Please Help: Virus/Spyware Attack!!!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Chit Chat
    Confirmed User
    • Oct 2008
    • 747

    #1

    Please Help: Virus/Spyware Attack!!!

    This is the message that keeps popping up on my PC:

    Spyware alert!

    Vulnerabilities found

    Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended you disinfect your computer and acivate Realtime secure protection against future intrusions.

    Another pop up that keeps appearing reads as follows:

    INFILTRATION ALERT

    Your computer is being attacked by an internet virus. It could be a password - stealing attack, a trojan - dropper or similar.

    DETAILS

    Attack from: 201.14.44.172, Port 10921 (keeps changing with every pop up)
    Attacked: Port 34072 (keeps changing with every pop up)
    Threat: BankerFox.A

    Do you want to block this attack?


    I have clicked the right button of my mouse, then Properties and checked out where this pop up in being launched from and realised that it's from the following location:

    kaka://C:\WINDOWS\sysguard.exe/netalert.htm


    How do I get rid of it? I have tried scanning for viruses and spyware using McAfee but it's showing nothing. Please help me. Many thanks.

    ICQ: 403163346
  • polish_aristocrat
    Too lazy to set a custom title
    • Jul 2002
    • 40377

    #2
    most likely a fake virus warning, quite likely your only infection is that program that displays this warning ... it will scam you into paying for their "anti virus" and in the meantime it will only infect you more and more with some serious trojans and backdoors etc


    download this program, make sure you have their newest malware definitions and run a full scan http://www.malwarebytes.org/

    if it gets rid of it, you're lucky, but make sure you have a good real time antivirus and firewall on your machine
    Last edited by polish_aristocrat; 03-07-2009, 04:55 AM.
    I don't use ICQ anymore.

    Comment

    • Machete_
      WINNING!
      • Oct 2002
      • 14579

      #3
      Its a Malware that gives you fake virus alerts. You need to install and run this
      http://download.bleepingcomputer.com...mbam-setup.exe

      Make sure you disable systemrestore FIRST

      Comment

      • Chit Chat
        Confirmed User
        • Oct 2008
        • 747

        #4
        Originally posted by polish_aristocrat
        most likely a fake visur warning, quite likely your onlyi nfection is that program that displays this warning ... it will scam you into paying for their "anti virus" and in the meantime it will only infect you more and more with some serious trojans and backdoors etc


        download this program, make sure you have their newest malware definitions run a full scan http://www.malwarebytes.org/
        polish_aristocrat, thank you so much for your prompt response. These pop up are getting into my nerves.

        My Internet Explorer won't open any website as well. Here is the message popping up every time I try to use Internet Explorer:

        Internet Explorer Warning - visiting this web site may harm your computer!

        Most likely causes:
        The website contains exploits that can launch a malicious code on your computer
        Suspicious network activity detected
        There might be an active spyware running on your computer

        What you can try:


        Purchase Spyware Protect 2009 for secure Internet surfing (Recommended).


        Check your computer for viruses and malware.


        More information


        Will the same software you've recommended fix this problem?

        ICQ: 403163346

        Comment

        • Chit Chat
          Confirmed User
          • Oct 2008
          • 747

          #5
          Originally posted by ebus_dk
          Its a Malware that gives you fake virus alerts. You need to install and run this
          http://download.bleepingcomputer.com...mbam-setup.exe

          Make sure you disable systemrestore FIRST

          ebus_dk, thank you for your advise. How do I disable systemrestore? Please excuse my ignorance. Thank you.

          ICQ: 403163346

          Comment

          • polish_aristocrat
            Too lazy to set a custom title
            • Jul 2002
            • 40377

            #6
            well ebus and I recommended the same program, so it's a sign it is the leading one on the market

            I am by no means a malware removal expert, if you can't open IE then its very bad already, but you might try to do it in safe mode, with internet access?

            just reboot your PC, press F5 or F8 all the time (I constantly forget) and access safe mode

            alternativelly, download the malwarebytes installer on another machine, copy to a CD and install on your infected one


            another two very good programs that you may use after the malwarebytes scan: http://www.superantispyware.com/ and http://www.freedrweb.com/
            I don't use ICQ anymore.

