📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help Stupid System Tool Protect PC - Spyware? **Updated 9/3!**

Options
OnAndUp
OnAndUp Posts: 981 Forumite
Part of the Furniture 500 Posts Combo Breaker
edited 9 March 2011 at 1:30PM in Techie Stuff
OMG! The irony!

I was reading this thread earlier on only for the same thing to happen to me........The scary OTT messages on my screen and the scanner program trying to run.

I managed to get online on my phone and find the thread and followed the advice someone suggested. I ran windows in safe mode and then ran malwarebytes which picked up 3 things which I removed and restarted system.

When my system restarted everything seems to be ok? But I'm worried there might be still an issue/problem in the background somewhere? How would I know?

I have Avast anti-virus which updated to version 6? yesterday.

Can anyone please advise me if I need to do anything else?

BIG TIA!
"Things can only get better.................c/o D:Ream #The 90's :D"
«1345678

Comments

  • OnAndUp
    OnAndUp Posts: 981 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Oops wasn't allowed to post links! :eek:

    But am now!

    This is the thread I was reading with the same problem!

    https://forums.moneysavingexpert.com/discussion/3079774
    "Things can only get better.................c/o D:Ream #The 90's :D"
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    post the malwarebytes log file

    it will be under the Logs tab if you start the program
    Ex forum ambassador

    Long term forum member
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please open malwarebytes, goto LOGS and post the last log and the log that removed everything
    :idea:
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    too slow Rik, lol
    Ex forum ambassador

    Long term forum member
  • OnAndUp
    OnAndUp Posts: 981 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Thanks for your QUICK replies!


    Malwarebytes' Anti-Malware 1.50.1.1100
    https://www.malwarebytes.org

    Database version: 5897

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    27/02/2011 22:02:57
    mbam-log-2011-02-27 (22-02-57).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 251954
    Time elapsed: 32 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aFnFcBg08400 (Trojan.FakeAlert) -> Value: aFnFcBg08400 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\afnfcbg08400\afnfcbg08400.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\compaq_owner\application data\Sun\Java\deployment\cache\6.0\25\582900d9-3e2dec11 (Trojan.FakeAlert) -> Quarantined and deleted successfully.



    Thinks that;s it?
    "Things can only get better.................c/o D:Ream #The 90's :D"
  • Richie-from-the-Boro
    Richie-from-the-Boro Posts: 6,945 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper
    edited 27 February 2011 at 11:31PM
    Ebay is sticking this malware on many many puters, beware :eek: :beer:
    Disclaimer : Everything I write on this forum is my opinion. I try to be an even-handed poster and accept that you at times may not agree with these opinions or how I choose to express them, this is not my problem. The Disabled : If years cannot be added to their lives, at least life can be added to their years - Alf Morris - ℜ
  • OnAndUp
    OnAndUp Posts: 981 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    I had been on ebay (free listing day!) and dogsblog website just before it happened I thought eBay would have been the safer of the two! :eek:
    "Things can only get better.................c/o D:Ream #The 90's :D"
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Download HostsXpert
    http://www.softpedia.com/progDownload/Hoster-Download-27041.html
    and then follow the below steps.
    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it.
    * click the Make Writeable? button.
    * click Restore Microsoft's Hosts File and then click OK.
    * Click the X to exit the program


    ........................................................


    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    (If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)
    :idea:
  • 2sides2everystory
    2sides2everystory Posts: 1,744 Forumite
    Richie-from-the-Boro wrote: »
    Ebay is sticking this malware on many many puters, beware :eek: :beer:
    Is that link supposed to take us anywhere other than a "...cannot display the webpage" error message??
  • Richie-from-the-Boro
    Richie-from-the-Boro Posts: 6,945 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper
    RIK

    Its called Windows Disk Scan / the usual / tells you to defrag because you are short of disk space. At a guess its repacing defrag then getting you to run its *.exe .. .. then it's ' giime~ya~money~time '
    Disclaimer : Everything I write on this forum is my opinion. I try to be an even-handed poster and accept that you at times may not agree with these opinions or how I choose to express them, this is not my problem. The Disabled : If years cannot be added to their lives, at least life can be added to their years - Alf Morris - ℜ
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture