Malwareteks: Forums / Resolved Malware Threads / [RESOLVED] Pop up block reads: Attention (Name)! Some dangerous viruses detected in your system...

Forums

Malwareteks :: Forums :: Malware Support :: Resolved Malware Threads		<< Previous thread \| Next thread >>
[RESOLVED] Pop up block reads: Attention (Name)! Some dangerous viruses detected in your system...


Moderators: ShadowPuterDude, tayspen, D3m3nt3d, Brandon, Neal, jholland1964, TurcoLoco, Windsor, JeanInMontana, RatHat, MrCharlie, evilfantasy	This thread is now closed

Author Post

ShaunNovo

Thu Jul 03 2008, 10:22AM

Guest

Thanked times in posts

Hey guys,
Ive tried FixIEDef but it says nothing was found. I still have this message coming on the whole time.

Full Pop up:
Attention (Name)! Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (recommended)

I have Avg 8 free edition
Windows XP home edition SP2

thanks a mill

ShadowPuterDude

Thu Jul 03 2008, 06:11PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Welcome to MalwareTeks.

I will need logs from both HijackThis and ISeeYouXP.

Download links and instruction for both can be found in our Malware Cleaning Guide.

Attach both logs in your reply.

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218

ShaunNovo

Fri Jul 04 2008, 06:29AM

Guest

Thanked times in posts

Thans for your effort ShadowPuterDude!

I have a C master and E slave drive. E drive has the most stuff installed onto it because its the biggest.
I think the virus came from an infected file on the E drive which i deleted. Does Hijackthis and IseeyouXP check the E drive as well?

hijackthis.log

iseeyouxp.txt

ShadowPuterDude

Fri Jul 04 2008, 07:39AM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

FixIEDef should be removing this variant of the 'Fake Alert' Trojan.

Delete all copies of FixIEDef

Download to your Desktop:
- ATF Cleaner by Atribune to the Desktop
- Pocket Killbox to the Desktop
- ExplorerXP
- FixIEDef by ShadowPuterDude to the Desktop

Install ExplorerXP

Temporarily disable any real-time protection

-----------------------------------------------------------

Please note that as long as you're using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

Additional information on the safety of Peer to Peer Networks is here : http://www.spywareinfo.com/articles/p2p/

You can also catch a list of tested P2P programs here: http://p2p.malwareremoval.com/

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

wrote ...
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment Standard Edition v1.3.1_06
Java(TM) 6 Update 2

-----------------------------------------------------------

The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 6u6 available from Sun Microsystems. Uninstall all older versions of Java on your computer, before installing the latest version of Java.

-----------------------------------------------------------

Run HijackThis Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:


R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

-----------------------------------------------------------

Run Windows Cleanup.

Run ATF Cleaner.

As an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

-----------------------------------------------------------

Run FixIEDef:

Double-click FixIEDef

Click 'Accept'

Click 'Scan'

Wait for the scan to finish. It won't take very long.

WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click 'Exit' once FixIEDef displays the All Finished message.

-----------------------------------------------------------

Post fresh logs for the following:
HijackThis
ISeeYouXP
FixIEDef

HijackThis and ISeeYouXP only examine those ares of the Registry and File System, normally used by Malware.

[ Edited Fri Jul 04 2008, 07:40AM ]

ShaunNovo

Fri Jul 04 2008, 09:32AM

Guest

Thanked times in posts

Man it seems like this piece of (enter swearword here) is deleted!
Thanks a lot man I dont know how to express how much i appreciate all your help!!!
This is the nastiest piece of malware or whatever you call it i have ever seen and the most irritating!
Thanks a million!!

fixiedef.log

hijackthis.log

iseeyouxp.txt

ShadowPuterDude

Fri Jul 04 2008, 12:53PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps

Delete the following from your Desktop (If they exist)
ISeeYouXP.exe
ISeeYouXP.txt
FixIEDef.exe
FixIEDef.txt

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

That should take care of everything.

Safe Surfing!

hysteresis

Sat Jul 05 2008, 01:29AM

Registered Member #196

Joined: Sat Jul 05 2008, 01:18AM
Posts: 1
Thanked 0 times in 0 post

i'm having same message, too. i ran FixIEDef but the problem continues. each time FixIEDef runs a scan, it keeps deleting C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\*.*

shall i post logs from HijackThis and ISeeYouXP or will the solution above work for me too?

ShadowPuterDude

Sat Jul 05 2008, 08:17AM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Hello hysteresis, and welcome to MalwareTeks.

Yes, I will need logs from HijackThis and ISeeYouXP.

Please start your own thread, as it is considered improper to 'piggy-back' someone else's support thread.


Jump: Back to top