Please Help: Virus/Spyware Attack!!!

[Chit Chat]

This is the message that keeps popping up on my PC:

Spyware alert!

Vulnerabilities found

Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended you disinfect your computer and acivate Realtime secure protection against future intrusions.

Another pop up that keeps appearing reads as follows:

INFILTRATION ALERT

Your computer is being attacked by an internet virus. It could be a password - stealing attack, a trojan - dropper or similar.

DETAILS

Attack from: 201.14.44.172, Port 10921 (keeps changing with every pop up)
Attacked: Port 34072 (keeps changing with every pop up)
Threat: BankerFox.A

Do you want to block this attack?


I have clicked the right button of my mouse, then Properties and checked out where this pop up in being launched from and realised that it's from the following location:

kaka://C:\WINDOWS\sysguard.exe/netalert.htm


How do I get rid of it? I have tried scanning for viruses and spyware using McAfee but it's showing nothing. Please help me. Many thanks.

[polish_aristocrat]

most likely a fake virus warning, quite likely your only infection is that program that displays this warning ... it will scam you into paying for their "anti virus" and in the meantime it will only infect you more and more with some serious trojans and backdoors etc


download this program, make sure you have their newest malware definitions and run a full scan http://www.malwarebytes.org/

if it gets rid of it, you're lucky, but make sure you have a good real time antivirus and firewall on your machine

[Machete_]

Its a Malware that gives you fake virus alerts. You need to install and run this
http://download.bleepingcomputer.com...mbam-setup.exe

Make sure you disable systemrestore FIRST

[Chit Chat]

Quote:

Originally Posted by polish_aristocrat

most likely a fake visur warning, quite likely your onlyi nfection is that program that displays this warning ... it will scam you into paying for their "anti virus" and in the meantime it will only infect you more and more with some serious trojans and backdoors etc


download this program, make sure you have their newest malware definitions run a full scan http://www.malwarebytes.org/

polish_aristocrat, thank you so much for your prompt response. These pop up are getting into my nerves.

My Internet Explorer won't open any website as well. Here is the message popping up every time I try to use Internet Explorer:

Internet Explorer Warning - visiting this web site may harm your computer!

Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

What you can try:


Purchase Spyware Protect 2009 for secure Internet surfing (Recommended).


Check your computer for viruses and malware.


More information


Will the same software you've recommended fix this problem?

[Chit Chat]

Quote:

Originally Posted by ebus_dk

Its a Malware that gives you fake virus alerts. You need to install and run this
http://download.bleepingcomputer.com...mbam-setup.exe

Make sure you disable systemrestore FIRST

ebus_dk, thank you for your advise. How do I disable systemrestore? Please excuse my ignorance. Thank you.

[polish_aristocrat]

well ebus and I recommended the same program, so it's a sign it is the leading one on the market

I am by no means a malware removal expert, if you can't open IE then its very bad already, but you might try to do it in safe mode, with internet access?

just reboot your PC, press F5 or F8 all the time (I constantly forget) and access safe mode

alternativelly, download the malwarebytes installer on another machine, copy to a CD and install on your infected one


another two very good programs that you may use after the malwarebytes scan: http://www.superantispyware.com/ and http://www.freedrweb.com/

[DutchTeenCash]

fake malware

get search n destroy free good and it works

[Chit Chat]

@polish_aristocrat, ebus_dk and DutchTeenCash, thanks for your suggestions. I will try it and let you know how it goes. Many thanks indeed.

[rowan]

When you have everything cleaned up, install Seamonkey or Firefox. IE is full of holes.

[Chit Chat]

@polish_aristocrat, ebus_dk, DutchTeenCash and rowan, thank you very much indeed for the help. It's all cleaned up now. There were 42 infected files all together.

[chris_joseph]

just to make sure your pc is virus/trojan-free, install trojan remover ( http://www.simplysup.com/tremover/download.html ).

[Scott McD]

Sounds like a pain in the ass. I hate when i get any annoying shit like that. Thankfully not had anything in a while. Hope it stays that way.

Let us know if you get it removed...

[IllTestYourGirls]

malwarebytes is the best IMO

[cess]

Quote:

Originally Posted by IllTestYourGirls

malwarebytes is the best IMO

As far as viruses go I'd have to disagree there. Kaspersky has had the highest detection rate for years now. In fact a lot of the other anti-virus companies were falling behind, so they just started detecting anything suspicious as a virus just to keep up.

