Welcome guest, is this your first visit? Click the "Create Account" button now to join.
Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1

    Join Date : Aug 2006
    Posts : 15

    I recently obtained malware from an e-mail attachment and am having trouble getting rid of it.

    First, a red dot with a white x in the center appeared in my toolbar Then messages that saying Alert! you have a security problem! Do you want to scan you computer will pop up every couple of minutes. Also, a web page through internet explorer will pop up with a web address of webprotectionalert.com or removespythreats.com asking me to download a protection program. Both of these pop ups occur everything 5-15 minutes.

    I tried to get rid of the problem by first running an updated AVG. It didn't pick up any problems. Next, I ran an updated Spybot. It did not find anything wrong either. I then downloaded Malwarebytes' and Avast. They both found several problems and both seemed to pick up Trojan.Fakealert and several other problems seen here:

    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.

    I ran both programs twice and deleted all problems. After doing so the red dot with a white x disappeared, but the pop ups with the Alert! and with the scanner download web pages still appear. At this point I am not sure what else to do.:embarasse

    Finally I tried to download Hijackthis, but after downloading it, a prompt asked me if I wanted to Launch Application. I clicked Launch Application and then got nothing. Nothing launched or loaded and the HJTInstall desktop icon when clicked, says not valid Win32 application. I am not sure if this is due to my error or the malware.

    I am running Windows XP

    Thank you for any and all help! :mrgreen:
      My System SpecsSystem Spec

  2. #2

    Welcome to the Forum Amp!

    Yes, this is certainly one for our great Security Staff to take care of.

    Please click on the Prework link in my signature and put the resulting logs in your next reply. Be sure to update MBAM and choose Full scan rather than the quick one.

    Thanks for your patience

    I am moving this to the Security area and letting them know you are coming.
      My System SpecsSystem Spec

  3. #3

    Hi.Welcome to the forum

    Run both these programs.

    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.34

    Double Click mbam-setup.exe to install the application.
    If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
    If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

    Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.


    Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
    Double-click on ComboFix.exe & follow the prompts.
    If it will not run rename Combofix to xxx.exe and run that.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
      My System SpecsSystem Spec

  4. #4

    Join Date : Aug 2006
    Posts : 15

    I ran malwarebytes and saved the log. I then ran combofix. Before starting it said I had AVG still running so I closed AVG on the toolbar and in Windows processes. I then pressed ok. Combofix ran and then restarted my computer. After restarting I now have no icons on the main page. The mouse works, but I have nothing to click on. I'm assuming combofix did not work correctly possibly because I didn't close AVG completly down. Again, AVG was not the toolbar or in the Windows task manger processes when Combofix was run.

    I assume I have to do a recovery. Please help me through that process. Thank You.
      My System SpecsSystem Spec

  5. #5

    Ok do a restore then run those programs again.If need be run them in safe mode.

    Here is info on how to do a System Restore:

      My System SpecsSystem Spec

  6. #6

    Join Date : Aug 2006
    Posts : 15

    I don't think you are understanding my problem so I will try to be clearer. When my computer starts/restarts everything is normal. My desktop background appears and my mouse pointer pops up. Then I get nothing....Just my background and pointer. There are no desktop icons, no toolbar, and no start menu. The same thing happens when I boot in safe mode.

    There is one difference in the restart. Soon after booting up I am briefly given two options. One to boot normally and the other is Windows Recovery Console. I tried Windows Recovery Console and it asks which windows instalation I want to long into. It only allows me to type one letter or number and nothing works.

    Please help. I am definitely starting to panic.
      My System SpecsSystem Spec

  7. #7

    Quote Originally Posted by amp8112, post: 352094
    One to boot normally and the other is Windows Recovery Console. I tried Windows Recovery Console and it asks which windows instalation I want to long into. It only allows me to type one letter or number and nothing works.
    I must admit I have never seen this problem befor.Sound like some kind of bootup fault.Can you use the Boot Normal option.
      My System SpecsSystem Spec

  8. #8

    Join Date : Aug 2006
    Posts : 15

    Let me just go into a little more detail of what it is telling me from the start. When I restart the computer it loads as normal with the first screen that pops up dell 8200 with a bar below loading up until it is completely full. Then it briefly gives me this option.

    Please Select the operating system to start:

    Microsoft Windows Recovery Console or
    Microsolft Windows XP Professional

    If I do nothing with the screen or choose the Windows XP Professional it loads as normal(but as I've said before doesn't show any icons, toolbar, or start menu on the main page).

    If I choose the recovery consule it loads the consule then brings up a screen that says:

    Windows XP(TM) REcovery Consule
    The recovery consule provides system required recovery funcionality
    Type EXIT to quite recovery consule and restart computer

    Which Windows installation whoudl you like to log into
    <to cancel press ENTER> _

    Again I can only type one letter or number in the space.

    At the bottom is gives me the option to press F8 and have the Windows Advanced Options Menu. I did try Safe Mode but it did the same thing as regular mode when bringing up the main page.

    Finally, I"ll mention the fact that I am on another computer seeing as how I can't really do anything I my own computer.

    Again, thank you for you help and I hope this gives you a better understanding of what is going on.
      My System SpecsSystem Spec

  9. #9

    Join Date : Feb 2006
    Posts : 2,619

    Quote Originally Posted by amp8112, post: 352183

    Which Windows installation whoudl you like to log into
    <to cancel press ENTER> _
    When you get to the above enter "1" without the "

    when you end up at a c:\ or c:\windows or whatever please type

    chkdsk /r (enter) (with the space)

    This could take some time to run.

    Report back
      My System SpecsSystem Spec

  10. #10

    Join Date : Aug 2006
    Posts : 15

    I ran chkdisk. It found errors and fixed them. I restarted the computer. Now, after logging into the computer with my password, it loads the main page(with no icons, tooblar, or menu) and then immediately kicks me off, back to the login page.
      My System SpecsSystem Spec


Page 1 of 2 12 LastLast
Similar Threads
Thread Forum
Ukash virus white screen the computer loads windows but I can't do anything due to white screen AntiVirus, Firewalls & System Security
Trojan.Fakealert AntiVirus, Firewalls & System Security
Trojan horse fakealert.mn - HELP! AntiVirus, Firewalls & System Security
Trojan.FakeAlert AntiVirus, Firewalls & System Security
Trojan Horse? Researchers Warn of Trojan Hearse Tech News
About Us
PC Help Forum is an independent website that provides free advice and technical support for members and guests. All trademarks mentioned are the property of their respective owners. PCHelpForum.com is not responsible for views, comments, content or external links posted by members.

Designer Media Ltd
All times are GMT -6. The time now is 10:01.
Find Us
Twitter Facebook

PC Help Forum