Fake Windows security alert

By maharajan
Sep 11, 2008
Topic Status:
Not open for further replies.
  1. hi guys,
    i got received a fake windows security alert in my computer for the past wo days. i try to clean using some of the antivirues and the spyware softwares....but i cant fully removed frm the pc...if could some pls help me... i attached the error message with this thread....pls help me to fix the problem. thanks in advance guys......

    maha

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      44.2 KB
      Views:
      17
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

  3. maharajan

    maharajan Newcomer, in training Topic Starter

    dude,
    after did all the steps i attached the log files here.....pls guide me for the next step..... so far i didnt see the fake alert....but still my laptop running slow.....is it because of that malware?? before my pc was faster then now......thank u dude

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please do a disc cleanup and delete the temporary internet files, History, Cookies and temp files.
    Have SuperAntispyware delete the Tracking Cookies.
    Run your antivirus scan, updating right before the scan. Have SuperAntispyware remove the Cookies

    One of the reasons you're slow is because you have too much running. You have three players loading at startup, some updater and some other entries that can be stopped.

    Reopen HijackThis, scan, then check the following:
    Phime2002a is not necessary for startup. It is usually run infrequently and can be started manually if needed.
    Additional Info: Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
    Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)
    RocketDock is not necessary for startup. It is usually run infrequently and can be started manually if needed.
    Additional Info: "RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization"
    Required if you have custom settings for your sound, such as effects and environments
    >
    System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Safe Mode:

    Right click on Start> Explore> Windows> System 32, delete any and all entries of the following if present:
    First, click on Tools> Folder Options> View tab> CHECK 'show hidden files and folders'> Apply> OK>
    Windows> Prefetch> delete
    Control Panel> Java< Update tab> UNCHECK 'cheek for updates automatically'> Apply> answer Yes> OK
    Control Panel> Add/Remove Programs> find the Jave v6u6 and uninstall. That will leave you with the current version v6u7 which is on the system..

    After that, Reboot, and post a new HijackThis log here in a reply

    Run Malwarebytes again with options to fix checked, run HijackThis again. Attach both new logs.

    DO NOT use System Restore while we are cleaning. I have provided you with descriptions of some of the processes. Stopping them for starting at boot does not mean you can't use them. For instance, when you need the features of Phime2002a, go into All Programs n open the program. Same for the others. In the meantime, you will need to open each of those programs and remove any automatic startup. If any of them have a Service, you will need to change the Service to Manual instead of Automatic.
  5. maharajan

    maharajan Newcomer, in training Topic Starter

    Hi
    i attached the requested log files. and i didnt remove the Phime2002a because i am mostly using this IME translator, And i cannt find the file from " Windows\System32\SHCJGJAV.EXE" and SHCJGJAV.EXE-0898302.pf from the folder " "Windows>prefetch>"

    is there anyother thing to do make it more faster. now i feel its getting little faster. thank you very much.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Beautiful mbam log- clean as a whistle! I meant to ask about these 3 entries:
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

    Do you have to download a new program for each new Widget? I don't use this but was surprised to see 3 entries.

    Reopen HijackThis, scan, then check the following:
    The Phime is still being loaded either from Startup or the Registry: Remove these entries:
    Stop the following auto-updates:
    Delete the following entry:
    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Safe Mode.
    Control Panel> Java> Update tab> UNCHECK 'automatically check for update'> answer Yes> Apply> OK
    Do the same for Adobe.
    Control Panel> Administrative Tools> Services> right click on Bonjour> change Startup type to Manual> Stop the Service
    Start> Run> type in 'msconfig' without the quotes> Selective Startup> UNCHECK everything (including Phime snd Bonjour) EXCEPT the AVG processes, touchpad if laptop> Apply> OK> Reboot

    Close the nag message that comes up after checking 'don't show this message again'. STAY in Selective Startup.
    Run one more HijackThis and attach log. Then I'll have you cleanup the removal tools and drop old restore points.

    We also need to get a firewall on the system pluse at least one more spyware/adware program.
  7. maharajan

    maharajan Newcomer, in training Topic Starter

    Hey dude,
    after all the process i attached the new log. i cannt find the Bonjour in the "services"... but there is no improvemnet on my pc. still slow....
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Give me your system specs please:
    Operating System
    Installed RAM
    Make and Model

    I notice you're using IE8 which is still in beta. you also have the SP3 update. There is nothing in the log to account for a marked slowness- either startup or surfing. It's possible you do not have enough RAM installed- Windows XP should have at least 512MB to run well, or that the RAM is bad. You may also be having problems due to either or both the beta IE8 and SP3.

    I looked at the image again. Firewalls don't display malware names to the best of my knowledge. A firewall listens a ports and blocks IPs, not specific Trojans although there are specific ports known for specific malware. But since you're using a beta browser which may have firewall enhancements, please look here, follow the 'Disable Alert' instructions'. Once that is handled, IF the other alert appears we will know it is indeed 'fake'. It is possible this is a feature now in IE8.

    Enable or Disable Windows Firewall Notification:
    http://technet.microsoft.com/en-us/library/cc785652.aspx

    DO NOT click on the line that says' click here for recommended software'
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.