"Antivirus Soft" pop-up virus

I was only reading manga on Mangafox. I’ve heard the site get some badmouthing for pop-up viruses in the ads, but I’d been going on for 2 years and never once got infected.
Uuuuuuuuuntil and hour and a half ago. :frowning:

All of the sudden Mozilla firefox stops working, closes down, and I hear Avast! repeat “*ding ding ding Threat-” “*ding ding ding Threat-” “ding ding ding Threat has been detected.”
Rootkit blocked
avast file system shield…

Avast put the 3 files in the virus chest, I deleted them. The problem didn’t go away.

There are things I can’t get rid of

  1. Pop-up in the right hand corner

    Antivirus software alert Virus Attack
    INFILTRAION ALERT
    Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar.
    DETAILS
    Attack from: 145.10.34.179, port 2173
    Attacked port: 588556
    Threat: BankerFox.A
    Do you wan to block this attack ?

    Sometimes the details change, but whatever. It’s fake anyway.

  2. Pop-up next to #1

Windows Security alert Application cannot be executed. The file chrome.exe is infected. Do you want to activate your antivirus software now?
it'll change to searchprotocolhost.exe 2 seconds later. I suspect this is Avast trying to do it's job, since that specifically kept coming up every time I tried running a scan.
  1. Pop-up the middle of the screen:
Security Warning Application cannot be executed. The file searchprotocolhost.exe is infected.
  1. Pop-up in the middle of the screen:
Antivirus software alert ATTENTION ! SPYWARE ALERT Vulnerabilities found. Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate realtime secure protection against future intrusions. Why do you need realtime spyware protection ? Upgrade to full version of antivirus software to clean your computer and prevent new security and privacy attacks. You will be able to download daily updates and get online protection against Internet attacks.
  1. Another pop-up in the bottom right hand corner
Windows Security alert Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here [b]for the scan you computer[/b]. Your system might be at risk now.
([b]OMG! It irks me so much that this thing is messing up my computer and doesn't even have good grammar. >:( I know that's a stupid thing to be annoyed about...[/b])
  1. The icon/program thingy that I suspect is controlling all this. Icon:
    fgilobmtssd.ext
    I don’t know what this means, but that’s what’s passing itself off as “Antivirus soft” or whatever.
    Avast! said this in the virus chest:
Name: Syssvc.exe Original Location C:\User\~\AppData\Local Virus: Win32:Rootkit-gen[RtK]
  1. My action center keeps popping up and telling me security is fine, but I need to insert removable media to back up my data.

I cannot open disk cleaner, disk defragmenter, google chrome, or paint. I also can’t run a boot-scan because Avast says it’s only for 32-bit and I guess I have a 64-bit…?

I’m running Windows 7, a Sony vaio.

HEEEEEEEEEEEEEEEEEEEELP.

I found instructions how to remove it here:
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

But do I really have to install Malwarebytes?

I suggest you try Hitman Pro - Second Opinion Malware Scanner

How To Start Hitman Pro in Force Breach Mode

:frowning: Pop-up in the right hand corner
i have the same problem i need major HELP !!! it keeps popping up saying ding ding ding threat has been detected and i don’t no WHAT to do, i delete 3 files as well and i did the avast! Full Scan and everything please Help MEEEEEEEE !!! :cry:
what should i do Email me at satin.lady1@yahoo.com or talk to me here just help me

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

Welcome to the forums, sakura20201 :slight_smile:

This is a public forum and as such, spambots troll public forums looking for email addresses such as you have posted above. To help yourself from being spammed to death, you should modify your post to remove your email address … unless you enjoy getting spam emails.


On the internet when without my doubleclick, Ares program opened and quite quickly closed again. I suspect Ares had an open port that led to the vulnerability.
Result: I had a similar issue to this topic: I could not run any executables to remove the malware. Internet blocked, no program would execute. :-[ Avast did not detect any of the several files causing the issues.
I restarted in Safe Mode. I searched through Documents and Settings folder and found a bunch of stuff that looked WRONG! >:(
Docs&Settings"MyName"\Local Settings\Temp\e.exe I deleted all Temp files
There was johhexxoj\mvyaarvuqiw.exe clearly ridiculous and deleted
Docs&settings\AppData\I8680516.exe again, not standard so deleted
Docs&settings\AppData\18680515.exe called MaskTools Dynamic Link Library creepy! Deleted that
Docs&settings\AppData\gdipfontcachevi.dat called VideoCD Movie instinct said delete. Later found it is an infection.

No connection to internet would work, except email did work!!! I then had to find in IE7 that there was a checkmark for proxy server. Uncheck that! I also Checkmarked Automatically Detect Settings. These two restored my access to internet.
Downloaded both MalwareBytes and HitmanPro. MB found several issues and corrected them HP worked with cookies. I don’t know which is better but was happy MB found so many issues that were directly related to malware. I will run a full system scan.