TechSpot

Fake System Alert: Please HELP!

By cdang
Jul 17, 2007
  1. For the past month I have been shown a balloon on my task bar that flashes from an "X" to a question mark, After googling it I am pretty sure that it is a Trojan.FakeAlert I am currently running Zonealarm, and Mcafee(with only antivirus and anti hacker on Mcafee) Every 5-10 mins an alert pops up saying:

    SYSTEM ALERT!
    System has detected a number of active spyware applications that may impact the performance of your computer.Click icon to get rid of unwanted spyware by downloading an up-to date spyware solution.

    I have Spybot Search and Destroy Ad-Aware 2007 after running both of them it still doesn't recognize that theres a problem. Mcafee doesn't detect it and Zonealarm isn't detecting it either. What can I do to get rid of this problem? Other then deleting everything on my hard drive?
     
  2. emde

    emde TS Rookie Posts: 18

    Run msconfig and check startup tab for any suspicious entries. If you find sth you should remove it in Safe Mode or kill that application before. If you kill it move cursor over icon in taskbar. It should disappear if you kill the right one.
     
  3. cdang

    cdang TS Rookie Topic Starter

    What sort of things would be under the startup tab that would be considered suspicious? and what would be considered normal? There are a lot of programs that are like this:



    HKLM\SOFTWARE\Microsoft\CurrentVer...
     
  4. almcneil

    almcneil TS Guru Posts: 1,277

    You should also run AVG Anti-Spyware. It's best to use 3 anti-spyware utils to clean yoru system.

    Also, try running the anti-spyware utils in Safe Mode. Some crafty spyware use Windows security features to hide from being detected and removed. In Safe Mode these features are removed or relaxed allowing the anti-spyware to detect and remove the offending spyware.
     
  5. emde

    emde TS Rookie Posts: 18

    1st column is name, 2nd program, 3rd where it is added - in registry (HKLM\...) or in Startup folder.
    Can you post first 2 columns?
     
  6. cdang

    cdang TS Rookie Topic Starter

    RunDll32 cmicnfg RunDll32 cmicnfg.cpl,CMICtrlWnd
    NvCpl RUNDLL32.EXE C:\WINDOWS\System22\NvCpl.dll,NcStartup
    nwiz nwiz.exe/install
    NeroCheck C:\WINDOWS\System22\NeroCheck.exe
    mcmnhdlr "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"/checktask
    mcvsshld C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    mcagent c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    mcupdate c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    zlclient "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    oasclnt C:\Program Files\Mcafee.com\VSO\oasclnt.exe
    jusched "C:\Program Files\Java\jre1.5.0_11\bin\jushed.exe"
    qttask "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper "F:\Documents and Settings\itunes\iTunesHelper.exe
    (2 Spaces here but there is still a location for it)

    Adobe Reader.. C:\PROGRA~11\Adobe\ACROBA~1.0\Reader\Reader~1.exe
    Microsoft Office F:\PROGRA~1\MICROS~1\Office10\OSA.EXE -b -|
     
  7. emde

    emde TS Rookie Posts: 18

    It looks ok. Can you follow instructions here and post HJT logs?
     
  8. CaptPajamaShark

    CaptPajamaShark TS Rookie Posts: 30

    I had this exact problem, I believe it's a trojan zblog.something something

    The way I fixed it was to run Trend Micro anti-virus and Webroot Spysweeper, both got it on their first try.

    I believe both of those are availible at www.download.com for a 30 day trial (it should get rid of them after your first try)
     
  9. cdang

    cdang TS Rookie Topic Starter

    Yea I'll go through the steps but I probably won't be able to get to it untill this weekend though, Ive been using my laptop lately but I'll run through the steps on Sat and post then, Thanks!
     
  10. Cinders

    Cinders TechSpot Chancellor Posts: 872   +12

    The naughty program is probably not going to allow you to access those sites so you can download those programs. It would be easier to access the software with your laptop and save the files to a thumb drive and then save the programs to your infected computer
     
  11. cdang

    cdang TS Rookie Topic Starter

    I followed the instructions that you has asked me to do Emde, when I got to the step that asked me to install the 3 different tools, after running the first tool the fake alert went away, so after that I just decided to let it be, since that it wasn't bothering me anymore. Thanks for your help, and if something else pops up I'll post it again.
     
  12. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    Did you mean Zlob? That's been known to cause problems like this.

    cdang, your system may still be infected, so I do recommend reading the link that
    Emde gave, following the instructions, and posting HJT, ComboFix, and AVG Anti-Spyware logs here.

    Regards :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...