TechSpot

Spyware Antivirus-2008-pro attack

By God Of Mana
Aug 11, 2008
  1. Okthe options for desktop background have been disabled. I can no longer access the task manager. And while I try to use the internet, I get notices about unsecure internet connections. (the look fake )
    My background has turned to a notification that i am infected by spyware.
    This porgram antivirus-2008-pro is the culprit. And every few minues i get a notification about spyware infection. It is ALL fake.
    Log attaced. Help me please.

    Also my C drive is gone from the mycomputer dialouge. I can still acess it by typing in C:
     
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Lets start by running the tools below

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    ========================================

    Please run an on-line virus scan at http://www.kaspersky.com/virusscanner[b][color=blue]Kaspersky OnLine Scan[/color][/b] or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

    Then post a fresh hijackthis log
     
  3. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    I was doing a scan whie I was typing up the post. LOL
    I got 93 infections. I restarted and did a avast! Boot scan. Found a total of 94 spyware and trogans. o.O
    I now get some bad image error on startup about a dll with a really long and strange name. I only restarted once, so this is a 1st time error.

    All the problems seem to be gone now.
     
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    If you do things with out my advice it will complicate things for you and me

    Ex: You do something and I do not know what you did.

    If you ran MBAM "the tool above" please attach the log
     
  5. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Ok sorry.
     
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Open MBAM and click on the Quarantined tab on the top and delete everything there

    Post a fresh hijackthis log
     
  7. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Attached......
     
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please look at the R1 item below before removing it if you did not set that proxy then remove it also are you part of a domain called Ann

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*&*reboot

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b]C:\WINDOWS\privacy_danger[/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
  9. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Log info:
    I did alittle poking around too, I couldn't find the file.
     
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    run hijack this and place a check next to the item below

    O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
     
  11. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Its not there...
    Mabe because I Fixed it by using hyjack this.
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

  13. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...