesterday I started receiving task bar notices that said "Danger! There are some serious security threats detected on your computer...." and several pop-ups with "Windows Security Center" and "Security Center Alert."

These pop-ups with "windows security warning" and "Security Center Alert" keep telling me that I need to download anti-spyware or block suspicious software. These pop-ups happen very quickly and normally say something to this effect:

"warning! your computer is infected! windows has detected spyware infection! it is recommended to use special anti-spyware tools to "pervent" data loss. Windows will now download and install the most up-to-date antispyware for you. click here to protect your computer from spyware!"....

or

"Do you want to block this suspicious software?
Name: Backdoor.Win32.Agent.ich (just one example of several names I have been seeing)
Risk: High Risk
Description: This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 48640 bytes in size. It is packaged using UPX. The unpacked file is approximately 360KB in size."

As I said these pop-ups happen every minute or so.

While I was looking through several forums on how to fix this virus, I saw that downloading a malware or spyware program was the way to go. I have tried to download and install Malwarebytes and SUPERAntiSpyware, but neither will correctly install onto my computer. MalwareBytes looks like it will install but never actually finishes installing (I do have an icon however). I tried to uninstall the program as well, to try to re-install it but it wont let me uninstall it either. When I try to run SUPERAntiSpyware, an error message pops up telling me it had to shut down. I have also tried ComboFix and CCleaner, but neither of those works.

One more thing, I just noticed this morning that my computer is taking a very long time to boot up. My screen goes black for several minutes before my desktop becomes visible. Is this because of the viruses as well?

I have run Hijackthis, and here is a copy of my report:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:36:15 PM, on 12/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\V0470Mon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\settdebugx.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\DOCUME~1\Chris\LOCALS~1\Temp\wscsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\Installer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\Chris\LOCALS~1\Temp\settdebugx.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9094 bytes

sehsails
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by Dr Jay on 31st December 2009, 2:30 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by sehsails on 31st December 2009, 3:09 am

I downloaded and installed MalwareBytes, and then restarted my computer. However when I try to run the program nothing happens. I've tried to open MalwareBytes from both the Start Menu and Desktop shortcuts.

Is there anything I can do to get the program to run?

sehsails
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by Dr Jay on 31st December 2009, 3:23 am

  1. As this infection deletes a core executable of Malwarebytes' we will need
    to download a new copy of it and put it in the C:\program files\Malwarebytes'
    Anti-Malware\
    folder. To download the file please click on the following
    link: [You must be registered and logged in to see this link.]

    When your browser prompts you where to save it to, please save it to the C:\program
    files\Malwarebytes' Anti-Malware\
    folder. When downloading the file,
    it will have a random filename. Please leave the filename the way it is as
    it is important that it is not changed. You may want to write down the name
    of the file as you will need to know the name in the next step.
  2. Once the file has been downloaded, open the C:\program files\Malwarebytes'
    Anti-Malware\
    folder and double-click on the file you downloaded
    in step 8. MBAM will now start and you will be at the main program screen .


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by sehsails on 31st December 2009, 5:00 am

Thanks for that tip I was able to run the full scan with Malwarebytes. It prompted me to reboot my computer, and it just turned back on. Here is my log:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/30/2009 8:41:26 PM
mbam-log-2009-12-30 (20-41-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170572
Time elapsed: 19 minute(s), 45 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
C:\Documents and Settings\Chris\Local Settings\Temp\Installer.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Chris\Local Settings\Temp\Installer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\settdebugx.exe (Rogue.Installer) -> Delete on reboot.
C:\Documents and Settings\Chris\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

sehsails
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by Dr Jay on 31st December 2009, 6:56 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by sehsails on 1st January 2010, 12:09 am

