ANTI VIRUS POPUPS

G

Guest

There's a blue colored icon with a question mark in the bottom right hand
part of my toolbar that keeps flashing asking me to download software.
"System has detected a number of active spyware..." I snooped around my comp
and found a SpyDawn and I uninstalled it. My roommate probably looked around
some sites that he shouldn't have and now I'm stuck with this annoying bubble
that asks me to download anti-virus software. Can anyone help me ?
 
D

David H. Lipman

From: "taileon" <[email protected]>

| There's a blue colored icon with a question mark in the bottom right hand
| part of my toolbar that keeps flashing asking me to download software.
| "System has detected a number of active spyware..." I snooped around my comp
| and found a SpyDawn and I uninstalled it. My roommate probably looked around
| some sites that he shouldn't have and now I'm stuck with this annoying bubble
| that asks me to download anti-virus software. Can anyone help me ?



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *
 
D

db

maybe it's a good thing
that you are suspicious about
that warning and didn't swallow
the lure.....

eventhough the uninstall may have
appeared successful, it's likely there
are remnants of the malware keys in the
registry and possibly there may have
been other programs installed that
piggybacked the one you uninstalled.

i suggest that you try a system restore
and see if there is a restore point prior
to installing that software.

if the above is helpful then a clean
boot, then a registry cleaner and then running an
antiviral is likely to be a reasonable idea.

if you want to try to target that particular
file then i suggest to download a freeware from
Microsoft.com called autoruns.

in it there will be a number of tabs but one
of them will indicate a process related
to that warning. you can
then check it off and double click the
filename to disable it in the registry.

you may want to pay close attention and
see if the parent folder for it is also revealed
so that you can delete it as well.
Then reboot and see what happens....

It's not clear if that msg is an indication
of an actual infection or a lure to get
infected. But once the phony warning
is disabled, i would begin the process
of cleaning your system...

- db
There's a blue colored icon with a question mark in the bottom right hand
part of my toolbar that keeps flashing asking me to download software.
"System has detected a number of active spyware..." I snooped around my comp
and found a SpyDawn and I uninstalled it. My roommate probably looked around
some sites that he shouldn't have and now I'm stuck with this annoying bubble
that asks me to download anti-virus software. Can anyone help me ?
 
P

PA Bear

The machine is already infected. The pop-ups are symptom. Do NOT click on
any links in the pop-ups!

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 
M

marz

"taileon" wrote ...
There's a blue colored icon with a question mark in the bottom right hand
part of my toolbar that keeps flashing asking me to download software.
"System has detected a number of active spyware..."
Click to expand...

Before getting out the axe and other brute force tools, start by figuring
out exactly what this thing is.

That will be just a starting point.

Use Process Explorer:

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
I snooped around my comp and found a SpyDawn and I uninstalled it.
Click to expand...

They are never single anymore. One means many. All it takes is one
drive-by installer to open the flood gate.

Get your entire toolbox out: Hijackthis, Spybot S&D, Adaware, virus
scanners, traffic analyzer to catch anyone calling home, etc, etc...

Getting clean is going to be painstaking. You are going to have to
scrutinize all running processes, startups, registry entries, files.

Basically, everything.
My roommate probably looked around some sites that he shouldn't have
and now I'm stuck with this annoying bubble that asks me to download
anti-virus software. Can anyone help me ?
Click to expand...

Once you are clean, disable the ActiveX bullshit, check for a java update,
and don't use (or allow anyone else to use) Internet Explorer again. Use
Firefox. Get an AV program if you aren't already using one. Avast and AVG
are both free. Norton is bullshit.

....finally, kick your roomdog's ass.
 
G

GateKeeper

taileon said:
There's a blue colored icon with a question mark in the bottom right hand
part of my toolbar that keeps flashing asking me to download software.
"System has detected a number of active spyware..." I snooped around my comp
and found a SpyDawn and I uninstalled it. My roommate probably looked around
some sites that he shouldn't have and now I'm stuck with this annoying bubble
that asks me to download anti-virus software. Can anyone help me ?
Click to expand...

