Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Alert! Keeps popping up.

Started by Mudkipboy , Aug 30 2007 01:11 PM

  • Please log in to reply

#1
Mudkipboy
Posted 30 August 2007 - 01:11 PM

Mudkipboy

    Member

  • Member
  • PipPip
  • 65 posts
Every few minutes, a bubble on the bottom right of my screen pops up.

It says:

System Alert!

System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution.

It gets really annoying when I try to type E-mails and stuff.

I have Spy-Sweeper and I keep running it. The sweep ends finding "Mal/FakeVir-D". It's description on Spy-Sweeper says: This is malwaredetected through the antivirus heurstic engine. On rare occasions legitimate programs exhibit malware like behavior. So caution is required when quarantining these traces. So when I go to quarantine, it tells me to restart, so I do, and when I get back it's still there. Is the "Mal/FakeVir-D" the problem or is it something else? Also, when I click or right click the balloon, It opens up internet explorer and someting about Virus Protect Pro. I have also restarted my computer in Safe Mode and have ran the Safe Mode Spy-Sweeper and have gotten it quarantined and deleted like that, yet when I get back on in normal, THE BUBBLE IS BACK!

I can't get rid of it, please help!
  • 0

Advertisements

#2
racenutalways
Posted 03 September 2007 - 08:07 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hello Mudkipboy and welcome to G2G.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
Mudkipboy
Posted 04 September 2007 - 04:46 AM

Mudkipboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I did get rid of it; heres how:

Since Spy-Sweeper didn't get rid of what ever it was, I clicked the arrow that showed where the fle was. It was in WINDOWS > System32 or something like that.

Then Since it wouldn't let me delete it from there, I cut & pasted in some other file to delete that.

It went away but now my internet says Limited or No connectivity.
  • 0

#4
racenutalways
Posted 04 September 2007 - 07:46 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
What file did you delete?? Is it still in Recycle bin??? Can you View session Log in SpySweeper and post that log here?

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Edited by racenutalways, 04 September 2007 - 07:46 PM.

  • 0

#5
Mudkipboy
Posted 05 September 2007 - 01:11 PM

Mudkipboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I have run Spy-Sweeper on the computer and nothing has come up. There is still a limited or no connection problem. Since I can't get on the internet, I can't go to that panda thing you were talking about.

I can't remember what the name of what I deleted is, all i remember was that it started with wz and was the last file starting with W in my system32 stuff. I had already deleteded it from the Spy-Sweeper quarantine so I can't fnd out what it was called exactly.

Did I do anything wrong? :whistling:
  • 0

#6
racenutalways
Posted 07 September 2007 - 01:37 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
You gonna need to install a few tools to scan and get to the bottom, sounds like you're badly infected and could be the reason you can not access the internet, then again may be software or hardware failure, you need to figure a different way to D/L the necessary tools. I can't do anything without logs to go over and advise at which files to delete.
Do you have access to another pc? Burn to CD then install on your infected PC is the best way. Let me know.

What anti virus program you running, have you run that in safe mode, what anti spyware other then Spysweeper do you have??

This will get you into safe mode, run scans and remove anything it finds.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Logs I need to view and get started. HJT and combofix.

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

If you can manage to download combofix, we can get started.

Then we need OTMoveIt to delete the files that are causing you any heartache.

Please download the OTMoveIt by OldTimer.
  • 0

#7
Mudkipboy
Posted 07 September 2007 - 02:17 PM

Mudkipboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I did get the Internet back working. I called the number on the CD that we have for installing our wireless router, and the people told me what to do to fix the Internet. My router doesn't work anymore though.
  • 0

#8
racenutalways
Posted 07 September 2007 - 04:33 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts

System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution.


This tells me that you are infected, possibly Smitfraud infection, run the tools metioned in the last post and post the results.
  • 0

#9
Mudkipboy
Posted 07 September 2007 - 06:02 PM

Mudkipboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I definately have gotten rid of it.

I have already run Spy-Sweeper in Safe mode many times, but that didn't get rid of the problem. Since I deleted the file in System 32, I have not had any problems that I think had anything to do with the Internet or Router not working.

I have also done Spy-Sweeper in Safe mode again since you mentioned it. I had to try a couple of times because my Dad thinks that when the computer is in Safe mode, it is broken and he thinks pulling all the cords out the back of the computer will fix it.

There has been no viruses or anything coming up on Spy-Sweeper, and the creepy bubble directing me to Virus Protect Pro is gone. My computer is CLEAN. We bought Spy-Sweeper from The Geek Squad from when they were setting up our wireless router (which is still not working).
  • 0

#10
racenutalways
Posted 08 September 2007 - 10:01 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Here are a few suggestions I like to make people aware of to help them keep themselves protected:

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox
Opera

Google Toolbar <= Get the free google toolbar to help stop pop up windows.

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

You should also have a good firewall. Here are 2 free ones available for personal use:

Kerio Personal Firewall
ZoneAlarm

To keep your operating system up to date visit monthly

Microsoft Windows Update

And to keep your system clean run these free malware scanners

AdAware SE Personal........How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
Spybot Search & Destroy............How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

And lastly, read Tony Klein's article: So how DID you get infected in the first place?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP