Spyware, viruses, & security : Random popups - possible trojan?
Random popups - possible trojan?
by caboman357 - 3/9/06 4:16 PMWhen I am browsing my harddrive, I have gotten two separate popups on my computer indicating my computer is at risk:
-The first popup says a securtiy breach was reached on my computer and it could be vulnerable to the blackworm virus. It then tries to direct me to download some software
-The second indicates I need to download a program that is something like WinFixer
So I scanned my computer with updated Ad-Aware SE Personal. After it detects about 2-4 process modules, I get a blue screen that says there was an error in winlogon.exe. I subsequently have to turn off and restart.
Windows Defender and EZArmor PestPatrol detect NOTHING. Also, EZAntiVirus and the online HouseCall by TrendMicro detects nothing.
How can I fix these problems when the only program detecting anything crashes in mid-search?
I am running Windows XP Media Center Edition.
Random popups
by Marianna Schmudlach
- 3/9/06 5:51 PM
In reply to: Random popups - possible trojan? by caboman357
Hi dinobud
-The first popup says a securtiy breach was reached on my computer and it could be vulnerable to the blackworm virus. It then tries to direct me to download some software
Do you have ALL critical Microsoft patches - I assume, you have SP2 already installed.....
Read here about "black worm removal".
-The second indicates I need to download a program that is something like WinFixer
How to remove Winfixer - click here
Good Luck !
You also could have a look at this thread......
by Marianna Schmudlach - 3/9/06 11:27 PM
In reply to: Random popups by Marianna Schmudlach
http://netscape.com.com/5208-6121-0.html?forumID=45&threadID=161018&messageID=1786637
HTH
Try This
by Bugbatter - 3/9/06 8:35 PM In reply to: Random popups - possible trojan? by caboman357Hi, dinobud,
The bogus Blackworm warning comes with a recent variant of the Vundo infection.
Download VundoFix.exe v. 4.2.30
http://www.atribune.org/ccount/click.php?id=4
Save it to your desktop.
* Double-click VundoFix.exe to run it.
* Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a minute or less.
* When VundoFix reopens, click the OK button.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click the YES button.
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click the OK button.
* When the computer has shutdown, turn your computer back on.
* The Winfixer/Vundo infection should now be cleaned from your computer.
Most likely, your Java is outdated and is what may have made you vulnerable to the infection.
Please follow these steps to remove older version Java components:
1. Close any open programs you may have running, especially your web
browser
2. Click Start > Control Panel
* Depending on your OS or configuration, you may have to click Start
> Settings > Control Panel
3. Open Add or Remove Programs
* If you have Windows 98 or Windows 2000, open Add/Remove
Programs
4. Click once on any item listing Java Runtime Environment in the name
* Not every version of Java will begin with "Java" so be sure to read
each entry in the list
5. Click the Remove or Change/Remove button
6. Follow steps 4 and 5 as many times as necessary to remove all
versions of Java. ** If at any time during the uninstallations, you are asked to reboot, do so. Then return to Add/Remove and continue removing any other versions of Java until all components of Java have been removed.
7. Delete the Java folder in Program Files.
8. Proceed with reinstalling Java
Continue Step 8 by going to http://www.java.com/en/ and install the latest version from the website .
Problem solved - but still perplexed about security breach
by caboman357 - 3/21/06 9:23 PM In reply to: Try This by BugbatterI wanted to thank everyone for their help. I actually decided it was best to restore my laptop's OS and start from scratch. I am writing my PhD thesis and couldn't afford to lose it midstream.
I did, however, remove all instances of Java and reinstalled the current version.
It still perplexes me how I would have picked up this trojan only on my laptop when my desktop is networked to it at home. I had the same instances of Java on both machines. My desktop is still currently free of infections.
My only explanation is that I roam on about 3 wireless networks through school and work. The infection must not have wanted to travel to my desktop at home (since I do have many folders shared). Since I was using Windows Firewall, I may have been more open to this security threat when not at home...?
I have McAfee firewall and antivirus running now on my laptop. It would be nice to be reassured if this may prevent this problem from recurring.
Thanks again, everyone!
Easy to fix... Try this.
by novelidea - 3/10/06 5:55 AM In reply to: Random popups - possible trojan? by caboman357Like the previous post said, WinFixer 2006 is Spyware.
This program gives you Popups, which are served via the VUNDO Trojan group.
Winfixer is a sneaky registry cleaner which when it isn't installed, continually asks the user to download their software on every reboot even if the user says no, and also at various times when using the internet. It is also installed along with various malware without the users permission.
It scares people into buying their software by insisting that they have a security breach and the blackworm virus. Then it tells you to download, and pay for, a program called WinAntiVirus Pro 2006. (or something like it)
Well, let me assure you, you do not have anything as bad as this. You just have an annoying program called Winfixer.
This is very easy to get rid of in my experience.
You do not have to buy any expensive programs either, like the previous posts link.
The program XOFTSPY SE will Not remove it. Some people have tried and failed.
Also, Norton nor Mcafee will do the trick, neither will Ad-Aware or ewido.