            Comment

            • DutchTeenCash
              I like Dutch Girls
              • Feb 2003
              • 21684

              #7
              fake malware

              get search n destroy free good and it works

              ICQ 16 91 547 - SKYPE dutchteencash
              bob AT dutchteencash DOT com
              ... did you see our newest Sweet Natural Girl Priscilla (18)?

              Comment

              • Chit Chat
                Confirmed User
                • Oct 2008
                • 747

                #8
                @polish_aristocrat, ebus_dk and DutchTeenCash, thanks for your suggestions. I will try it and let you know how it goes. Many thanks indeed.

                ICQ: 403163346

                Comment

                • rowan
                  Too lazy to set a custom title
                  • Mar 2002
                  • 17393

                  #9
                  When you have everything cleaned up, install Seamonkey or Firefox. IE is full of holes.

                  Comment

                  • Chit Chat
                    Confirmed User
                    • Oct 2008
                    • 747

                    #10
                    @polish_aristocrat, ebus_dk, DutchTeenCash and rowan, thank you very much indeed for the help. It's all cleaned up now. There were 42 infected files all together.

                    ICQ: 403163346

                    Comment

                    • chris_joseph
                      Confirmed User
                      • Apr 2006
                      • 1056

                      #11
                      just to make sure your pc is virus/trojan-free, install trojan remover ( http://www.simplysup.com/tremover/download.html ).
                      Web and Graphic Designer
                      Hit me up on ICQ#291166250

                      Comment

                      • Scott McD
                        Too lazy to set a custom title
                        • Nov 2002
                        • 67798

                        #12
                        Sounds like a pain in the ass. I hate when i get any annoying shit like that. Thankfully not had anything in a while. Hope it stays that way.

                        Let us know if you get it removed...


                        I Buy My High Quality Traffic Here, You Should Too!

                        Comment

                        • IllTestYourGirls
                          Ah My Balls
                          • Feb 2007
                          • 14311

                          #13
                          malwarebytes is the best IMO

                          Comment

                          • cess
                            Confirmed User
                            • Sep 2006
                            • 2921

                            #14
                            Originally posted by IllTestYourGirls
                            malwarebytes is the best IMO
                            As far as viruses go I'd have to disagree there. Kaspersky has had the highest detection rate for years now. In fact a lot of the other anti-virus companies were falling behind, so they just started detecting anything suspicious as a virus just to keep up.

                            Comment

                            • Chit Chat
                              Confirmed User
                              • Oct 2008
                              • 747

                              #15
                              Hi everyone! Those extremely annoying pop ups are back again. I installed Malwarebytes' Anti-Malware and have been running after every few hours since yesterday but two particularly annoying pop just won't go away. There is also this "Windows Security alert" that keeps popping up at the bottom right corner of my screen before the pop ups mentioned in my post number one of this thread appear.

                              How do I prevent these pop ups from appearing after every few minutes on my screen? I would also be glad if you could explain to me how I could block pop ups from the following websites from appearing on my screen everytime I come online:

                              Spyware Protect 2009

                              DecodingGQ setup

                              http://fastantimalwarescan.com

                              http://toplop.com


                              Thank you once again guys.

                              ICQ: 403163346

                              Comment

                              • Chit Chat
                                Confirmed User
                                • Oct 2008
                                • 747

                                #16
                                Could someone please tell me whether or not there would be any problem with my PC if I deleted the following because that's the location from where pop ups are being launched I suppose? I don't remember having created a directly called "kaka"

                                kaka://C:\WINDOWS\sysguard.exe/netalert.htm


                                And if my system won't get affected, how do I delete it? Many thanks.