[Chit Chat]

Hi everyone! Those extremely annoying pop ups are back again. I installed Malwarebytes' Anti-Malware and have been running after every few hours since yesterday but two particularly annoying pop just won't go away. There is also this "Windows Security alert" that keeps popping up at the bottom right corner of my screen before the pop ups mentioned in my post number one of this thread appear.

How do I prevent these pop ups from appearing after every few minutes on my screen? I would also be glad if you could explain to me how I could block pop ups from the following websites from appearing on my screen everytime I come online:

Spyware Protect 2009

DecodingGQ setup

http://fastantimalwarescan.com

http://toplop.com


Thank you once again guys.

[Chit Chat]

Could someone please tell me whether or not there would be any problem with my PC if I deleted the following because that's the location from where pop ups are being launched I suppose? I don't remember having created a directly called "kaka"

kaka://C:\WINDOWS\sysguard.exe/netalert.htm


And if my system won't get affected, how do I delete it? Many thanks.

[MindWaste]

Quote:

Originally Posted by Chit Chat

Could someone please tell me whether or not there would be any problem with my PC if I deleted the following because that's the location from where pop ups are being launched I suppose? I don't remember having created a directly called "kaka"

kaka://C:\WINDOWS\sysguard.exe/netalert.htm


And if my system won't get affected, how do I delete it? Many thanks.

that kaka is before you hd's main name i have no idea what that means.

[MindWaste]

Quote:

Originally Posted by MindWaste

that kaka is before you hd's main name i have no idea what that means.

oh im retarted that is a web link.

[Chit Chat]

Quote:

Originally Posted by MindWaste

that kaka is before you hd's main name i have no idea what that means.

Yes, the alerts are being launched from that location I suppose. I was wondering whether or not it's possible to delete it and if it would affect the functioning of my PC?

[Chit Chat]

Quote:

Originally Posted by MindWaste

oh im retarted that is a web link.

How do I delete it?

[mule]

Quote:

Originally Posted by Chit Chat

Could someone please tell me whether or not there would be any problem with my PC if I deleted the following because that's the location from where pop ups are being launched I suppose? I don't remember having created a directly called "kaka"

kaka://C:\WINDOWS\sysguard.exe/netalert.htm


And if my system won't get affected, how do I delete it? Many thanks.

Yep, sounds like you're in deep kaka

On a serious note though: go to google and do a search for "kaka://C:\WINDOWS\sysguard.exe/netalert.htm"

Also, hit Ctrl/Alt/Del and check which processes are running. Do a search on google for the processes that look fishy.

HijackThis, Spybot Search and Destroy and Adaware are all free, and between the 3 of them (and some research on Google) you should manage to kill them all off.

[Chit Chat]

Quote:

Originally Posted by mule

Yep, sounds like you're in deep kaka

On a serious note though: go to google and do a search for "kaka://C:\WINDOWS\sysguard.exe/netalert.htm"

Also, hit Ctrl/Alt/Del and check which processes are running. Do a search on google for the processes that look fishy.

HijackThis, Spybot Search and Destroy and Adaware are all free, and between the 3 of them (and some research on Google) you should manage to kill them all off.

mule, I'm not only in deep kaka but also extremely angry with these pop ups that just won't go away. Every time I run Malwarebytes' Anti-Malware, there's always some 'Objects infected'. I wish someone could tell me how to prevent these pop up I mentioned in post number one of this thread from appearing on my screen.

[qxm]

1. if you had a free AV such as AVG or comodo AV (now included with the firewall) ... uninstall them.. they are worthless.. get Avast or Antivir...

2. Install Spybot... then scan ur pc.. this will not solve all your problems but will help you get rid of the more superficial problems... DO NOT IMMUNIZE YET!

3. Get HijackThis which is a free tool from trend micro.. take a good look at the processes running.. take note of the ones you don't recognize and kill them..do a google search bout the ones u don't recognize

4. Update Avast or antivir or whatever paid antivirus u r using.. Do a full system scan in Safe mode and THEN do a boot-time scan...

5. By now you should have identified the crapware with Hijackthis and removed the virus/trojan/scareware that is fucking ur system.. now run Spybot one more time and immunize your system....

Done..

[mule]

Quote:

Originally Posted by Chit Chat

I wish someone could tell me how to prevent these pop up I mentioned in post number one of this thread from appearing on my screen.

I did a google search for "BankerFox.A" and a shitload of results come up. From the first one: ( http://www.pandasecurity.com/homeuse...idvirus=203354 )

"BankerFox.A is a Trojan that is designed to steal users' banking data related to certain banking entities."