What you need is the Free program called VundoFix.exe which you can get from this link below. Follow the instructions.
http://www.softpedia.com/get/Antivirus/VundoFix.shtml
This program has worked every time for me when fixing PC’s with this problem.
Let me know what happens and good luck.
problem now
by FenrisUlf - 3/11/06 5:22 PM In reply to: Easy to fix... Try this. by novelideaI've been cursed with winfixer for awhile now but this morning symantec email scan was going crazy and scanning a million (exaggeration) messages when i booted up. It eventually stopped. But I scanned via Norton for viruses and found none (go figure). I updated spybot and scanned and found Virtumonde registries which I removed. But Winfixer popped up again.
Then I tried your VundoFix. It told me to remove files which I did. Now my email (Outlook Express) won't work at all.
My internet connection is fine. It's just outlook.
Ok... try this...
by novelidea - 3/13/06 8:46 AM In reply to: problem now by FenrisUlfPlease prnt this out, it's much easier.
According to Microsoft, if you are having trouble with either Internet Explorer 6 or Outlook Express 6 it's because of damaged files or missing registration information (XP registration trouble, not your name and address) you will need to either reinstall or repair the affected installation. I'm going to go over two ways that Microsoft suggests for dealing with IE6 and OE6 problems. Read over the entire article before making a decision about which method to use. At the end of Method II I've mentioned what I'd consider the best solution to this problem.
*********
Method I
One likely cause of IE6 and OE6 not functioning properly is a corrupted file. Microsoft says this is the ''most'' likely cause, but I think that's wishful thinking. To run a check on the files and see if one or more is corrupted use the System File Checker that is included with Windows XP.
Click [Start] [Run] and type sfc /scannow in the [Open] box.
(Note that there is a space between sfc and /scannow)
In all likelihood you will be prompted to insert the Windows XP CD ROM. If you don't have it available there is no point in continuing unless you have the files available on your hard drive and have changed the location of the XP installation files in the registry. If you do have the files copied to the hard drive, the default install location may be modified using the registry edit shown below.
[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: REG_SZ (String Value) // Value Name: SourcePath
Setting for Value Data: [Set using the path to the installation files, i.e. G:\WXPCCP_EN]
Exit Registry and Reboot
Running System File Checker is not a fast process. The machine I use for the majority of my everyday work is only a P-III 866 with 784MB RAM and a 20GB/5400 RPM C drive and it took between 7-8 minutes running off the hard drive. Expect much longer times if you run from the CD. Once the System File Checker has finished, reboot and test to see if the problem has been resolved. If the problem still exists you have three choices.
In-place upgrade of Windows XP
Repair Windows XP
Reinstall Windows XP
Since I'm 100% against upgrade installations of XP I won't recommend that option. A repair of Windows XP may solve the problem, but the fact the problem arose in the first place makes me suspect of the current installations overall integrity. I suggest a complete reinstall of XP after backing up all data files. However, before you select any of the above choices, look at Method II below.
--------------------------------------------------------------------------------
Method II
The second method to try and correct the problem involves editing the registry and reinstalling Internet Explorer 6. The standard cautions apply whenever you are editing the registry. If you need help on how to backup the registry, click here.
If you are having problems only with Internet Explorer 6, proceed as follows:
[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: DWORD // Value Name: IsInstalled
Setting for Value Data: [Change the Value from 1 to 0]
Exit Registry
If you are having problems only with Outlook Express 6, proceed as follows:
[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: DWORD // Value Name: IsInstalled
Setting for Value Data: [Change the Value from 1 to 0]
Exit Registry
If you are having problems with both Internet Explorer 6 and Outlook Express 6, proceed as follows:
Change the values in both of the registry keys as outlined above.
Exit Registry
Once you have made the appropriate registry changes use the link below to download and install Internet Explorer 6. The Internet Explorer 6 download includes Outlook Express 6. Reboot and test for proper operation.
http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.asp
Really, neither of the methods above that Microsoft recommends are bad, but my approach would be to first run the System File Checker from Method I, but stop short of doing any of the upgrade, repair, or reinstall options. If that didn't solve the problem, I'd go to Method II and reinstall IE6 and OE6. If that still didn't solve the problem I'd head back to Method I and do a complete reinstall of XP. It's still my contention that piling fixes and repairs onto a damaged operating system is just postponing the inevitable reformat.
When you have done all this, and everything is working fine, run VundoFix and nothing else. Don't run Norton or Spybot, just VundoFix. Then reset and surf the net. You should have no problems.
Let me know how you get on.
getting rid of WinFix
by Terry James - 3/21/06 4:10 PM In reply to: Easy to fix... Try this. by novelideaThanks ever so much for the recommendation--my machine picked up WinFix last week.
By following your instructions, I was able to use VundoFix to purge the aggravation from my computer. Now, all is well.
This may help
by robco11 - 3/13/06 8:59 AM In reply to: Random popups - possible trojan? by caboman357try going to www.downloads.com and type in the search box avg. download the avg single edition trile vertion and up date and scan. i use it but have paid for a lience because i belive it is the best. it is very good at picking up trogens. i hope it helps
sheepy
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
