Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bogus Virus Messages


  • Please log in to reply

#1
Erica Kline

Erica Kline

    Member

  • Member
  • PipPip
  • 29 posts
Hi,

I was having a big problem with those popups claiming bogus virus attacks yesterday.

I ran malwarebytes anti-malware, and it got rid of those popups.

I am able to access the internet from Firefox and Outlook, but when I run a program that tries to access the internet, it is unable to do so.

For example, I tried to update Windows Defender with the latest updates and got this error message: 0x80072efd

I tried to access the Sony ebook store from within my ebook reader and got this error message: Unable to access eBook store. Check your network settings to ensure you have access to the internet. Note that I can access the eBook store from Firefox.

I tried to install Avast antivirus and it was not able to. Here's the Avast error log:
27.12.2009 09:38:53 general: Started: 27.12.2009, 09:38:53
27.12.2009 09:38:53 system: Operating system: Windows Vista ver 6.0, build 6002, sp 2.0 [Service Pack 2]
27.12.2009 09:38:53 system: Memory: 47% load. Phys:1521408/2097151K free, Page:4194303/4194303K free, Virt:2028912/2097024K free
27.12.2009 09:38:53 system: Computer WinName: FAMILYNOTEBO-PC
27.12.2009 09:38:53 system: Windows Net User: FamilyNotebo-PC\Family Notebook
27.12.2009 09:38:53 general: Old version: ffffffff (-1)
27.12.2009 09:38:53 system: Using temp: C:\Users\FAMILY~1\AppData\Local\Temp\_av_inet.tm~a03660 (134201M free)
27.12.2009 09:38:55 internet: SYNCER: Type: use IE settings
27.12.2009 09:38:55 internet: SYNCER: Auth: another authentication, use WinInet
27.12.2009 09:38:55 general: Install check: Program folder does NOT exist in registry
27.12.2009 09:38:55 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
27.12.2009 09:38:58 general: progress thread start
27.12.2009 09:38:58 general: Destination: C:\Users\FAMILY~1\AppData\Local\Temp\_av_inet.tm~a03660
27.12.2009 09:38:58 general: Starting download: http://www.avast.com...t...&langid=eng
27.12.2009 09:39:00 internet: ERROR:HttpGetWininet, catch returned 0x00002EFD
27.12.2009 09:39:00 general: Download finished from server www.avast.com, result: 0x20000004, server response: 12029
27.12.2009 09:39:00 general: Stats www.avast.com, server response: 536870916
27.12.2009 09:39:01 general: POST result: 0x20000004, server response:

In all cases above, I disabled Windows OneCare's firewall and virus protection and tried again, but that did not solve the problem.

I thought maybe there was a malware still hidden so I began the recommendations in the Malware and Spyware cleaning guide. I performed the Temp file removal with TFC.exe, I made a system restore point and a Registry backup. Note, that was after I had run Anti-Malware.

Here's the malwarebytes log from yesterday:
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

12/26/2009 3:06:31 PM
mbam-log-2009-12-26 (15-06-31).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 334031
Time elapsed: 49 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\furibqms (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Family Notebook\Downloads\WinZIP pro\WinZip_11.2 (8094)_Patch_Under SEH Team.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Family Notebook\AppData\Local\qksfss\tncxsysguard.exe (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.


Have I inadvertantly removed something I need?

Thanks,

Erica Kline
  • 0

Advertisements


#2
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I forgot to mention, my computers an HP laptop with Vista and there's a recovery partition. We may find the accidently-deleted file there...

Erica
  • 0

#3
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Fixed it myself, can't believe it!

Searched this website and others, tried a bunch of stuff, including disabling firewall, and reinstalling Internet Explorer.

Finally, disabled the Proxer Server in my IE settings. Based on the comment in the IE help at Microsoft that proxy servers are usually used by corporations, etc.

Don't know where the proxy server setting came from, maybe the malware did it.

So, thank you for malwarebytes, to remove the malware, and for your forums in general for many helpful suggestions.

I will now install and use avast and superantispyware, buy and use a backup drive, wear my seatbelt and brush my teeth!

By the way, I think I was infected by a bogus Free e-book site, trying to get free e-books for my Sony reader on Christmas day.

Best regards,

Erica
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP