TechSpot

System Alert Popup

By Dino_82
Mar 4, 2007
  1. Hi!!
    So i ran Super anti Spyware and ive deleted most of the nasties except this little pop-up!! it just wont go away..


    Please Help!!!
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    This infection is doing the rounds at the moment, but is fairly easy to get rid of.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above. Also, attach the Autoruns log.

    Regards Howard :wave: :wave:

    This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Dino_82

    Dino_82 TS Rookie Topic Starter

    Sytem Alert PopUp

    Hi Howard,
    I followed all your instructions and it seems to have gotten rid of the pop-up,
    here is the info as requested.

    Thanks for you help so far
    :)
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Dino_82

    Dino_82 TS Rookie Topic Starter

    Sytem Alert PopUp

    Hi Howard,
    I followed your instructions,
    however while the avenger program was doing its thing it continually kept telling me to insert a cd.
    My computer is still quite slow aswell.

    I think (i hope) i did everything correctly.

    When this is all done, do i need to keep all the scanners on my computer?

    Regards
    Nadine
    :confused:
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Are you still getting the system alert popups?

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Liveupdate

    Close control panel

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    LiveUpdate
    AVG Anti-Spyware Guard

    Close the services window.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCXMNTR.EXE
    LUCOMS~1.EXE
    guard.exe

    Close task manager.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Picture Package Menu.lnk = ?

    O4 - Global Startup: Picture Package VCD Maker.lnk = ?

    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Compaq_Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\ALCXMNTR.EXE
    C:\PROGRA~1\Symantec\LIVEUP~1<Delete the entire folder.

    Reboot your system.

    Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

    Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
    * Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.

    Download and run the Blacklight programme. Follow all the instructions carefully.

    Let me know the results of the rootkit scans and how your system is running.

    Regards Howard :)

    This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Dino_82

    Dino_82 TS Rookie Topic Starter

    Hi Howard,
    Im not getting the System Alert Popup anymore, but my system is still quite slow.
    Im going to follow your instructions in your last post when i get home tonight. There seems to be a lot of work involved in your last step, is there something more serious going on that you can see?

    Regards Nadine:suspiciou
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t see anything particularly serious, but I want you to run the rootkit scans as a precaution. Also, having the AVG Antispyware resident shield running, will slow your system down. That`s why I gave instructions for stopping it.

    None of the 04 entries I`ve asked you to fix are bad, but they are unnecessary. I`m hoping that once you`ve followed the instructions above, you`ll see an improvement in speed of your system.

    Regards Howard :)

    This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Dino_82

    Dino_82 TS Rookie Topic Starter

    Thanks howard, thats a bit of a relief
     
  10. Dino_82

    Dino_82 TS Rookie Topic Starter

    Re:Sytem Alert PopUp

    Hi Howard!
    I have followed all your instructions, it was a lot easier then i thought.
    The scans for the antiroot and backlight came back with 0 files found.
    Now do i keep all the other programs i downloaded earlier? eg. Look2Me and CCleaner?

    I am attaching my latest hjt scan.

    The system is running a lot quicker then before too.

    Thanks for all Your help!!

    Kind Regards
    Nadine
    :giddy:
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    You can now get rid of the tools you downloaded, I recommend you keep the Ccleaner programme and run it on a regular basis. It`s very good at getting rid of unnecessary files from your system.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Dino_82

    Dino_82 TS Rookie Topic Starter

    Sytem Alert PopUp

    Hey Howard:wave:

    Thank you so much for your help,
    everything seems to be back the way it was, if anything my computer is a lot quicker than before,

    Lets hope im not back here to soon!!

    Thanks again

    Regards Nadine:giddy:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...