Jump to content

Fake alert problems


Recommended Posts

I was infected last night while using google image to look up 3d crowbar models. Weird target audience huh? :)

I have AntiVir's guard active all the time, but still, a fake alert randomly popped up.. Win Protector or something.. doing a fake scan. I Alt+F4d right away and checked my running processes. Something that was weird to me was that I had two wmiprvse.exe, but one was a "network service". Not sure if that is abnormal, or if I just never noticed it before.

Since then I have scanned with AntiVir which comes up with nothing and I just re-downloaded MBam about an hour ago, but it kept saying the install was corrupted and to download it again. I eventually downloaded it from cnet instead, which worked, but I don't think it's up-to-date, so I clicked Update which gave me this error:

An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team.

Error code: 732 (12029, 0)

Regardless, I did a search for recently created files and found the WinProtector or SysGuard or whatever in Administrator/Local Settings and deleted the whole folder (it was called 'mgbuiy' or something) since it was created the same day, and scanned with MBam which found two things at the very end, and here is the log:

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.2.3790 Service Pack 2

Internet Explorer 8.0.6001.18702

1/19/2010 3:18:20 PM

mbam-log-2010-01-19 (15-18-20).txt

Scan type: Full Scan (C:\|)

Objects scanned: 216913

Time elapsed: 41 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

It would seem that it's been dealt with then, but, if I run HJT, I get a lot of (file missing) errors next to, what I THINK are critical Windows processes... so I'm afraid to click them and click Fix Checked... Unless they are all fake...?

I haven't gotten any fake pop-ups aside from the very first one which I alt-F4'd as fast as I could, however, there are those file missing things and Internet Explorer doesn't connect anymore. I don't use IE, I use FireFox, but it's still troubling... it says:

Internet Explorer cannot display the webpage

What you can try:

It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.

Retype the address.

Go back to the previous page.

Most likely causes:

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.