Seriously, go to google and do some research. From the sound of it, BankerFox.A isn't your only problem. Malware and trojans don't all behave in the same way, so it's not much use asking here, the answers relating to your particular infections are a google-search away.

[PersianKitty]

Between kids computers and their friends computers I'm about ready to start charging for my time when getting rid of these dang malware pests.

Tonight..dunno what I was doing, but went to change something and when I rebooted I opened a statsremote window (I'll be glad when it's not mandatory that it opens in IE). Click on something and up pops a window telling me about some car stuff, close it, click again.. new window about antivirus software... etc.

Ran Hijack this and also checked my Registry file and sure enough some pesky program. Before I went just deleting willynilly, I thought I'd give System Restore a try for once since it worked for my son's pc the last time I fixed a bug on it. Had a restore point just a couple of hours before.. All fixed...suspect registry key was gone.

Wish I could shoot the damn bastards.

[Matt 26z]

Download SuperAntiSpyware and Spybot and do a scan. Don't rely on just one (but if I did it would be SuperAntiSpyware).

Then run a bunch of these free online scanners.

http://www.google.com/search?rlz=1C1...+virus+scanner

Now what you need is any firewall with program permissions. LookNstop is a very lightweight solution.

[Matt 26z]

Quote:

Originally Posted by PersianKitty

Between kids computers and their friends computers I'm about ready to start charging for my time when getting rid of these dang malware pests.

We need stricter laws. The punishment for installing trojan-like programs should match that of breaking into someone's house and installing a hidden camera and mic.

[Chit Chat]

From the list of 'Objects infected' that I have so far deleted, I can confirm that most, if not all of them are Trojans. Most of them went like....

Trojan.DNSChanger

Trojan.Agent

Trojan.FakeAlert

C:\\WINDOWS\system32\iehelper.dll

The biggest problem I'm struggling with right now is how to STOP the following Fake Alert pop ups from appearing on my screen after every few minutes.

Spyware Alert (which is actually fake I suppose)

Windows Security alert (which is actually fake)

Software Protect 2009 alert (which is also fake)

And also pop ups from the following websites:

http://toplop.com

http://bfc.myway.com

http://fastantimalwarescan.com

If I could be able to get rid of these, then my problem would be solved.

[MindWaste]

Quote:

Originally Posted by mule

Yep, sounds like you're in deep kaka

On a serious note though: go to google and do a search for "kaka://C:\WINDOWS\sysguard.exe/netalert.htm"

Also, hit Ctrl/Alt/Del and check which processes are running. Do a search on google for the processes that look fishy.

HijackThis, Spybot Search and Destroy and Adaware are all free, and between the 3 of them (and some research on Google) you should manage to kill them all off.

right click on the main bar where it shows what windows you have open on windiws and hit taskmanager fer same results.

[MikeSmoke]

If you find you absolutely can't get it cleaned...go here.
http://forums.majorgeeks.com

They have some terrific people there who will, after you first run all the diagnostics they require - WILL work with you until everything is off your system. Just be patient if you use them - they're a little slow, and they get touchy if you try to "cut in line" --- but they will get you up and running again.

[Kick Ass Chat]

After all of the above fails the only real fix is to Format c and start all over with a clean os install. You will thank me later as this will be the best and only real fix that will take only 40 mins or less.

[Chit Chat]

Thank you guys for your advise. Much appreciated.

[polish_aristocrat]

you may use this tool, as described here: (it works definitely for XP, not sure about Vista)

http://www.bleepingcomputer.com/comb...o-use-combofix

just make sure that while downloading it, don't save it as combofix.exe, save it as 54321.exe or so

[polish_aristocrat]

Quote:

Originally Posted by Chit Chat

ebus_dk, thank you for your advise. How do I disable systemrestore? Please excuse my ignorance. Thank you.

http://service1.symantec.com/SUPPORT...9?OpenDocument

[SuzzyQ]

Quote:

Originally Posted by GirlsFreePics

After all of the above fails the only real fix is to Format c and start all over with a clean os install. You will thank me later as this will be the best and only real fix that will take only 40 mins or less.

I have to agree. With all the time you have spent dicking around with this trojan, you could have reformatted the HD and reinstalled everything. By now, you would have a clean machine.

It only takes about 2 hours for us to reformat our HD and reinstall everything from scratch. The key is to have all the software you are reinstalling on an external drive first. It goes really fast and saves hours of aggravation.

Words from (unpleasant)experience.