Jump to content

MB identified Fake Virus Alert Trojan: next step?

Recommended Posts

For some reason, perhaps while opening a legitimate Yahoo mail (without attachments) on XP and Firefox, my system got infected with a virus that showed the following warnings:

Fake System Tray Warnings

Fake Alert Popups

It also attempted to open websites listed below:



I somehow managed to download Avira AntiVirus while I was getting these popups, but it didn't find anything. My friend suggested that I do a system restore to early June, after disconnecting my DSL connection. Things were OK for a day after that, and I also installed Microsoft Security Essentials, which didn't find anything. This morning I started getting the same fake alerts. Once again, I disconnected my DSL, ran system restore to a date in May, installed MSE, which didn't find anything again. While doing a Google search, I heard about MB, installed it and it did find the Trojan and removed it (it's quarantined). Now here's the question: do I need to disable restore, run a full scan, or??? Pardon me if my questions seem dumb, since I'm not a techie.

By the way, I will be purchasing this terrific product!

Link to post
Share on other sites

Sorry, I should have posted this log earlier:

Malwarebytes' Anti-Malware 1.46


Database version: 4278

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/5/2010 9:41:27 AM

mbam-log-2010-07-05 (09-41-27).txt

Scan type: Quick scan

Objects scanned: 119317

Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\S\Local Settings\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello svtrader! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Please follow these instructions:


Post all logs if you can.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.