Hi all, need some advice please.
I have Avast 4.8 Pro. It detected win32fakeAlert-IH[Drp] today in email attachment
& I sent it to virus chest.
I now have Windows telling me 25 infections found, system integrity threat! Stealth intrusion & various other things constantly. & that I need to activate my copy now!! & also that my firewall is off.
Should I activate antivirus XP 2010? As I understand it’s not right to run more than one antivirus software at once. & should I activate the firewall?
How can I tell if the 25 “serious issues” it detected are actually on my system or not? & why has Avast not detected them?
Thanks Harman,
I just read a previous thread about UPS email. And that’s actually what happened to me( stupidly opened attachment innocently, as we’d had deliveries from them over Xmas )
is there anything else I should do with this in mind?
Also, just went to windows security centre in control panel, to check firewall status & it says in there that “antivirus XP 2010 reports firewall turned off” is it possible that this ROGUE has got in there? & if so is windows security centre compromised also?
I have currently disconnected my PC from Internet. Obviously I need to reconnect to download the antimalware software. Is there anything i should be doing to protect the PC whilst I’m back online. I.e with regards to firewall etc?
Well usually rogue display fake alert messages and hijacked your security center in order for unsuspected person to purchased. from what I understand you can download both superantispyware and malwarebytes.
Thanks for replies & links. Have downloaded both softwares & superantispyware is scanning as we speak. I could not run malwarebytes for some reason, I presume the virus it stopping it.
When I do get everything sorted, is it ok to run both of the above alongside avast?
Also is it safe to have any other programs open on my computer whilst doing these scans?
I have sign writing business & could do to be doing a bit of work!!
If you have trouble installing or running MalwareBytes If you got them downloaded rename the setup file then try installing them again.
Right click the mbam-setup.exe file> click rename> rename it something.exe then try to run it. If it installed but will not run navigate to this folder:
C:\Programs Files\Malwarebytes’ AntiMalware
Rename the mbam.exe file then try to run it again, if still no luck rename all the .exe files in the MAlwarebytes’ Anti-Malware folder and try to run it again.
If you’re running SAS though, that should do it. Just wait until it removes the rogue, and reboot, then MBAM should be able to install afterwards.
[/quote]
Thanks for that, just did it & it seems to have stopped the Rogue, but when I try to run MBAM a box opens asking me what program I want to use to open the exe. file what do I use to open it?
Yeah, it’s an .exe. You don’t need anything to open it, it should open by itself.
Wait, harman123 told you to try renaming the .exe before in this thread. If you did, make sure the file extension is correct (.exe). It’s probably better to just download MBAM again anyway though, just to be safe.
Avast found several more viruses after SAS scan & advised shut down & boot scan which I did & now that computer has restarted… No exe files will open when I click them & none have opened in the system tray including avast & SAS What do I do now please
Number of searched folders: 7031
Number of tested files: 102098
Number of infected files: 0
03/03/2010 20:34
Scan of all local drives
File C:\Documents and Settings\Administrator\Local Settings\Application Data\trz17B.tmp is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP818\A0142120.exe is infected by Win32:Malware-gen, Moved to chest
Number of searched folders: 12766
Number of tested files: 196252
Number of infected files: 2
Thanks for reply, How do I do that, also whilst I’m here, still, this is what was found also by Avast & put in chest:
avast! Report
This file is generated automatically
Task ‘Resident protection’ used
Started on 03 March 2010 08:14:34
VPS: 100302-1, 02/03/2010
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3F.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\41.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\102.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\11E.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\174.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\176.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\178.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Local Settings\Application Data\av.exe [L] Win32:Malware-gen (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{ACFA268F-DEB7-4194-BC40-51C6AA35E441} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{876E24D7-C2C8-435F-BD5A-1E269A5C41C9} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{D0120B1C-340F-4B65-87C0-4FA470DE0207} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{4E855F6F-B60F-492B-BF70-384AC0C0015E} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\180.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\182.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\19E.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1A0.tmp [L] Win32:FakeAlert-IH [Drp] (0)
File was successfully moved to chest…
Task stopped: 03 March 2010 20:30:46
Run-time was 12 hour(s), 16 minute(s), 12 second(s)
avast! Report
This file is generated automatically
Task ‘Resident protection’ used
Started on 03 March 2010 22:42:50
VPS: 100303-0, 03/03/2010
Do I take it from these results that Avast has now quarantined Superantispyware??
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{ACFA268F-DEB7-4194-BC40-51C6AA35E441} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{876E24D7-C2C8-435F-BD5A-1E269A5C41C9} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{D0120B1C-340F-4B65-87C0-4FA470DE0207} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-03-2010 - 17-45-50{4E855F6F-B60F-492B-BF70-384AC0C0015E} [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest…
