Please help - fake antivirus

chopandchange

Thank you. It's very kind of you.

So if the AVs are finding nothing and now this is showing nothing, what was that awful scary thing that just appeared and started pretending to scan my computer at a rate of knots? I don't get it. Was it not really there? Was it a virus pretending to be a virus just to scare me? Is that even possible?

I'm unsure of whether I'm clean or not now.

aliEnRIK

Chances are you had to click on it before it could do anything

So your more than likely clean

If you want a better check -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)

chopandchange

Thank you!

Well, I did click on the little pop-up windows that kept coming, but that only made it worse. It was one of those ones that only got worse when you clicked cancel. So I panicked and shut down, and when I rebooted it all seemed to have vanished. Key word: seemed.

I am running SuperAntiSpyware now. Then I'll maybe do that extra one you say.

Thank you so much for all the help.

closed

upload this to https://www.virustotal.com to check it out

C:\Users\ELIZAB~1\AppData\Local\Temp\RtkBtMnt.exe

chopandchange

SUperantispyware found nothing, either. I simply don't understand it. Surely there must be something there?

chopandchange

closed wrote: »

upload this to www.virustotal.com to check it out

C:\Users\ELIZAB~1\AppData\Local\Temp\RtkBtMnt.exe

Thank you! Was that something on the log that could have been a virus?

Edit: done it. Does this mean it's safe?

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
RtkBtMnt.exe
Submission date:
2011-04-16 20:11:46 (UTC)
Current status:
queued (#35) queued analysing finished

Result:
0/ 41 (0.0%)

zzzLazyDaisy

Sorry to butt in, just a quick question.

I have McAfee on my laptop as part of my O2 broadband package.

I also have Microsoft Security Essentials which someone recommended as a back-up when I was having a problem with my laptop.

Are you saying that I shouldn't have both? And if so is it enough to disable MSE or should I uninstall it altogether?

Thanks

chopandchange

RussJK wrote: »

Funny file name - if you were paranoid, you would think it stood for "rootkit boot mount"... But it's the 'Realtek HD Audio Data Rerouter' apparently.

Thank you. Is there anything else that I should be paranoid about? Am I OK to do some online banking and shopping now, or would that be a bad idea?

closed

virustotal said 0, so it's safe - thought it would be, but exe's running in temp are suspicious which is why I suggested the check.

3 scanners you could try to make sure your system is clean

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.surfright.nl/en/hitmanpro
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

and something that will remove some of the (harmless) bloat http://www.malwarebytes.org/StartUpLite.exe

lazydazy, 2 resident virus scanners will slow your pc down, personally i'd uninstall both of them and use avast free instead, you should uninstall one of them at least.