Help!!

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions - Anti-virus discussions related to Microsoft products

Bookmark this page: YahooMyWeb

Yahoo!

Google

Windows Live

del.icio.us digg

digg

Netscape

Subject

Author

Date

Help!!

adrian palmer

09-18-2008

Re: Help!!

David H. Lipman

09-18-2008

Re: Help!!

Lance

09-18-2008

Re: Help!!

David H. Lipman

09-18-2008

Re: Help!!

FromTheRafters

09-19-2008

Re: Help!!

~BD~

09-19-2008

Re: Help!!

Heather

09-19-2008

Re: Help!!

FromTheRafters

09-19-2008

Re: Help!!

David H. Lipman

09-19-2008

Re: Help!!--solution here

kalyan

09-22-2008

Posted by =?Utf-8?B?YWRyaWFuIHBhbG1lcg== on September 18, 2008, 6:38 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Despite having both a firewall and an up-to-date anti-virus program running
on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have
run a virus scan through the antivirus software, and it has told me that I
have a trojan, and that it has removed it. However I keep getting a
Windows-type security pop-up saying that my firewall has detected a problem.
The pop-up seems suspicious and some of the wording doesn't seem consistent
with other windows msgs i've had before. My only option with this pop-up is
to download some software to remove it. This leads me to this website:

http://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a=

Has anyone heard of this? Are thety actually affiliated with Microsoft, and
will it remove the problem? I have downloaded the latest Mallicious Software
program and run it, which also tells me that I have a problem, but not really
what to do about it. CAn anyone help me please??
Adrian

Posted by David H. Lipman on September 18, 2008, 7:28 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| Despite having both a firewall and an up-to-date anti-virus program running
| on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have
| run a virus scan through the antivirus software, and it has told me that I
| have a trojan, and that it has removed it. However I keep getting a
| Windows-type security pop-up saying that my firewall has detected a problem.
| The pop-up seems suspicious and some of the wording doesn't seem consistent
| with other windows msgs i've had before. My only option with this pop-up is
| to download some software to remove it. This leads me to this website:

| hxxp://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a=

| Has anyone heard of this? Are thety actually affiliated with Microsoft, and
| will it remove the problem? I have downloaded the latest Mallicious Software
| program and run it, which also tells me that I have a problem, but not really
| what to do about it. CAn anyone help me please??
| Adrian

You left out important details.
- What Trojan ?
- What file (fully qualified name and path) ?
- What anti virus application detected this ?

No, they aren't affiliated with Microsoft. In fact this looks like they are
associated
with the crooks of RBN.

PCAntispy_Installer_eng.exe and PCCleanPro_Installer_eng.exe are basically the
same.

http://www.virustotal.com/analisis/fc0d4be1c43a58ef4a1637546b0a26f9
http://www.virustotal.com/analisis/be2bf700ee9096b51a5ae639be1afdbc

AntiVir 7.8.1.34 2008.09.18 TR/Dropper.Gen
Ikarus T3.1.1.34.0 2008.09.19 Virus.Win32.Roodro
Webwasher-Gateway 6.6.2 2008.09.18 Trojan.Dropper.Gen

You are still infected. Old game, malware installs on PC, gets you to download
so-called
anti malware to get you to pay for remover.

Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert
forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Posted by Lance on September 18, 2008, 8:50 pm

If you were Registered and logged in, you could reply and use other advanced thread options

adrian palmer wrote the following on 9/18/2008 15:38:

> Despite having both a firewall and an up-to-date anti-virus program running

> on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have

> run a virus scan through the antivirus software, and it has told me that I

> have a trojan, and that it has removed it. However I keep getting a

> Windows-type security pop-up saying that my firewall has detected a problem.

> The pop-up seems suspicious and some of the wording doesn't seem consistent

> with other windows msgs i've had before. My only option with this pop-up is

> to download some software to remove it. This leads me to this website:

> http://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a=

> Has anyone heard of this? Are thety actually affiliated with Microsoft, and

> will it remove the problem? I have downloaded the latest Mallicious Software

> program and run it, which also tells me that I have a problem, but not really

> what to do about it. CAn anyone help me please??

> Adrian

Could it possibly be this Trojan-Spy.Win32.GreenScreen?
http://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/

I'm curious because I have a user who reported today his Windows
"firewall" warned of finding a problem.

Lance
*****

Posted by David H. Lipman on September 18, 2008, 9:21 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| Could it possibly be this Trojan-Spy.Win32.GreenScreen?
|
hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/

| I'm curious because I have a user who reported today his Windows
| "firewall" warned of finding a problem.

| Lance
| *****

Lovely... SpyNoMore fraud/crap

He has a trojan which sends hime to a rogue anti amwlare siite and your reply,
send hime
to another !

That site states if you want to remove something get the download [
Download_snm-2.67_swpl.exe].
That is a downloader downloads; snm-2.67_swpl.exe for SpyNoMore and here are
the
results.

AntiVir 7.8.1.34 2008.09.18 PHISH/FraudTool.SpyNoMore.G.76
Arcavir 1.0.5 200809181409 2008-09-18 1.22
Riskware.Fraudtool.Spynomore.G
Avast 4.8.1195.0 2008.09.18 Win32:Spyware-gen
CAT-QuickHeal 9.50 2008.09.17 FraudTool.SpyNoMore.g (Not a Virus)
CP Secure 1.1.0.715 2008.09.19 2008-09-19 5.88
FraudTool.W32.SpyNoMore.g
Ewido 4.0 2008.09.18 Not-A-Virus.Adware.EShoper
Fortinet 3.113.0.0 2008.09.18 Misc/SpyNoMore
GData 19 2008.09.19 Win32:Spyware-gen
Ikarus T3.1.1.34.0 2008.09.19 Trojan.Hooker.31
K7AntiVirus 7.10.461 2008.09.18 not-a-virus:FraudTool.Win32.SpyNoMore.g
Kaspersky 7.0.0.125 2008.09.19 not-a-virus:FraudTool.Win32.SpyNoMore.f
Quick Heal 9.50 2008.09.17 2008-09-17 1.79
FraudTool.SpyNoMore.g
(Not a Virus)
Sophos 4.33.0 2008.09.19 SpyNoMore Installer
TheHacker 6.3.0.9.087 2008.09.18 Aplicacion/SpyNoMore.g

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Posted by FromTheRafters on September 19, 2008, 7:49 am

If you were Registered and logged in, you could reply and use other advanced thread options

> | Could it possibly be this Trojan-Spy.Win32.GreenScreen?

> |

hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/

Cut and paste from that URL:
"Trojan-Spy.Win32.GreenScreen is a melicious warning message"

...so, do I need anti-melware software now too?

The site map in XML format XML site map