Username:    Password:    Remember me     
Google
 

Forums


Malwareteks :: Forums :: Malware Support :: Resolved Malware Threads
 
<< Previous thread | Next thread >>
[RESOLVED] Attention (Name)! Some dangerous viruses detected in your system!
Moderators: ShadowPuterDude, tayspen, D3m3nt3d, Brandon, Neal, jholland1964, TurcoLoco, Windsor, JeanInMontana, RatHat, MrCharlie, evilfantasy
This thread is now closed
Author Post
Jo
Sun Aug 10 2008, 01:38AM
Registered Member #264
Joined: Sun Aug 10 2008, 01:23AM
Posts: 2
Thanked 0 times in 0 posts
Hi, I'm hoping someone here can help me, I'm having a problem with a virus I got. The full popup states

Attention (Name)! Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (recommended)

I have downloaded and run IseeYouXP and HijackThis and have attached the logs from both scans.

Thankyou in advance for any help
hijackthis.log
iseeyouxp.txt
Back to top
ShadowPuterDude
Sun Aug 10 2008, 07:36AM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
Welcome to MalwareTeks.

Download FixIEDef by ShadowPuterDude to the Desktop.

Disable real-time protection that can interfer with FixIEDef:

Disable Windows Defender until the computer is clean
  • Open Windows Defender
  • Select Tools and then General Settings
  • Under Real Time Protection Options uncheck Turn on real-time protection
  • Select Save
Don't forget to re-enable it, when your computer is clean.

Disable SUPERAntiSpyware until the computer is clean
  • Right-click on the shortcut from the system tray
  • Choose View Control Center (preferences/options)
  • On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
  • Click Close to exit.
Don't forget to re-enable it, when your computer is clean.

Disable Teatimer
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

Run FixIEDef:

Double-click FixIEDef


Click 'Accept'


Click 'Scan'


Wait for the scan to finish. It won't take very long.


WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during scanning. The icons and Start Menu on your Desktop will not be visible while FixIEDef is scanning. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file(s) is(are) removed.

Click 'Exit' once FixIEDef displays the All Finished message.


Attach the Results of the scan:

Attach the FixIEDef log file, located on the Desktop.


Attach fresh HijackThis and ISeeYouXP logs as well.


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
Jo
Mon Aug 11 2008, 07:17AM
Registered Member #264
Joined: Sun Aug 10 2008, 01:23AM
Posts: 2
Thanked 0 times in 0 posts
Thankyou so much for that, it seems to have fixed all the problems.

You are a legend for helping people like this.
fixiedef.log
hijackthis.log
iseeyouxp.txt
Back to top
ShadowPuterDude
Mon Aug 11 2008, 07:58AM
...the Shadow knows


Registered Member #1
Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts
The Fake Alert Trojan as been removed by FixIEDef. However there are a couple of things you still need to do before I declare the system "All Clear".

Using Add or Remove Programs in the Control Panel; uninstall the following:
wrote ...
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 4

The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 6uy available from SunMicrosystems. Uninstall all older versions of Java on your computer, before installing the latest version of Java.

The installed version of Adobe Reader on this computer is out-dated. Install the current version of Adobe Acrobat Reader from: Adobe Reader Download

You should consider upgrading Firefox to v3.0.1

This system dos not Service Pack 3 for Windows XP installed. Once we are finished run Windows Update. Install Service pack 3 and install any other critical updates after SP3 has been installed.

Please note that as long as you're using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

Additional information on the safety of Peer to Peer Networks is here : http://www.spywareinfo.com/articles/p2p/

You can also catch a list of tested P2P programs here: http://p2p.malwareremoval.com/

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Unless you are having problems from Malware it is time to do the final steps

Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)
ISeeYouXP.exe
ISeeYouXP.txt
ISeeYouXP.lnk (Shortcut for ISeeYouXP.bat)
FixMe.reg
FixReg.reg
FixIEDef.exe
SmitFraudFix.exe
VundoFix.exe

If we used ComboFix, uninstall ComboFix by doing the following:
  • Start -> Run
  • type combofix /u
  • Click 'OK'

Delete the following: (If they exist)
C:\!KillBox
C:\ComboFix.txt
C:\ComboFix-quarantined-files.txt
C:\QooBox
C:\rapport.txt
C:\SDFix
C:\VundoFix Backups
C:\vundofix.txt
C:\WINDOWS\nircmd.exe

You can delete and unistall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

That should take care of everything.

Safe Surfing!

[ Edited Tue Aug 12 2008, 09:48PM ]

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Back to top
Website
 

Jump:     Back to top
Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System

< ASAP Member Sites | Privacy Policy | Infected? | Want to Help? | Software Piracy | Malware Complaints | About Us | Contact Us | Terms of Service >

Content Copyright 2006-2008 - MalwareTeks
This site is powered by e107, which is released under the terms of the GNU GPL License.


Banner