Removal instructions here.

http://www.bleepingcomputer.com/forums/topic81275.html
 
L

Leythos

noheret@realorther said:
Some people don't like this person but she has proved trustworthy to me and
all the feedback given is positive and says it works. I have tested it and
it is an excellent fast safe removal tool.
http://help.lockergnome.com/security/Spyerase-ftopict9865.html
Click to expand...

And we all know that "She" is only referred to as "She" by PC BUTT S1
himself when trolling as his alternate nyms. It's also been confirmed
that PC BUTT S1 impersonates Sharon Franks many times.

Nothing that comes from any if the PC BUTT S1 sites, shown in the link
provided above, is legit, it's all scammed source code from other
people.

The reson that Sharon Franks (PC BUTT S1) didn't post a direct link is
because MS Usenet Admins are now erasing ALL posts by PC BUTT S1 and
anyone that posts links to HIS site.
 
S

Sharon Franks

I am Sharon Franks and I did post that message. it was not some impersonator
that you are obsessed with. Now I would appreciate it if you would stop
replying to my posts in this newsgroup. Every time I reply to someone you
always reply to me about your obsession. What is wrong with you?. Now thanks
to you I have tried and tested spyerase and it works, I don't care who made
it, it's none of my business. The fact is that it works that is why I
recommend it.

--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).
 
B

Batswana

Sharon said:
I am Sharon Franks and I did post that message. it was not some impersonator
that you are obsessed with. Now I would appreciate it if you would stop
replying to my posts in this newsgroup. Every time I reply to someone you
always reply to me about your obsession. What is wrong with you?. Now thanks
to you I have tried and tested spyerase and it works, I don't care who made
it, it's none of my business. The fact is that it works that is why I
recommend it.
Click to expand...


You are Christopher Butts [ aka; PCBUTTS1 ! ]
You are fooling nobody.

You are a fake and a phony and are guilty of falsifying creditations.
You are full of sh!t and so is you bullsh!t Blog. Most of your
so-called feedback replies are YOU using sock puppets and the ones that
you think are real are us [ ha, ha, ha... ].

You still have NO idea who you are providing Spyerase to password
protected or not. That's how we know you are a thief and plagiarizer.
 
L

Leythos

noheret@realorther said:
I am Sharon Franks and I did post that message. it was not some impersonator
that you are obsessed with. Now I would appreciate it if you would stop
replying to my posts in this newsgroup. Every time I reply to someone you
always reply to me about your obsession. What is wrong with you?. Now thanks
to you I have tried and tested spyerase and it works, I don't care who made
it, it's none of my business. The fact is that it works that is why I
recommend it.
Click to expand...

You are PC BUTT S1 and we've tracked it back several times through
several sources.

Any ethical person, a professional, would never make a statement that "I
don't care who made it, it's none of my business."

You will be called out each time nymshifter, it's what happens to
pirates and their supporters.
 
S

Sharon Franks

Abuse report filed with your isp for harassment.
(e-mail address removed)



From: Leythos <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
Subject: Re: ANTI VIRUS POPUPS - PC BUTT S1 impersonating again
Date: Sat, 24 Feb 2007 21:25:17 -0500
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Organization: Void
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
User-Agent: MicroPlanet-Gravity/2.70.2067
X-No-archive: yes
X-Face:
GdB\,+)nB_`=bi~37a!$XsV?,J0P;Mn)uP="TZP>NbO2\<7d4';Nf!QJi2uH;-[#3>hjr1G
3+Lq:jkuw%Y1-wLmm$=B$QsV+m~+g}r[(#C;(#f,h{;c_^;laO^h"V8.gHDVB$+SkqF8MZw:>=#XWh
asX3=0EPo}"~n/.W[ba5ch0R)yb-|++q:blush:<lWMZ,VlP5"74UE?)"p)'
Lines: 23
Message-ID: <[email protected]>
X-Complaints-To: (e-mail address removed)
Path:
TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!news-out.cwix.com!newsfeed.cwix.com!newscon02.news.prodigy.net!prodigy.net!nx02.iad01.newshosting.com!newshosting.com!post01.iad01!roadrunner.com!not-for-mail
Xref: TK2MSFTNGP01.phx.gbl microsoft.public.windowsxp.general:1677867
X-Antivirus: avast! (VPS 000716-3, 02/23/2007), Inbound message
X-Antivirus-Status: Clean



--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).
 