Hello,

Here is a copy of the log that combofix produced

ComboFix 09-12-31.06 - Chris 12/31/2009 15:56:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.694 [GMT -8:00]
Running from: c:\documents and settings\Chris\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AegisP.inf
c:\windows\system32\drivers\H8SRTkmnbenpkmk.sys
c:\windows\system32\H8SRTbodbygjlog.dll
c:\windows\system32\H8SRTchtitbxhxo.dat
c:\windows\system32\H8SRTvyqjeownmq.dll
c:\windows\system32\drivers\H8SRTkmnbenpkmk.sys
c:\windows\system32\H8SRTbodbygjlog.dll
c:\windows\system32\H8SRTchtitbxhxo.dat
c:\windows\system32\H8SRTvyqjeownmq.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-31 04:20 . 2009-12-31 04:20 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-12-30 22:01 . 2009-12-30 22:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-30 21:54 . 2009-12-30 21:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 21:54 . 2009-12-30 21:54 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2009-12-30 21:54 . 2009-12-30 21:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 21:24 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 21:24 . 2009-12-30 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-30 21:24 . 2009-12-31 04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 21:24 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 12:51 . 2009-12-30 12:51 -------- d-----w- c:\program files\CCleaner
2009-12-30 12:38 . 2009-12-30 12:38 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-30 12:38 . 2009-12-30 12:38 -------- d-----w- c:\program files\TrendMicro
2009-12-20 09:27 . 2009-12-20 09:28 -------- d-----w- c:\program files\Graboid
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\program files\Norton Security Scan
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\program files\NortonInstaller
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-04 18:03 . 2009-12-04 18:03 251376 ----a-w- c:\documents and settings\Chris\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-04 12:36 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-04 12:36 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 00:02 . 2008-09-22 04:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-31 23:45 . 2008-09-23 17:27 -------- d-----w- c:\documents and settings\Chris\Application Data\Skype
2009-12-31 16:02 . 2008-09-23 17:28 -------- d-----w- c:\documents and settings\Chris\Application Data\skypePM
2009-12-30 12:52 . 2008-09-25 21:44 -------- d-----w- c:\documents and settings\Chris\Application Data\Azureus
2009-12-30 12:28 . 2009-11-26 15:52 79488 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 12:40 . 2008-09-30 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-22 10:18 . 2008-12-23 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-19 23:26 . 2008-09-25 21:42 -------- d-----w- c:\program files\Vuze
2009-12-11 08:47 . 2008-09-22 02:41 -------- d-----w- c:\program files\DivX
2009-12-11 08:45 . 2009-07-08 03:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-08 12:04 . 2009-06-17 04:59 10686001 ----a-w- c:\documents and settings\Chris\Application Data\Azureus\plugins\azump\mplayer.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-29 07:46 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-26 03:22 . 2009-10-26 03:22 126970 ----a-w- c:\documents and settings\Chris\Application Data\Move Networks\uninstall.exe
2009-10-26 03:22 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Chris\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-26 03:22 . 2009-10-26 03:21 1407680 ----a-w- c:\documents and settings\Chris\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-10-18 16:28 . 2008-10-18 16:26 4797496 ----a-w- c:\program files\OneSuite.exe
2008-10-16 04:31 . 2008-10-16 04:30 22404904 ----a-w- c:\program files\SkypeSetup.exe
2008-10-04 01:17 . 2008-10-04 01:17 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2008-09-30 02:14 . 2008-09-30 02:14 2404352 ----a-w- c:\program files\Norton_Removal_Tool.exe
2008-09-25 21:37 . 2008-09-25 21:36 9057472 ----a-w- c:\program files\Vuze_3.1.1.0_windows.exe
2008-09-25 20:53 . 2008-09-25 20:52 67110184 ----a-w- c:\program files\iTunes8Setup.exe
2008-09-24 01:59 . 2008-09-24 01:59 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-09-24 01:56 . 2008-09-24 01:56 7507848 ----a-w- c:\program files\Firefox Setup 3.0.2.exe
2008-09-23 16:59 . 2008-09-23 16:59 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
2009-04-01 05:47 . 2009-05-09 00:40 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\I4ZTInWGA.exe" [2009-12-31 1389904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OneSuite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OneSuite.lnk
backup=c:\windows\pss\OneSuite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-08-14 08:07 102400 ----a-w- c:\program files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 16:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 19:10 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-05-27 02:41 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 11:37 AM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2009 2:58 AM 102448]
S0 cjqbliy;cjqbliy;c:\windows\system32\drivers\ntvpkwv.sys --> c:\windows\system32\drivers\ntvpkwv.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 6:32 PM 23888]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [10/15/2008 11:09 AM 146368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-839522115-1003Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 23:52]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-839522115-1003UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 23:52]

2009-12-31 c:\windows\Tasks\Norton Security Scan for Chris.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-12-11 21:15]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\c05lswwe.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\Chris\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ProxyWay - c:\program files\ProxyWay\proxyway.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-31 16:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1732)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-12-31 16:05:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-01 00:05

Pre-Run: 18,721,099,776 bytes free
Post-Run: 18,615,050,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6C530D42C1E1D840627B9902B994492D

sehsails
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by Dr Jay on 1st January 2010, 3:09 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    killall::
    File::
    c:\windows\system32\drivers\ntvpkwv.sys

    Driver::
    cjqbliy
    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by sehsails on 1st January 2010, 3:28 am

Here is my new combofix log:

ComboFix 09-12-31.06 - Chris 12/31/2009 19:15:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.466 [GMT -8:00]
Running from: c:\documents and settings\Chris\Desktop\commy.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\ntvpkwv.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_cjqbliy


