Win fix pop ups, blackworm virus warning

[Guest]

All of a sudden when I go searching or doing most anything on this puter a
security center window pops up that looks like it is an XP window.
It warns that I may be infected with the blackworm virus and recommends
I download security software suggesting Win Av Pro 2006 or winantispyware.
I did download the Win av pro 2006 for it was so darn annoying I thought it
was legit.
Ran spybot, got it out of there but cannot find it in my computer programs
anywhere to get rid of it. Ran stinger, avast and am now running ad aware .
Have done all the above before to no avail, it still is popping up.
What to do now?

 

[Malke]

All of a sudden when I go searching or doing most anything on this
puter a
security center window pops up that looks like it is an XP window.
It warns that I may be infected with the blackworm virus and
recommends
I download security software suggesting Win Av Pro 2006 or
winantispyware.
I did download the Win av pro 2006 for it was so darn annoying I
thought it was legit.
Ran spybot, got it out of there but cannot find it in my computer
programs
anywhere to get rid of it. Ran stinger, avast and am now running ad
aware . Have done all the above before to no avail, it still is
popping up. What to do now?

You got taken by a scam. WinAntivirus is malware. Cancel the charges on
your credit and do the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

and then go through these removal steps:
http://www.elephantboycomputers.com/page2.html#Winfixer

After you've done those, go back and do the rest of the general removal
steps from the first link. I know you've already done some scans, but
you need to be systematic, have done the preparation work, and be in
Safe Mode.

After you get your computer clean, see this page by MVP and security
expert Eric Howes about "rogue" antispyware programs - of which
WinAntivirus is one:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke

 

[Roberto]

All of a sudden when I go searching or doing most anything on this puter a
security center window pops up that looks like it is an XP window.
It warns that I may be infected with the blackworm virus and recommends
I download security software suggesting Win Av Pro 2006 or
winantispyware.
I did download the Win av pro 2006 for it was so darn annoying I thought
it
was legit.
Ran spybot, got it out of there but cannot find it in my computer programs
anywhere to get rid of it. Ran stinger, avast and am now running ad aware
.
Have done all the above before to no avail, it still is popping up.
What to do now?

Run smitfraud from safe mode
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

rgds
Roberto

 

[leftred]

All of a sudden when I go searching or doing most anything on this puter a
security center window pops up that looks like it is an XP window.
It warns that I may be infected with the blackworm virus and recommends
I download security software suggesting Win Av Pro 2006 or
winantispyware.
I did download the Win av pro 2006 for it was so darn annoying I thought it
was legit.
Ran spybot, got it out of there but cannot find it in my computer programs
anywhere to get rid of it. Ran stinger, avast and am now running ad aware .
Have done all the above before to no avail, it still is popping up.
What to do now?

I had exactly the same problem.
If the web address of all of the pop ups end in "yyy65html", a tool called
Look2Me Remover v1.1.0 available from the following URL killed the problem
for me yesterday. It worked like a dream.
http://www.raymond.cc/blog/archives...lorer-browser-auto-popup-ads-normalyyy65html/

 

[Guest]

Thanks to all of you, I have some work to do-the pop ups are driving me insane.
Malke, I did not pay for anything, thank goodness-no charge card # or any
kind of payment involved, seems this lovely problem is free-ha !

 

[Malke]

Thanks to all of you, I have some work to do-the pop ups are driving
me insane.
Malke, I did not pay for anything, thank goodness-no charge card # or
any kind of payment involved, seems this lovely problem is free-ha !

Glad you didn't pay for anything rogue. Good luck with the cleanup.

Malke

 

[Plato]

All of a sudden when I go searching or doing most anything on this puter a
security center window pops up that looks like it is an XP window.

http://www.bootdisk.com/xptop20.htm#3

 

[Guest]

leftred,

tried that Look2Me to no avail-it found nothing so I guess those specific
yyy type/s are not my problem. I do know the main window that pops up that
seems to be the instigator of all the rest address is as follows:
amaena.com/securityworm2/?aid=amr2&lid=alli ds
( left off the http://www. part at the beginning of the above address in
case it would somehow or another cause any trouble here and not totally sure
I have the alli ds part at the end right either )
now~~~where do I find that L2MR program IN my computer to get it out/off,
I cannot find the name of it in my programs or in start up, etc. -only on my
desktop where I saved it.
Malke, I may have to hire someone to do all you suggest but guys, I would
rather go with a tried and true "easy" way, tool or whatever that I can do
here myself .

