System Alert Popup
- Thread starter Dino_82
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
This infection is doing the rounds at the moment, but is fairly easy to get rid of.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.
Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above. Also, attach the Autoruns log.
Regards Howard :wave: :wave:
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
This infection is doing the rounds at the moment, but is fairly easy to get rid of.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.
Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above. Also, attach the Autoruns log.
Regards Howard :wave: :wave:
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Sytem Alert PopUp
Hi Howard,
I followed your instructions,
however while the avenger program was doing its thing it continually kept telling me to insert a cd.
My computer is still quite slow aswell.
I think (i hope) i did everything correctly.
When this is all done, do i need to keep all the scanners on my computer?
Regards
Nadine
Hi Howard,
I followed your instructions,
however while the avenger program was doing its thing it continually kept telling me to insert a cd.
My computer is still quite slow aswell.
I think (i hope) i did everything correctly.
When this is all done, do i need to keep all the scanners on my computer?
Regards
Nadine
howard_hopkinso
Posts: 21,238 +17
Are you still getting the system alert popups?
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Liveupdate
Close control panel
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
LiveUpdate
AVG Anti-Spyware Guard
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCXMNTR.EXE
LUCOMS~1.EXE
guard.exe
Close task manager.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Compaq_Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Symantec\LIVEUP~1<Delete the entire folder.
Reboot your system.
Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.
Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
* Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.
Download and run the Blacklight programme. Follow all the instructions carefully.
Let me know the results of the rootkit scans and how your system is running.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Liveupdate
Close control panel
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
LiveUpdate
AVG Anti-Spyware Guard
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCXMNTR.EXE
LUCOMS~1.EXE
guard.exe
Close task manager.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Compaq_Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Symantec\LIVEUP~1<Delete the entire folder.
Reboot your system.
Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.
Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
* Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.
Download and run the Blacklight programme. Follow all the instructions carefully.
Let me know the results of the rootkit scans and how your system is running.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Hi Howard,
Im not getting the System Alert Popup anymore, but my system is still quite slow.
Im going to follow your instructions in your last post when i get home tonight. There seems to be a lot of work involved in your last step, is there something more serious going on that you can see?
Regards Nadine:suspiciou
Im not getting the System Alert Popup anymore, but my system is still quite slow.
Im going to follow your instructions in your last post when i get home tonight. There seems to be a lot of work involved in your last step, is there something more serious going on that you can see?
Regards Nadine:suspiciou
howard_hopkinso
Posts: 21,238 +17
I can`t see anything particularly serious, but I want you to run the rootkit scans as a precaution. Also, having the AVG Antispyware resident shield running, will slow your system down. That`s why I gave instructions for stopping it.
None of the 04 entries I`ve asked you to fix are bad, but they are unnecessary. I`m hoping that once you`ve followed the instructions above, you`ll see an improvement in speed of your system.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
None of the 04 entries I`ve asked you to fix are bad, but they are unnecessary. I`m hoping that once you`ve followed the instructions above, you`ll see an improvement in speed of your system.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Re:Sytem Alert PopUp
Hi Howard!
I have followed all your instructions, it was a lot easier then i thought.
The scans for the antiroot and backlight came back with 0 files found.
Now do i keep all the other programs i downloaded earlier? eg. Look2Me and CCleaner?
I am attaching my latest hjt scan.
The system is running a lot quicker then before too.
Thanks for all Your help!!
Kind Regards
Nadine
:giddy:
Hi Howard!
I have followed all your instructions, it was a lot easier then i thought.
The scans for the antiroot and backlight came back with 0 files found.
Now do i keep all the other programs i downloaded earlier? eg. Look2Me and CCleaner?
I am attaching my latest hjt scan.
The system is running a lot quicker then before too.
Thanks for all Your help!!
Kind Regards
Nadine
:giddy:
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
You can now get rid of the tools you downloaded, I recommend you keep the Ccleaner programme and run it on a regular basis. It`s very good at getting rid of unnecessary files from your system.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You can now get rid of the tools you downloaded, I recommend you keep the Ccleaner programme and run it on a regular basis. It`s very good at getting rid of unnecessary files from your system.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Dino_82 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
Pioneer's latest Blu-ray drive caters to disc diehards- captaincranky replied
-
Nintendo emulator Delta lands on the Apple App Store, now the top free app- Plutoisaplanet replied
-
Logitech thinks the computer mouse needs an AI upgrade- Squid Surprise replied