R

Rock

Sharon Franks said:
Some people don't like this person but she has proved trustworthy to me
and all the feedback given is positive and says it works. I have tested it
and it is an excellent fast safe removal tool.
http://help.lockergnome.com/security/Spyerase-ftopict9865.html
Click to expand...

You have to be PC Butts, no one else would recommend using anything he
produced, and you call him a she? All one has to do is read the other posts
in that thread you link to see what people think of Mr. Butts.
 
B

Batswana

Sharon said:
Abuse report filed with your isp for harassment.
(e-mail address removed)
Click to expand...

Butts you are such an a$$hole !

- You steal a VBS file from Kelly at Kelly's Korner and change the
comments and claim you created it.

- You steal the code of Noahdfear's SmitRem, remove the comments, rename
the batch file and claim you created it.

- You steal NAIL.ZIP from Cooper bastardize the code, remove his
comments, and claim you created it.

- You steal the MVP Hosts File from WinHelp2002, remove most of his
comments, and you claim you created it. [ Not all :) ]

- You steal the code of RogueFix remove Stuart's comments, you call it
Superfix and then Spyerase and claim you created it. Have you ever
thought Stuart logs your IP address each time you get RougeFix ? Ooops !

- You combine the plagiarized code of Roguefix with the plagiarized
codee of the MVP Hosts file and you congtinue to push Spyerase as your own.

- You find a solution to a problem on the Internet, copy the text and
don't reference the true author and you claim that its your work.

- You defame those that are the true authors and those willing who call
you out for your dirty deeds.

- You post as sock puppets because you were banned on the Microsoft news
group. You have also impersonated Leythos and some Microsoft MVPs.
Sush as Robear Dyer and Sharon Finks { sorry Leythos you are wrong on
that point }

And you have the f--king audacity to claim abuse from someone !
Oh, and who are you going to file this allerged claim as ?
Since this Sharon Franks is Sock Puppet and not a REAL account, how can
it be taken seriously ?

And your posting...
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).
{ which is a damn lie and you are perpetrating a fraud }

is the same as you post on your propaganda Blog "About me"
http://pcbutts1-therealtruth.blogspot.com/

"...Microsoft Certified Solutions Developer (MCSD) MS certified Trainer
(MCT)..."

Oh and that picture, do you really think anyone will believe that
picture is YOU !

Maybe we should just call you "Flex" and use this picture...
http://us.f2.yahoofs.com/users/4224879bz43724fe/pcbutts1/__sr_/a29b.jpg?pf7lQ4FBeKiU8Jzs

No, you are just an ugly looking wimp around 44 years old.
 
L

Leythos

noheret@realorther said:
Abuse report filed with your isp for harassment.
(e-mail address removed)
Click to expand...

Strangely enough, since one of the RR Security chaps in the NOC knows
all about PC BUTT S1 (you), they will laugh at this, and ignore your
complaint as unfounded.

You can't claim harassment just because someone states the truth and/or
calls you out for posting links to pirated code.

Oh, and even better, your complain is worthless unless filed with a real
name and address, which they have to provide to users that complaints
are filed against.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Which Anti-Virus good for eBay site? 7
Anti Virus 2009 9
Anti-Virus interference 9
Anti-Anti-Virus Software 51
unsolicited anti virus programme 8
Can't successfully install anti-virus software 3
ca anti virus software removal help 2
fake anti-virus programs 2

Top