((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-31 04:20 . 2009-12-31 04:20 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-12-30 22:01 . 2009-12-30 22:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-30 21:54 . 2009-12-30 21:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 21:54 . 2009-12-30 21:54 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2009-12-30 21:54 . 2009-12-30 21:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 21:24 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 21:24 . 2009-12-30 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-30 21:24 . 2009-12-31 04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 21:24 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 12:51 . 2009-12-30 12:51 -------- d-----w- c:\program files\CCleaner
2009-12-30 12:38 . 2009-12-30 12:38 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-30 12:38 . 2009-12-30 12:38 -------- d-----w- c:\program files\TrendMicro
2009-12-20 09:27 . 2009-12-20 09:28 -------- d-----w- c:\program files\Graboid
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\program files\Norton Security Scan
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\program files\NortonInstaller
2009-12-11 11:43 . 2009-12-11 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-04 18:03 . 2009-12-04 18:03 251376 ----a-w- c:\documents and settings\Chris\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-04 12:36 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-04 12:36 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 03:22 . 2008-09-22 04:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-01 03:14 . 2008-09-23 17:27 -------- d-----w- c:\documents and settings\Chris\Application Data\Skype
2010-01-01 00:52 . 2008-09-23 17:28 -------- d-----w- c:\documents and settings\Chris\Application Data\skypePM
2009-12-30 12:52 . 2008-09-25 21:44 -------- d-----w- c:\documents and settings\Chris\Application Data\Azureus
2009-12-30 12:28 . 2009-11-26 15:52 79488 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 12:40 . 2008-09-30 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-22 10:18 . 2008-12-23 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-19 23:26 . 2008-09-25 21:42 -------- d-----w- c:\program files\Vuze
2009-12-11 08:47 . 2008-09-22 02:41 -------- d-----w- c:\program files\DivX
2009-12-11 08:45 . 2009-07-08 03:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-08 12:04 . 2009-06-17 04:59 10686001 ----a-w- c:\documents and settings\Chris\Application Data\Azureus\plugins\azump\mplayer.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-29 07:46 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-26 03:22 . 2009-10-26 03:22 126970 ----a-w- c:\documents and settings\Chris\Application Data\Move Networks\uninstall.exe
2009-10-26 03:22 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Chris\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-26 03:22 . 2009-10-26 03:21 1407680 ----a-w- c:\documents and settings\Chris\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-10-18 16:28 . 2008-10-18 16:26 4797496 ----a-w- c:\program files\OneSuite.exe
2008-10-16 04:31 . 2008-10-16 04:30 22404904 ----a-w- c:\program files\SkypeSetup.exe
2008-10-04 01:17 . 2008-10-04 01:17 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2008-09-30 02:14 . 2008-09-30 02:14 2404352 ----a-w- c:\program files\Norton_Removal_Tool.exe
2008-09-25 21:37 . 2008-09-25 21:36 9057472 ----a-w- c:\program files\Vuze_3.1.1.0_windows.exe
2008-09-25 20:53 . 2008-09-25 20:52 67110184 ----a-w- c:\program files\iTunes8Setup.exe
2008-09-24 01:59 . 2008-09-24 01:59 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-09-24 01:56 . 2008-09-24 01:56 7507848 ----a-w- c:\program files\Firefox Setup 3.0.2.exe
2008-09-23 16:59 . 2008-09-23 16:59 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
2009-04-01 05:47 . 2009-05-09 00:40 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 03:21 . 2010-01-01 03:21 16384 c:\windows\Temp\Perflib_Perfdata_570.dat
+ 2010-01-01 03:22 . 2010-01-01 03:22 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
+ 2004-08-04 10:00 . 2010-01-01 00:06 53166 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2010-01-01 00:00 53166 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2010-01-01 00:06 380918 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2010-01-01 00:00 380918 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\I4ZTInWGA.exe" [2009-12-31 1389904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OneSuite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OneSuite.lnk
backup=c:\windows\pss\OneSuite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-08-14 08:07 102400 ----a-w- c:\program files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 16:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 19:10 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-05-27 02:41 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 11:37 AM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2009 2:58 AM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 6:32 PM 23888]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [10/15/2008 11:09 AM 146368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-839522115-1003Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 23:52]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-839522115-1003UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 23:52]

2009-12-31 c:\windows\Tasks\Norton Security Scan for Chris.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-12-11 21:15]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\c05lswwe.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\Chris\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-31 19:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Roxio\Virtual Drive 9\DC_ShellExt.dll
c:\windows\system32\CDRAL.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-12-31 19:25:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-01 03:25
ComboFix2.txt 2010-01-01 00:05

Pre-Run: 18,622,447,616 bytes free
Post-Run: 18,593,878,016 bytes free

- - End Of File - - 854AA43568219560D89F93100A7AC67D

sehsails
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by Dr Jay on 1st January 2010, 4:04 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by sehsails on 1st January 2010, 4:48 am

A screen popped up saying no malicious items had been detected. Here is my scan from Malwarebytes:

Malwarebytes' Anti-Malware 1.43
Database version: 3466
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/31/2009 8:47:53 PM
mbam-log-2009-12-31 (20-47-53).txt

Scan type: Quick Scan
Objects scanned: 107073
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sehsails
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by Dr Jay on 1st January 2010, 5:19 am

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by sehsails on 1st January 2010, 5:45 am

Here is the log from security Check

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton 360
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

sehsails
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus - Fake Windows Security Scan

Post by Dr Jay on 1st January 2010, 6:24 am

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum