Fake anti-virus scan, no internet connection

Thread Status:
Not open for further replies.
  1. McCheez

    McCheez New Member Silver Member

    Joined:
    Aug 28, 2005
    Posts:
    100
    Likes Received:
    0
    Local time:
    23:31
    My System
    Loading...

    So all of a sudden when i turn my laptop on, I get a "virus scan" that starts and tells me im infected, with several icons telling me the same in the system tray. When i try to open my virus scan it says some file is infected. Also, when i try to open the internet browser, it says firefox cannot locate the proxy..something along those lines. Same with IE.


    I ran the pcf system analyzer,
    I hope i attached the correct file....
  2. McCheez

    McCheez New Member Silver Member

    Joined:
    Aug 28, 2005
    Posts:
    100
    Likes Received:
    0
    Local time:
    23:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    sorry, file is now attached

    Attached Files:

  3. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    08:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    I see the culprit...

    Please run both these programs,Malwarebytes and Combofix..

    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.46 Download
    Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

    Double Click mbam-setup.exe to install the application.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply.

    ===============================================

    Download Combofix and place it on your Desktop.

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.
    You can get help on disabling your protection programs here : How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Please include the C:\ComboFix.txt in your next reply for further review.

    Caution.....
    Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper

  4. McCheez

    McCheez New Member Silver Member

    Joined:
    Aug 28, 2005
    Posts:
    100
    Likes Received:
    0
    Local time:
    23:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    combofix stalled when scanning....it says its scanning but its been 2 hrs and still nothing. I don't think its supposed to be this long.
  5. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    08:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    Run Combofix it in safe mode.
  6. McCheez

    McCheez New Member Silver Member

    Joined:
    Aug 28, 2005
    Posts:
    100
    Likes Received:
    0
    Local time:
    23:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    Malwarebytes' Anti-Malware 1.46
    Malwarebytes

    Database version: 4432

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 7.0.5730.11

    8/15/2010 10:57:37 AM
    mbam-log-2010-08-15 (10-57-37).txt

    Scan type: Quick scan
    Objects scanned: 150293
    Time elapsed: 5 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\crwvyalh (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\McCheez\Local Settings\Application Data\ahuctybln\vwmfxrcshdw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    ComboFix 10-08-14.06 - McCheez 08/16/2010 18:09:42.3.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.684 [GMT -4:00]
    Running from: c:\documents and settings\All Users\Desktop\ComboFix.exe
    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
    .
    2010-08-13 22:31 . 2010-08-13 22:31 63376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-13 21:51 . 2010-08-13 21:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-08-12 01:36 . 2010-08-15 14:57 -------- d-----w- c:\documents and settings\McCheez\Local Settings\Application Data\ahuctybln
    2010-08-08 21:56 . 2005-07-23 02:40 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL
    2010-08-07 13:45 . 2010-08-07 13:45 503808 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-734b2529-n\msvcp71.dll
    2010-08-07 13:45 . 2010-08-07 13:45 499712 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-734b2529-n\jmc.dll
    2010-08-07 13:45 . 2010-08-07 13:45 348160 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-734b2529-n\msvcr71.dll
    2010-08-07 13:45 . 2010-08-07 13:45 61440 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7fc0d7ab-n\decora-sse.dll
    2010-08-07 13:45 . 2010-08-07 13:45 12800 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7fc0d7ab-n\decora-d3d.dll
    2010-07-29 02:13 . 2010-08-08 20:21 -------- d-----w- c:\documents and settings\McCheez\Application Data\Azureus
    2010-07-29 02:13 . 2010-07-29 02:13 -------- d-----w- c:\program files\Vuze
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-08 21:26 . 2007-07-07 04:49 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-08-07 13:46 . 2006-12-12 01:52 -------- d-----w- c:\program files\Common Files\Java
    2010-08-07 13:45 . 2006-12-12 01:52 -------- d-----w- c:\program files\Java
    2010-07-17 09:00 . 2010-07-13 03:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-13 03:56 . 2010-07-13 03:56 503808 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f8f060b-n\msvcp71.dll
    2010-07-13 03:56 . 2010-07-13 03:56 499712 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f8f060b-n\jmc.dll
    2010-07-13 03:56 . 2010-07-13 03:56 348160 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f8f060b-n\msvcr71.dll
    2010-07-13 03:56 . 2010-07-13 03:56 61440 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-146ce86c-n\decora-sse.dll
    2010-07-13 03:56 . 2010-07-13 03:56 12800 ----a-w- c:\documents and settings\McCheez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-146ce86c-n\decora-d3d.dll
    2010-07-13 03:50 . 2006-12-11 23:40 63376 ----a-w- c:\documents and settings\McCheez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-13 01:33 . 2010-07-13 01:33 -------- d-----w- c:\program files\ESET
    2010-07-12 23:26 . 2010-07-12 23:26 -------- d-----w- c:\documents and settings\McCheez\Application Data\Malwarebytes
    2010-07-12 23:25 . 2010-07-12 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-12 23:25 . 2010-07-12 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-11 02:15 . 2008-12-26 04:29 -------- d-----w- c:\program files\QuickTime
    2010-07-08 23:06 . 2010-07-02 03:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-08 23:06 . 2010-07-02 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-08 23:06 . 2010-07-02 03:48 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-07-08 23:04 . 2010-07-08 23:04 -------- d-----w- c:\program files\Alcohol Soft
    2010-07-08 22:38 . 2010-07-08 22:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-08 22:38 . 2010-07-01 00:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-06 01:51 . 2010-06-13 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-07-04 23:07 . 2010-07-04 23:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-07-04 23:07 . 2010-07-04 23:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-07-03 03:57 . 2010-07-02 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-07-02 03:48 . 2010-07-02 03:46 -------- d-----w- c:\program files\Lavasoft
    2010-07-01 02:16 . 2009-09-27 21:31 -------- d-----w- c:\program files\Unity
    2010-07-01 02:15 . 2009-07-21 01:43 -------- d-----w- c:\program files\ZAR
    2010-06-30 12:31 . 2008-09-24 00:48 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 02:12 . 2006-12-11 23:47 -------- d-----w- c:\program files\CCleaner
    2010-06-24 12:15 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:15 . 2008-09-24 00:50 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:15 . 2008-09-24 00:49 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-06-23 13:44 . 2008-09-24 00:48 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 22:45 . 2008-05-11 16:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-06-21 22:45 . 2010-06-21 22:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-06-21 22:45 . 2008-05-11 16:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-06-21 15:27 . 2008-09-24 00:48 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2008-09-24 00:49 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 18:02 . 2007-10-25 15:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-06-14 18:02 . 2008-05-11 16:12 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-06-14 14:31 . 2008-09-24 00:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2008-09-24 00:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-13 23:21 . 2010-06-13 23:21 228912 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4131\migrator.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2005-09-23 1519616]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-23 7286784]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-19 737369]
    "Wireless Console 2"="c:\program files\Generic\Wireless Console 2\wcourier.exe" [2005-08-23 987136]
    "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-07-23 356352]
    "HControl"="c:\windows\ATK0100\HControl.exe" [2005-08-29 102400]
    c:\documents and settings\McCheez\Start Menu\Programs\Startup\
    PowerReg Scheduler.exe [2009-4-3 189952]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 113664]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-7-7 487424]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-06-21 22:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2005-07-23 02:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    [HKLM\~\startupfolder\C:^Documents and Settings^McCheez^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
    path=c:\documents and settings\McCheez\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
    backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
    "c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/11/2008 12:12 PM 52872]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 8:46 AM 63352]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/11/2008 12:12 PM 243024]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/11/2008 12:12 PM 216400]
    S1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [8/27/2007 12:40 PM 4256]
    S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/21/2010 6:45 PM 921952]
    S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/21/2010 6:45 PM 308136]
    S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [7/30/2007 9:08 AM 5152]
    S2 OracleOracle9iTNSListener;OracleOracle9iTNSListener;c:\oracle9i\BIN\TNSLSNR --> c:\oracle9i\BIN\TNSLSNR [?]
    S2 OracleServiceORACLE;OracleServiceORACLE;c:\oracle9i\bin\ORACLE.EXE ORACLE --> c:\oracle9i\bin\ORACLE.EXE ORACLE [?]
    S3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [12/11/2006 7:05 PM 216320]
    S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [12/11/2006 7:14 PM 720470]
    S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [12/11/2006 7:14 PM 8278]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2006 6:51 PM 646392]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    2010-07-01 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
    - c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [2007-05-07 21:59]
    2007-04-28 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
    - c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [2007-05-07 21:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\McCheez\Application Data\Mozilla\Firefox\Profiles\bflyf762.default\
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\McCheez\Application Data\Mozilla\Firefox\Profiles\bflyf762.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-16 18:16
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\OracleOracle9iTNSListener]
    "ImagePath"="c:\oracle9i\BIN\TNSLSNR "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(980)
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    - - - - - - - > 'explorer.exe'(1540)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-08-16 18:18:56
    ComboFix-quarantined-files.txt 2010-08-16 22:18
    Pre-Run: 3,312,427,008 bytes free
    Post-Run: 3,301,302,272 bytes free
    Current=5 Default=5 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - DBBDF78205FB08AE557C3BE429F4C6A0

    Attached Files:

  7. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    08:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    Ok.All done.I see no more malware.This will clear away any of the files and folders that were created by ComboFix.
    Go to :
    Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

    ComboFix /Uninstall

    Please read these for future reference it may save you future problems with malware:

    http://www.pchelpforum.com/fixed-hijackthis-logs/59327-now-you-all-clean-afterwork.html
    http://www.pchelpforum.com/fixed-hijackthis-logs/64964-so-you-want-prevent-happening.html
    http://www.pchelpforum.com/fixed-hijackthis-logs/57400-how-did-i-get-infected.html
    Prevention
    =============================

    This will help clean up your system.
    Please download ATF Cleaner by Atribune. http://www.atribune.org/ccount/click.php?id=1
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    (If you use FireFox or the Opera browser
    To keep saved passwords, click No at the prompt.)
    It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.
  8. McCheez

    McCheez New Member Silver Member

    Joined:
    Aug 28, 2005
    Posts:
    100
    Likes Received:
    0
    Local time:
    23:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    Awesome possum!!!

    Thanks alot Eddy.
  9. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    08:31
    My System
    Loading...

    Re: Fake anti-virus scan, no internet connect

    Your welcome..
Similar Threads
Forum Title Date
System Security Search Redirection and fake anti-virus malware May 20, 2011
System Security Fake Anti-virus Infection Apr 24, 2011
System Security Fake anti-virus scan running, Trojan horse, malware Apr 5, 2011
System Security Fake anti-virus won't go away Oct 7, 2010

Thread Status:
Not open for further replies.