Spyware popups "Security System..."

[six4au]

Well I guess I have downloaded some spyware and can't seem to get rid of it. I am getting the red popup with the title "Security System Warning" and listing of the infected file C:\windows\wml.exe. I am also getting the blue popup titled "Security System, Protection Control Panel" listing possible spyware threat "TrojanDownloader.XS". I'm looking for help in getting rid of these popups and any other possible spyware or malware I may have downloaded.

Thanks in advance for any help anyone can give me,

six4au

 

[kimsland]

Malwarebytes' Anti-Malware (1.4Meg Download) should at least remove the exe, and possible other dlls.
Install, Update and Scan

Please follow all proceedures in Viruses/Spyware/Malware, preliminary removal instructions after that.

 

[kritius]

Heres a quick guide for Malwarebytes

: Malwarebytes' Anti-Malware :

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 

[kimsland]

kritius,

Can you help me?

PTARMANDO stop posting here.

You need to make a NEW thread just for you here https://www.techspot.com/vb/menu28.html

Also do NOT reply to yourself anymore, any member attached to this post (or any post) you multiple reply on, will get MULTIPLE emails. It is VERY annoying.
So stop it, and go and make your own thread !

 

[frannip]

me too

I have the IDENTICAL problem. I have a current thread that is a little further along in a resolve than yours. I have tried many things and I've been instructed to do many things and nothing has worked in regards to this specific issue thus far.

I have yet to try the most recent suggestion (AVG anti-spyware). You can follow along that thread too.

 

[kimsland]

frannip your thread is waiting for a reply from you, here https://www.techspot.com/vb/showthread.php?p=597630#post597630

Your issues and PTARMANDO issues and the original posters issues six4au.
are NOT the same. Although the fault may be, each user will have a totally different HJT log. Therefore they need individual instructions.

If they were the exact same, a tutorial would be made, and we would say look here, and reply back later !

 

[frannip]

reword my post

I will reword my post .... I have the identical POP-UPS that I cannot get rid of possibly stemming from the same spyware/malware/viurs infection.

Sorry for the confusion. Obviously every machine is unique but the infections can be the same and result in the same or similar problem. That is what I meant.

I also made reference that "I have yet to try the most recent suggestion ...." which clearly shows that I have yet to reply to the latest suggestion.

No need to get annyoed. We're all here to help each other if we can.

 

[kimsland]

I'm calm now.
I agree it was an outburst by me though. And see your point too.

I'm going to try to get these posts removed (passively speaking!) as they don't have relevance to six4au exactly

 

[six4au]

kimsland and kritius,thanks for the advice. I have run Malwarebytes Anti-Malware program and here is my log file. I am posting this before I restart as suggested by the program. I will check this forum after that.

Again, thanks.
six4au

Malwarebytes' Anti-Malware 1.09
Database version: 568

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 121430
Time elapsed: 24 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f9b56a55-30f2-489f-88d0-2b7e5d498a5f} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\downloader.downloaderctrl.1 (Adware.2020search) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d322f612-158e-421d-b8ce-acde0d343553} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbgtorfd (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> No action taken.

Files Infected:
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP766\A0094427.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP766\A0094477.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP766\A0094624.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP766\A0094625.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP766\A0094626.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rs.txt (Malware.Trace) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\delrb.bat (Dialer) -> No action taken.

 

[kritius]

You need to run it again and make sure it removes selected.

 

[six4au]

kritius,

While I was running the program again, I received the same two popups as decribed before. Here is the log file of that execution

Malwarebytes' Anti-Malware 1.09
Database version: 568

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 122085
Time elapsed: 26 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


After I finished that execution, I check for updates and disabled my network connection and re-ran Anti-Malware. Here is that log file.

Malwarebytes' Anti-Malware 1.09
Database version: 568

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 122090
Time elapsed: 24 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


It looks like it might have removed it all.

Do you recommend any other course of action?

six4au

 

[six4au]

Well, I just got the red popup about spyware after I had thought everything was cleaned. The popup takes me to some webpage to purchase spyware removal software. I'm not sure what to do next.

six4au

 

[frannip]

I have a fix but its not free

I had the same security pop-ups and fake alerts as well. Red screen and all. After many many hours of scans and cleans and what not nothing was working. I decided to download SpyDoctor from PC tools and run it.

It returned a bunch of trojans that the other scans didn't catch. Without fixing anything, I even tried running the other scans and they came back clean! Unfortunately, in order for SpyDoctor to clean anything you have to buy it. Its not alot and definitely worth it.

I cleaned everything it found and have not had a problem !!! But this is just what worked for me. If you buy it, do so at your own discretion. There's no guarantee that it will solve your problem. I'm only sharing what worked for me.

Good luck.

 

[kimsland]

Thanks frannip

Is there a log from SpyDoctor that you could post
That way we can possibly see all the registry keys and files it found and removed

ie There must be a free way for others to use.

 

[frannip]

There are over 150 entries (1 for each infection found) then another 1 for the cleaning results. I can't save a log, I have to save each and every one individually . Oh, and they're in ITALIAN. I'm trying to find a way.

There was about 25 that were quarantined that I believe one of them was the culprit. Maybe I can do those. I'll see what I can swing and will def post.

 

[kimsland]

Doh !
Ok Italian, lots of different logs.
Maybe don't worry, that's sad

 

[CompProblem4]

I am having the same pop-ups re: System Security Warning (which wants me to purchase their software & state that I have 38 dangers to my computer)

I have downloaded SpyDoctor & it found nothing. And I then downloaded MalwareBytes and I am currently scanning but so far it has found No Objects Infected and it is almost done. How can I possibly remove this stupid thing.

As I stated above - there were no threats found but I still have this stupid System Security on my computer popping up
But here is the malware report
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6000

12/22/2008 2:59:19 PM
mbam-log-2008-12-22 (14-59-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 175357
Time elapsed: 1 hour(s), 28 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Is there anything else I can try??????

 

[klepto12]

Do a quick scan and make sure its up to date also try spybot search and destroy it great finds everything malwarebytes misses.

 

[kimsland]

Have a look at:

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

And then create a New Thread just for you, with any\all details
This thread is very old, and not intended for new members to post on

Sorry you will not be helped further on this thread