Hi avast team. Sorry I dont have good english experencie. Today at 10:42 CET I sent to virus@avast.com infiltration. It is Data Protection software. Between when I sent to virus@avast.com my computer was sucesfully infiltrated. I send you pictures about this virus. Probably its alureon or fakealert trojan.
http://img4.imageshack.us/img4/9894/77486941.jpg
http://img16.imageshack.us/img16/5282/27340059.jpg
http://img714.imageshack.us/img714/2829/56935076.jpg
http://img517.imageshack.us/img517/9500/27512279.jpg
Now I have one detection window I cant close that.
Please be fast. I am waiting to next update! Avast cant detected this virus!!!
malware bytes antimalware deleted this files:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscdexnt.exe (Trojan.FakeAlert.H) → Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\mscdexnt.exe (Trojan.FakeAlert.H) → Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
I am waiting on the finish full scan by mbam.
EDIT:
next log:
C:\Program Files (x86)\Data Protection\datprot.exe (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\dathook.dll (Rogue.DataProtection) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Data Protection (Rogue.DataProtection) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\data protection (Rogue.DataProtection) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) → Bad: (1) Good: (0) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection (Rogue.DataProtection) → No action taken.C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\About.lnk (Rogue.DataProtection) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\Activate.lnk (Rogue.DataProtection) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\Buy.lnk (Rogue.DataProtection) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\Data Protection Support.lnk (Rogue.DataProtection) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\Data Protection.lnk (Rogue.DataProtection) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\Scan.lnk (Rogue.DataProtection) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\Settings.lnk (Rogue.DataProtection) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Protection\Update.lnk (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\about.ico (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\activate.ico (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\buy.ico (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\dat.db (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\datext.dll (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\dathook.dll (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\datprot.exe (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\help.ico (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\scan.ico (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\settings.ico (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\splash.mp3 (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\Uninstall.exe (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\update.ico (Rogue.DataProtection) → No action taken.
C:\Program Files (x86)\Data Protection\virus.mp3 (Rogue.DataProtection) → No action taken.
C:\Users\user\Favorites_favdata.dat (Malware.Trace) → No action taken.
C:\Users\user\AppData\Local\Temp\kernel64xp.dll (Trojan.FakeAlert) → No action taken.
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data Protection.LNK (Rogue.DataProtection) → No action taken.
mbam helps me
please protect avast users
system
May 20, 2010, 10:09am
4
Go to PROFILE then Modify Profile then Forum Profile Information then Signature: and put information about your system just like my signature about your system just like my signature so that the helpers can offer pertinent advice.
In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesting your centrum.sk email address.
Let Malwarebytes (MBAM) remove the detected infection.
Hope they improve detection.
system
May 21, 2010, 10:48am
7
Avast team is very slowly. Sorry for offend, but yesterday I sent specimen infiltration file but today without change. 24 hour is very much to release update. ESET acknowledged aprox. 2 hours later of my detection. God knows how long is this file in the “WILD”. How many computers was infiltrated for slowly support. Stay tuned mbam
system
May 21, 2010, 10:55am
8
Data Protection Removal and Analysis
Data Protection is a malicious, fraudulent security software that uses a variety of fake system alerts to scare the users into buying a subscription. It initiates a fake system scan at every system start and purportedly finds many non-existent malware infections.
removal guide>> http://www.malwarehelp.org/data-protection-removal-2010.html
also follow>>http://forum.avast.com/index.php?topic=58337.msg503216#msg503216