Two days ago, out of the blue, my desktop system started displaying all kinds of security alerts from the Windows Antivirus Center:
It’s not displaying now, but there was a list of (I think) a couple hundred or more “infected” files.
A Firewall Alert that said “your computer is being attacked from a remote machine”, and it gives an Attacker IP address and an Attack Type of “RCPT exploit”.
Something called “Windows Defender” said that it has detected spyware. Also saw a msg. that an IE Monster process is found, and that it would send passwords from IE to other websites!
Periodically, it opens an Antivirus Center Firewall Alert window, which says that “it has prevented a program from accessing the Internet”, “iexplore.exe is infected with a Trojan worm which has tried to use it to connect to a remote host and send your credit card information”. Then, it asks if “I want to activate the Antivirus Center and remove all the threats” (for a mere $79.95!), or to “continue unprotected”. This window can not even be closed - I either have to select one of the 2 mentioned options, or shut down my computer to make it go away!
After seeing the list of “infected” files, I opened my Avast free antivirus software and ran a “full scan”. It ran for over 50 minutes, tested 68.7 GB (over 235K files), and reported “No threat found”! I have Avast antivirus, program version 5.0.677, virus definitions version 110505-1.
Does anyone know why I might be getting this conflicting info. from Windows vs. Avast, and how I resolve it? One of the stranger things is that I have “Windows Security Center” turned “OFF”, so where does Microsoft get the nerve to be scanning my files without my permission?
Try a boot-time scan and see what the log says. Search the internet for rogue AVs and search your computer for them in Windows Explorer. Post back and attach the avast! log with it. (Additional Options-Attach-Browse).
I’m having the same problem with a fake XP anti-virus. This is the second time in three days. I’ll follow the advice in the first post and see what happens.
[]Quit all running programs
[]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 1 and validate
[]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
I followed the instructions on the site that Pondus posted in the first response post and it worked! Thanks. I used a second computer to open the instruction file and open the links and then typed in the addresses on the infected computer. So far, so good.