I am computer challenged for the most part but if Mcafee or some reallly safe
company has tried and true download I can buy and it works, I will go for it
for I am sure I would have to pay someone more than to get it off that
computer.
I also downloaded the Windows Beta defender off this site here and it too is
not finding a problem. I just don't want to bog my computer down with a lot
more programs than it needs right now, want a surefire fix that can be done
fairly easily on my part.

Thanks again you guys for all your help, I am listening !

 

[leftred]

leftred,

tried that Look2Me to no avail-it found nothing so I guess those specific
yyy type/s are not my problem. I do know the main window that pops up
that
seems to be the instigator of all the rest address is as follows:
amaena.com/securityworm2/?aid=amr2&lid=alli ds
( left off the http://www. part at the beginning of the above address
in
case it would somehow or another cause any trouble here and not totally
sure
I have the alli ds part at the end right either )
now~~~where do I find that L2MR program IN my computer to get it out/off,
I cannot find the name of it in my programs or in start up, etc. -only on
my
desktop where I saved it. <snipped>

The amaena address you are seeing is one of those I saw too.

My experience is that any anti-spyware that you install since the original
infection
will not be effective, even Windows Defender as you found yourself. The
infection defends itself quite well.

Another interesting thing is that the program may have placed itself in your
"trusted sites" list. In internet security go to Tools>Internet Options>
Security> Trusted Sites and click sites. Delete any of the pop-up sites that
you find.

Then, Assuming that you are using WindowsXP
You need to double click the Zip file that you downloaded to your desktop.
It will then show you a window with the unzipped files.
Click "extract all files" in the left pane of the window, click Next and
note the folder
destination. Ensure that there is a "check" in the "show extracted files"
box and
click Finish.
A window will open showing the extracted files.
Double click L2MRemover.exe and the program will open.
Click the SCAN button.

That did it for me.

If that works, restart windows and run any/all anti-spyware programs you
have after
updating them. There will still be some rubbish left on your hard drive.
Most likely
a folder in Program Files call WinAntiVirus. Delete that.

The L2MRemover program is not installed IN your PC. It runs from the folder
where
you extracted the files. Delete the folder and the file on your desktop and
it is gone.

If that doesn't help, I suggest that you format your drive, re-install
everything and be
more cautious about what you let into your system in future.

good luck.

 

[Rhonda]

I had the same problem with the pop-up. I clicked on it and i
started SpyQuake. I don't know how many times I deleted an
uninstalled it but it still came back.

After about 4 days, I finally gave up and went to SpyQuake's web sit
and asked them how to get it off my computer. I also threw in a lin
something like this
"Is this how you sell your product, by attacking someone'
computer and then making them pay to get rid of it?!

I then shut down and went to bed. The next morning it was gone!
don't know for sure if that is what really got rid of it but it sur
helped me to vent! They never did reply to my email. LO

 

[Guest]

The amaena address you are seeing is one of those I saw too.

My experience is that any anti-spyware that you install since the original
infection
will not be effective, even Windows Defender as you found yourself. The
infection defends itself quite well.

Another interesting thing is that the program may have placed itself in your
"trusted sites" list. In internet security go to Tools>Internet Options>
Security> Trusted Sites and click sites. Delete any of the pop-up sites that
you find.

Then, Assuming that you are using WindowsXP
You need to double click the Zip file that you downloaded to your desktop.
It will then show you a window with the unzipped files.
Click "extract all files" in the left pane of the window, click Next and
note the folder
destination. Ensure that there is a "check" in the "show extracted files"
box and
click Finish.
A window will open showing the extracted files.
Double click L2MRemover.exe and the program will open.
Click the SCAN button.

That did it for me.

If that works, restart windows and run any/all anti-spyware programs you
have after
updating them. There will still be some rubbish left on your hard drive.
Most likely
a folder in Program Files call WinAntiVirus. Delete that.

The L2MRemover program is not installed IN your PC. It runs from the folder
where
you extracted the files. Delete the folder and the file on your desktop and
it is gone.

If that doesn't help, I suggest that you format your drive, re-install
everything and be
more cautious about what you let into your system in future.

good luck.

I have the same problem. I did a search for winantivirus. Found a bunch that had that said WinsoftwareWinantivirusPro 1, 2, 3 etc...Is it safe for me to delete all these files? Some have that blue E on the folder others just a zipper and frankly I don't know what any of it means.