An hour ago, while I was playing Mobsters on MySpace, my FireFox page minimized its self and I got a pop up called “GT7” with a warning “We found a suspicious activity in your computer, click here to do a scan” or something similar to that. I immediately logged off by restarting my computer because I did not trust to click anywhere on that POP UP. Then, when I logged on again the page link “hxxp://53b690d.secure-my-computer.com/miit/?6e3c=caad0b&1b1=b66e68dzce&a40=bc8boaz8oa” was showing on my address window, but said “page can not be found”. I think that’s where the POP UP came from. I did not go to that link, so I don’t know how it suddenly appeared on my address bar.
Does anyone have any information about this GT7 virus scan pop up?
Thanks for your help, to both of you, I changed the http now, if only I can figure out how to answer each of you, lol. I’m new to this ‘forum’ thingy
sound like you hit a fake scan page…
do a scan with this
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here
I have the same problem with the GT7 trojan/virus that completely knocks me out of myspace and then wants me to run a security check on my computer using this GT7 program. I have tried malwarebytes and many other programs to get this thing out of my system. Any other advise on what I can try to get rid of this thing? I have never had such a problem getting rid of malware before.
Delete the following flies from your computer:
* %UserProfile%\Desktop\Antivirus Security.lnk
* %UserProfile%\Start Menu\Antivirus Security
* %UserProfile%\Start Menu\Antivirus Security\Antivirus Security.lnk
* %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Security.lnk
* c:\WINDOWS\system32\scui.cpl
Click Start > Run, type regedit and delete the following registry entries:
* HKEY_CURRENT_USER\Software
9178374C66E059CC11C19DCD899FD538
* HKEY_CURRENT_USER\Software\Microsoft\Windows
CurrentVersion\Uninstall\AV9
If all goes well, this Fake Antivirus Security should now be removed from your system,
Yesterday while I was on Myspace Mobsters it happened again. I did change my passwords in all my MySpace webpages and I still got the same GT7 pop up scan message. I quickly rebooted and when I logged on again I used the Malwwarebytes scanner. This time it found no problems. Then last night a fellow mobbie from mobsters told me that a person that his crew where warring with, hacked their computers, stole their web pages on myspace and stole their passwords. I’m not sure if that hacker person had anything to do with it or not, but we have proof on xchat (photocoby of the chat conversation between the hacker and my friend) that admits he hacked their computers, stole their web pages on myspace and their passwords and threatened them that if they don’t quit the game he will never give them back their webpages on myspace.
"indrednek broadcast a message: “Main hacker is “xx BARBIE xx” MOBSTERS ID: 509379614 (on MYSPACE). Lets keep this hacker dead!!! PROOF HERE: hxxp://www.myspace.com/534193297/photos/6995234 <= xx BARBIE xx/Edge (SAME PERSON SAYING ON XCHAT THAT HE DID HACK THEIR ACCOUNTS”
I did change my passwords in all my MySpace webpages and I still got the same GT7 pop up scan message.
Next time you see this GT7 pop-up, can you take a screen shot and post it?
If you feel unsecure that you may have an infection follow this guide from Essexboy and post the OTL log here so Essexboy can have a look http://forum.avast.com/index.php?topic=53253.0
lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt )
So far so good, the ‘GT7 pop up scan’ did not show up again. Also, today I figured out how to do a ‘screenshot’ in case I need to take a photo of it. Thanks so much for all your help. If that pop up shows up again I will take a screenshot and post it here.
I went in to look at my pics on myspace and had that gt7 thing pop up so far no virus but where did it come from and how do I orevent it from happening again
Hi Everyone,
I got same problem with GT7 by accepting message sent by friend from Facebook. Obviously I accepted that.
Then this comes up. See 1st pic.
When closing alert See 2nd pic.
3rd pic shows what Malware found
The following was in the message:
Zhen sent you a message.
Zhen XXXX
Zhen XXXX August 26, 2010 at 9:29pm
Subject: Yo
YouTube Video hxxp://www.facebook.com/l/d4855EsaU7RiG4mYw_QCuvka_XA;www.geelantrophies.com/zaaj/?1770
For the first time in my life I have run this kind of a file coz I trusted my friend and was hoping it is nothing serious. “VIDE CUL FIDE”
I have removed all infected stuff now.
So far so good. Nothing coming up now.
Zainfekowanych procesów w pamięci: 1
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 1
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 6
Zainfekowanych procesów w pamięci:
c:\Windows\andy127.exe (Worm.KoobFace) → Unloaded process successfully.
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xuri49tkd (Worm.KoobFace) → Quarantined and deleted successfully.
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
c:\Windows\andy127.exe (Worm.KoobFace) → Quarantined and deleted successfully.
C:\Users\Robert\AppData\Local\Temp\zpskon_1282864011.exe (Worm.Koobface) → Quarantined and deleted successfully.
C:\Users\Robert\Local Settings\Application Data\010155555710297.xxe (Worm.KoobFace) → Quarantined and deleted successfully.
C:\Users\Robert\Local Settings\Application Data\09954101565552.xxe (Worm.KoobFace) → Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) → Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) → Quarantined and deleted successfully.