fake anti-virus programs

Discussion in 'Windows XP Security' started by Guest, Feb 22, 2007.

  1. Guest

    Guest Guest

    I was joking around and went on an adult web site which asked to clikc a pic
    to see a video. After clicking it, I kept getting pop up windows ( not like
    internet windows but the kind that have "ok" and "cancel" at the bottom)
    telling me that some anti-virus software (not the kind I purchased) have
    detected all of these worms and viruses. Well, I did a system check with MY
    anti-virus scanner and no corrupted or potentially dangerous files were found
    ( I did a FULL system check). Now, in the bottom right hand corner on the
    screen ( like where the volume and time are located) i get a bubble that pops
    up almost every 5 min. stating that a virus or worm was found on my computer,
    and to click the balloon to quarrentine that file. I have also gone through
    and deleted the FAKE anti-virus programs from the add/remove programs section
    of the control panel. PLEASE HELP!
     
    Guest, Feb 22, 2007
    #1
    1. Advertisements

  2. From: "confused?" <confused?@discussions.microsoft.com>

    | I was joking around and went on an adult web site which asked to clikc a pic
    | to see a video. After clicking it, I kept getting pop up windows ( not like
    | internet windows but the kind that have "ok" and "cancel" at the bottom)
    | telling me that some anti-virus software (not the kind I purchased) have
    | detected all of these worms and viruses. Well, I did a system check with MY
    | anti-virus scanner and no corrupted or potentially dangerous files were found
    | ( I did a FULL system check). Now, in the bottom right hand corner on the
    | screen ( like where the volume and time are located) i get a bubble that pops
    | up almost every 5 min. stating that a virus or worm was found on my computer,
    | and to click the balloon to quarrentine that file. I have also gone through
    | and deleted the FAKE anti-virus programs from the add/remove programs section
    | of the control panel. PLEASE HELP!

    It is called a SmitFraud Trojan !



    Two part reply..

    Perform Part 1 then perform Part 2.

    If the first two parts don't work, perform the alternate section.

    It is suggested that you execute each tool in Normal Mode then in Safe Mode.



    Part 1
    -----------

    Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
    http://noahdfear.geekstogo.com/click counter/click.php?id=1

    http://www.bleepingcomputer.com/forums/topic43659.html


    Part 2
    -----------

    Download SmitFraud.exe from the URL --
    http://www.ik-cs.com/programs/virtools/SmitFraud.exe

    Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
    Choose; Unzip
    Choose; Close

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to enable WGET.EXE to download the needed McAfee related files.

    Execute; c:\mcafee\clean.bat
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
    C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
    displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
    WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
    shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
    but your PC will automatically be shutdown. It is suggested that you move the report out of
    c:\mcafee before performing another scan.

    It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.


    ALTERNATE:

    S!ri's SmitfraudFix
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php



    Please Copy and Paste the contents of the HTML Log files;
    C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

    * * * Please report back your results * * *
     
    David H. Lipman, Feb 22, 2007
    #2
    1. Advertisements

  3. Guest

    Notan Guest

    <snip>

    Seriously, who are you trying to kid? <g>
     
    Notan, Feb 22, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.