                                ICQ: 403163346

                                Comment

                                • MindWaste
                                  Confirmed User
                                  • Mar 2001
                                  • 3662

                                  #17
                                  Originally posted by Chit Chat
                                  Could someone please tell me whether or not there would be any problem with my PC if I deleted the following because that's the location from where pop ups are being launched I suppose? I don't remember having created a directly called "kaka"

                                  kaka://C:\WINDOWS\sysguard.exe/netalert.htm


                                  And if my system won't get affected, how do I delete it? Many thanks.
                                  that kaka is before you hd's main name i have no idea what that means.
                                  Traviss Solomon ----- HOGDICE.COM
                                  HOGDICE.COM is a broken website if you have advice email me....

                                  Comment

                                  • MindWaste
                                    Confirmed User
                                    • Mar 2001
                                    • 3662

                                    #18
                                    Originally posted by MindWaste
                                    that kaka is before you hd's main name i have no idea what that means.
                                    oh im retarted that is a web link.
                                    Traviss Solomon ----- HOGDICE.COM
                                    HOGDICE.COM is a broken website if you have advice email me....

                                    Comment

                                    • Chit Chat
                                      Confirmed User
                                      • Oct 2008
                                      • 747

                                      #19
                                      Originally posted by MindWaste
                                      that kaka is before you hd's main name i have no idea what that means.
                                      Yes, the alerts are being launched from that location I suppose. I was wondering whether or not it's possible to delete it and if it would affect the functioning of my PC?

                                      ICQ: 403163346

                                      Comment

                                      • Chit Chat
                                        Confirmed User
                                        • Oct 2008
                                        • 747

                                        #20
                                        Originally posted by MindWaste
                                        oh im retarted that is a web link.
                                        How do I delete it?

                                        ICQ: 403163346

                                        Comment

                                        • mule
                                          Confirmed User
                                          • Jan 2002
                                          • 6085

                                          #21
                                          Originally posted by Chit Chat
                                          Could someone please tell me whether or not there would be any problem with my PC if I deleted the following because that's the location from where pop ups are being launched I suppose? I don't remember having created a directly called "kaka"

                                          kaka://C:\WINDOWS\sysguard.exe/netalert.htm


                                          And if my system won't get affected, how do I delete it? Many thanks.
                                          Yep, sounds like you're in deep kaka

                                          On a serious note though: go to google and do a search for "kaka://C:\WINDOWS\sysguard.exe/netalert.htm"

                                          Also, hit Ctrl/Alt/Del and check which processes are running. Do a search on google for the processes that look fishy.

                                          HijackThis, Spybot Search and Destroy and Adaware are all free, and between the 3 of them (and some research on Google) you should manage to kill them all off.
                                          Converting like a mofo

                                          Comment

                                          • Chit Chat
                                            Confirmed User
                                            • Oct 2008
                                            • 747

                                            #22
                                            Originally posted by mule
                                            Yep, sounds like you're in deep kaka

                                            On a serious note though: go to google and do a search for "kaka://C:\WINDOWS\sysguard.exe/netalert.htm"

                                            Also, hit Ctrl/Alt/Del and check which processes are running. Do a search on google for the processes that look fishy.

                                            HijackThis, Spybot Search and Destroy and Adaware are all free, and between the 3 of them (and some research on Google) you should manage to kill them all off.
                                            mule, I'm not only in deep kaka but also extremely angry with these pop ups that just won't go away. Every time I run Malwarebytes' Anti-Malware, there's always some 'Objects infected'. I wish someone could tell me how to prevent these pop up I mentioned in post number one of this thread from appearing on my screen.

                                            ICQ: 403163346

                                            Comment

                                            • qxm
                                              Confirmed User
                                              • Jul 2006
                                              • 5970

                                              #23
                                              1. if you had a free AV such as AVG or comodo AV (now included with the firewall) ... uninstall them.. they are worthless.. get Avast or Antivir...

                                              2. Install Spybot... then scan ur pc.. this will not solve all your problems but will help you get rid of the more superficial problems... DO NOT IMMUNIZE YET!

