Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Fake anti-virus infection

microsoft.public.windows.vista.performance maintenance






Speedup My PC
Reply
  #1 (permalink)  
Old 11-22-2009
Questor
 

Posts: n/a
Fake anti-virus infection
My granddaughter, running her laptop on Vista Home Premium SP2, with all
the updates managed to get infested with a fake A/V scanner. The
"scanner" runs for a bit, then tell you that it has found somewhere
between 5 and 15 "infestations" and tells you that you have to pay to
get rid of them. Every 5 seconds a pop-up appears telling her that
'whatever'.exe is infected and cannot run. All sorts of executables
will fail to run - including AVG. I cannot start Task Manager either -
I'm told I don't have enough priveleges and 'not enough permissions' (sic).

I tried all the normal methods to get this pesky thing, but none will
work. I ended up pulling the HD and hooking it up to my desktop and
scanning it with AVG there. Didn't find a thing. Malwarebytes I
scanning now, but it is not finding anything (yet).

I can start the computer in safe mode, but AVG will only run it's
commandline interface. Didn't find anything that way either.

I figure it has to be coming out of the registry and kicking off a
couple of hidden executables. Where would be the best place for these
to come from; HKLM\Software\Microsoft\Windows\Current_Version... or
somewhere else?

Questor
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 11-22-2009
Richard Urban
 

Posts: n/a
Re: Fake anti-virus infection
I would do these three things.

1. Run the Microsoft Malicious Removal tool as it is already on your
system if you are current in your Window updates. It is located at
C:\Windows\System32\mrt.exe

2. Download, install, update and run MalwareBytes Anti Malware (FREE)
from
http://www.malwarebytes.org/

3. Download, install, update and run Surer Anti Spyware (FREE) from:
http://superantispyware.com/superant...freevspro.html
Make sure to download the free version unless you want to pay for the added
functionality of the paid version. Their removal capabilities are identical.

--

Richard Urban
Microsoft MVP
Windows Desktop Experience & Security


"Questor" <Questor@minimoe.com> wrote in message
news:eI8SDeyaKHA.544@TK2MSFTNGP05.phx.gbl...
> My granddaughter, running her laptop on Vista Home Premium SP2, with all
> the updates managed to get infested with a fake A/V scanner. The
> "scanner" runs for a bit, then tell you that it has found somewhere
> between 5 and 15 "infestations" and tells you that you have to pay to get
> rid of them. Every 5 seconds a pop-up appears telling her that
> 'whatever'.exe is infected and cannot run. All sorts of executables will
> fail to run - including AVG. I cannot start Task Manager either - I'm told
> I don't have enough priveleges and 'not enough permissions' (sic).
>
> I tried all the normal methods to get this pesky thing, but none will
> work. I ended up pulling the HD and hooking it up to my desktop and
> scanning it with AVG there. Didn't find a thing. Malwarebytes I scanning
> now, but it is not finding anything (yet).
>
> I can start the computer in safe mode, but AVG will only run it's
> commandline interface. Didn't find anything that way either.
>
> I figure it has to be coming out of the registry and kicking off a couple
> of hidden executables. Where would be the best place for these to come
> from; HKLM\Software\Microsoft\Windows\Current_Version... or somewhere
> else?
>
> Questor


Reply With Quote
  #3 (permalink)  
Old 11-22-2009
Questor
 

Posts: n/a
Re: Fake anti-virus infection
--->
> I would do these three things.
>
> 1. Run the Microsoft Malicious Removal tool as it is already on your
> system if you are current in your Window updates. It is located at
> C:\Windows\System32\mrt.exe
>
> 2. Download, install, update and run MalwareBytes Anti Malware (FREE)
> from
> http://www.malwarebytes.org/
>
> 3. Download, install, update and run Surer Anti Spyware (FREE) from:
> http://superantispyware.com/superant...freevspro.html
> Make sure to download the free version unless you want to pay for the
> added functionality of the paid version. Their removal capabilities are
> identical.
>


Thanks for the response Richard:

I couldn't do #1 as it would be blocked from running and I'd get a
pop-up telling me that "mrt.exe is infected and cannot be run".

I've already done #2 and #3. Malware bytes found the culprit:

Trojan.FakeAlert in the users\--granddaughter--\appdata\local\dsqdgk folder

Another file, in the ..\local\temp area held another strange executable.
Every time it ran, the name would change by one number. I caught it
at 2241.exe. Eventually I suppose that the executables would multiply
and fill the HD (160Gb).

The only way I could do any useful work was to dismount the HD from her
laptop and connect it to my desktop and run scans on it. Luckily I had
a SATA to USB dongle to use.

Once I snapped the HD back in the laptop it sprung to life just fine.
All is back to normal with the admonishment to my granddaughter to stay
away from links presented on Facebook. She thinks that is where she got it.

Questor
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fake 'Conficker.B Infection Alert' spam campaign drops scareware Steve Security News 0 10-20-2009 15:10
Fake anti-virus, (Fri, Sep 4th) Steve Security News 0 09-04-2009 04:50
Fake anti-virus programs set to rule the roost Steve Security News 0 07-30-2009 17:40
10 Tips to help you avoid fake anti-virus software scams Steve Security News 0 03-14-2009 01:40
Video: Barbara Hershey, Blogspot and fake anti-virus software Steve Security News 0 01-15-2009 19:40




All times are GMT +1. The time now is 16:59.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120