Warning Your're in Danger infection

[Jan Scholl]

I am infected with the "Warning Your're in Danger" virus/trojan/whatever is is. I scanned using up to date Microsoft Essentials and it said there was a trojan downloader and an infected temp file and removed it. I then ran Malwarebytes with up to date software and it found a desktop tool and said it removed it. But I have tried running it twice and neither time has it done anything to remove it after rebooting. I am able to log on as Administrator on my computer and access the internet but the infection is under my regular account on this computer named Jan. There is another user named Ron but I don't know if he is having issues. I don't want to infect him. I cannot run virus protection or Malwarebytes under Jan but I can run both as the Administrator. The virus put some weird wallpaper with words Warning Your're in danger. You computer is infected with spyware. I know this is a fake thing to get money from me. But it's locked me out from all my personal files under the user Jan.

I am not tech savvy and am not sure what to do now. I have the program OTL on my desktop and ran it for a similar problem several months ago. I don't remember how to do it now, so I really need some help here. If I get infected on the Administrator account I won't be able to have any access to the internet at all. I don't even know how to use these forums correctly so please forgive me if I am confused and need things pointed out.

Anyways-please help me fix this. I am so upset I am shaking.

Jan Scholl

[Maniac]

Hello Jan! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Don't worry, Jan! Before we go, please manually delete your copy of OTL. Next:

• Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr .
  
• Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

• :\_OTL\Moved Files
  • in most cases this will be C:\_OTL\Moved Files
    

[Jan Scholl]

Hello Jan! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Don't worry, Jan! Before we go, please manually delete your copy of OTL. Next:

• Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr .
  
• Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

• :\_OTL\Moved Files
  • in most cases this will be C:\_OTL\Moved Files
    

Borislav--

thank you so much for your offer of help. I went to bed early Christmas morning and went over and over what I thought I had done last time this happened in October. I have always had Malwarebytes take care of this type of problem, so I know it had to be something else. When I got your posting this afternoon, I told myself I wanted to do another Virus scan and another Malwarebytes scan before I did the steps you said to do. These take over 5 hours for both of them. It was then I thought after rebooting from the Malwarebytes instructions that I should log in as the administrator user since that was the only way I could use the internet. Before when I had this problem, as soon as I rebooted, I went right to MY user account and it was always infected. So I logged in as Administrator and then re-ran both programs until I got the zero infections. Then I logged into my regular user account and its all fine now. 4 hours later and I am able to use all the accounts without any problem. So for now, I will let it be and hope it won't happen again.

I do have a question. I am always up to date on all my virus protection and all updates for Malwarebytes and Windows. I never download or go to bad sites, I have a firewall and a modem/router for my dsl and I wonder why this always happen. I realize the "bad guys" are always one step ahead of the software fixes but this is the 4th time its happened to me since summer. I have been on Facebook every time. Other than stay off the internet, what other things can I do to hopefully not have this happen again. I run my updated virus and other protections every Thursday like clockwork.

Again, thank you for the offer of helping me. I hope I don't have to bother you again. I want to buy the full version as soon as my husband gets his retirement check. We have three computers but this desktop is the most important and most used.

I am also very proud of myself for thinking this out and resolving the problem. Must have been that 40 minute run that cleared the cobwebs from my head.

Jan (in Michigan)

[Maniac]

There are many ways. Maybe someone has downloaded a file that contains malicious code and it started. Another option is to visit even legitimate page that has been hacked and was injected with malicious code, resulting in, you also become infected. Here are some addresses where you can check websites and files containing malicious code:

http://www.mywot.com

http://virustotal.com

http://safeweb.norton.com

http://siteadvisor.com

The most important is to keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

That's enough for your secure!

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.