                                              3. Get HijackThis which is a free tool from trend micro.. take a good look at the processes running.. take note of the ones you don't recognize and kill them..do a google search bout the ones u don't recognize

                                              4. Update Avast or antivir or whatever paid antivirus u r using.. Do a full system scan in Safe mode and THEN do a boot-time scan...

                                              5. By now you should have identified the crapware with Hijackthis and removed the virus/trojan/scareware that is fucking ur system.. now run Spybot one more time and immunize your system....

                                              Done..
                                              Last edited by qxm; 03-08-2009, 03:07 AM.

                                              ICQ: 266990876

                                              Comment

                                              • mule
                                                Confirmed User
                                                • Jan 2002
                                                • 6085

                                                #24
                                                Originally posted by Chit Chat
                                                I wish someone could tell me how to prevent these pop up I mentioned in post number one of this thread from appearing on my screen.
                                                I did a google search for "BankerFox.A" and a shitload of results come up. From the first one: ( http://www.pandasecurity.com/homeuse...idvirus=203354 )

                                                "BankerFox.A is a Trojan that is designed to steal users' banking data related to certain banking entities."

                                                Seriously, go to google and do some research. From the sound of it, BankerFox.A isn't your only problem. Malware and trojans don't all behave in the same way, so it's not much use asking here, the answers relating to your particular infections are a google-search away.
                                                Converting like a mofo

                                                Comment

                                                • PersianKitty
                                                  Meow Media Inc.
                                                  • Jul 2001
                                                  • 7785

                                                  #25
                                                  Between kids computers and their friends computers I'm about ready to start charging for my time when getting rid of these dang malware pests.

                                                  Tonight..dunno what I was doing, but went to change something and when I rebooted I opened a statsremote window (I'll be glad when it's not mandatory that it opens in IE). Click on something and up pops a window telling me about some car stuff, close it, click again.. new window about antivirus software... etc.

                                                  Ran Hijack this and also checked my Registry file and sure enough some pesky program. Before I went just deleting willynilly, I thought I'd give System Restore a try for once since it worked for my son's pc the last time I fixed a bug on it. Had a restore point just a couple of hours before.. All fixed...suspect registry key was gone.

                                                  Wish I could shoot the damn bastards.

                                                  Comment

                                                  • Matt 26z
                                                    So Fucking Banned
                                                    • Apr 2002
                                                    • 18481

                                                    #26
                                                    Download SuperAntiSpyware and Spybot and do a scan. Don't rely on just one (but if I did it would be SuperAntiSpyware).

                                                    Then run a bunch of these free online scanners.

                                                    http://www.google.com/search?rlz=1C1...+virus+scanner

                                                    Now what you need is any firewall with program permissions. LookNstop is a very lightweight solution.

                                                    Comment

                                                    • Matt 26z
                                                      So Fucking Banned
                                                      • Apr 2002
                                                      • 18481

                                                      #27
                                                      Originally posted by PersianKitty
                                                      Between kids computers and their friends computers I'm about ready to start charging for my time when getting rid of these dang malware pests.
                                                      We need stricter laws. The punishment for installing trojan-like programs should match that of breaking into someone's house and installing a hidden camera and mic.

                                                      Comment

                                                      • Chit Chat
                                                        Confirmed User
                                                        • Oct 2008
                                                        • 747

                                                        #28
                                                        From the list of 'Objects infected' that I have so far deleted, I can confirm that most, if not all of them are Trojans. Most of them went like....

                                                        Trojan.DNSChanger

                                                        Trojan.Agent

                                                        Trojan.FakeAlert

                                                        C:\\WINDOWS\system32\iehelper.dll

                                                        The biggest problem I'm struggling with right now is how to STOP the following Fake Alert pop ups from appearing on my screen after every few minutes.

                                                        Spyware Alert (which is actually fake I suppose)

                                                        Windows Security alert (which is actually fake)

                                                        Software Protect 2009 alert (which is also fake)

                                                        And also pop ups from the following websites:

                                                        http://toplop.com

                                                        http://bfc.myway.com

                                                        http://fastantimalwarescan.com

                                                        If I could be able to get rid of these, then my problem would be solved.

                                                        ICQ: 403163346

                                                        Comment

                                                        • MindWaste
                                                          Confirmed User
                                                          • Mar 2001
                                                          • 3662

                                                          #29
                                                          Originally posted by mule
                                                          Yep, sounds like you're in deep kaka

                                                          On a serious note though: go to google and do a search for "kaka://C:\WINDOWS\sysguard.exe/netalert.htm"

                                                          Also, hit Ctrl/Alt/Del and check which processes are running. Do a search on google for the processes that look fishy.

                                                          HijackThis, Spybot Search and Destroy and Adaware are all free, and between the 3 of them (and some research on Google) you should manage to kill them all off.
                                                          right click on the main bar where it shows what windows you have open on windiws and hit taskmanager fer same results.
                                                          Last edited by MindWaste; 03-08-2009, 04:07 AM.
                                                          Traviss Solomon ----- HOGDICE.COM
                                                          HOGDICE.COM is a broken website if you have advice email me....

                                                          Comment

                                                          • MikeSmoke
                                                            Confirmed User
                                                            • Nov 2002
                                                            • 3241

                                                            #30
                                                            If you find you absolutely can't get it cleaned...go here.
                                                            http://forums.majorgeeks.com

                                                            They have some terrific people there who will, after you first run all the diagnostics they require - WILL work with you until everything is off your system. Just be patient if you use them - they're a little slow, and they get touchy if you try to "cut in line" --- but they will get you up and running again.

                                                            icq: 541-739-92

                                                            Comment

                                                            • Kick Ass Chat
                                                              Confirmed User
                                                              • Dec 2002
                                                              • 2057

                                                              #31
                                                              After all of the above fails the only real fix is to Format c and start all over with a clean os install. You will thank me later as this will be the best and only real fix that will take only 40 mins or less.
                                                              [email protected]

                                                              Comment

                                                              • Chit Chat
                                                                Confirmed User
                                                                • Oct 2008
                                                                • 747

                                                                #32
                                                                Thank you guys for your advise. Much appreciated.

                                                                ICQ: 403163346

                                                                Comment

                                                                • polish_aristocrat
                                                                  Too lazy to set a custom title
                                                                  • Jul 2002
                                                                  • 40377

                                                                  #33
                                                                  you may use this tool, as described here: (it works definitely for XP, not sure about Vista)

                                                                  http://www.bleepingcomputer.com/comb...o-use-combofix

                                                                  just make sure that while downloading it, don't save it as combofix.exe, save it as 54321.exe or so
                                                                  Last edited by polish_aristocrat; 03-08-2009, 06:35 AM.
                                                                  I don't use ICQ anymore.

                                                                  Comment

                                                                  • polish_aristocrat
                                                                    Too lazy to set a custom title
                                                                    • Jul 2002
                                                                    • 40377

                                                                    #34
                                                                    Originally posted by Chit Chat
                                                                    ebus_dk, thank you for your advise. How do I disable systemrestore? Please excuse my ignorance. Thank you.
                                                                    http://service1.symantec.com/SUPPORT...9?OpenDocument
                                                                    I don't use ICQ anymore.

                                                                    Comment

                                                                    • SuzzyQ
                                                                      Confirmed User
                                                                      • Dec 2006
                                                                      • 1557

                                                                      #35
                                                                      Originally posted by GirlsFreePics
                                                                      After all of the above fails the only real fix is to Format c and start all over with a clean os install. You will thank me later as this will be the best and only real fix that will take only 40 mins or less.
                                                                      I have to agree. With all the time you have spent dicking around with this trojan, you could have reformatted the HD and reinstalled everything. By now, you would have a clean machine.

                                                                      It only takes about 2 hours for us to reformat our HD and reinstall everything from scratch. The key is to have all the software you are reinstalling on an external drive first. It goes really fast and saves hours of aggravation.

                                                                      Words from (unpleasant)experience.

                                                                      Comment

                                                                      Working...