Mat Posted August 22, 2008 Share Posted August 22, 2008 This fake system message pop-up type of thing keeps on coming up saying it has detected a trojan and wants me to buy their rouge anti spyware program to get rid of it.. I have used so many programs and tried so many things but it just won't go away. My computer had Antivirus Xp (another rouge antivirus seller) and I got rid of it but this part of it stayed, its annoying.. I want to get rid of it along with all the harm it has caused. Different pop-ups come up each time but they are something like this: Trojan-clicker.win32.tiny.h Trojan-downloader.win32.agent.bq Trojan-spy.win32.keylogger.aa Trojan-spy.win32.GreenScreen Trojan-spy.HTML.Bankfraud.dq Things I have tried: Malwarebytes' Ad-Aware Advanced Windows Care V2 Spybot Search and Destroy SUPERantispyware AVG 8.0 Spyware Doctor ATI or ATF or something cleaner as well. as well as one or two other things that I can't remember fully.. but anyway.. Link to comment Share on other sites More sharing options...
Wisp Posted August 23, 2008 Share Posted August 23, 2008 I had that too, and i ended up just wiping my hardrive, I got it when my computer was pretty new also, so I didn't lose much. Not sure how to get rid of it, I tried all that. Hegemony-Spain Link to comment Share on other sites More sharing options...
VARN Posted August 23, 2008 Share Posted August 23, 2008 I would try Panda scan or Hijack this Link to comment Share on other sites More sharing options...
Sbrideau Posted August 23, 2008 Share Posted August 23, 2008 I would try Hijackthis, Housecall or Kaspersky's online scanner. Kaspersky got me rid and protected from a lot of viruses for quite a while now. Housecall got a few spywares off my computer once (on the one time I ran it XD). You could also check the Add/Remove programs in the control panel, I've seen some rogue antiviruses being listed there for some idiotic reasons I don't know :lol: Link to comment Share on other sites More sharing options...
konzserwas Posted August 23, 2008 Share Posted August 23, 2008 Try getting Zone Alarm Security suite (trial will do). keep it running for some time, then check the program list for anything suspicious. If you find anything that looks like it, click "trust level" and hit "kill" EDIT: you might also wanna scan with their anti spyware Link to comment Share on other sites More sharing options...
reny06 Posted August 23, 2008 Share Posted August 23, 2008 Ive got Antivirus XP 2008 aswell, I cant get rid of it and its stuffing around with my browser too I cant get onto any sites that include Anti Viruses This is really annoying! Why do people make pathetic programs like this! God Link to comment Share on other sites More sharing options...
Mat Posted August 23, 2008 Author Share Posted August 23, 2008 not sure what I should do with this..? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:48 AM, on 8/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\csrss[Caution: Executable File] C:\WINDOWS\SYSTEM32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv[Caution: Executable File] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgwdsvc[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgrsx[Caution: Executable File] C:\Program Files\Java\jre1.6.0_01\bin\jusched[Caution: Executable File] C:\Program Files\D-Link\AirPlus G\AirGCFG[Caution: Executable File] C:\WINDOWS\system32\carpserv[Caution: Executable File] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgtray[Caution: Executable File] C:\Program Files\Spyware Doctor\pctsAuxs[Caution: Executable File] C:\Program Files\Spyware Doctor\pctsTray[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File] C:\WINDOWS\system32\mjoncxel[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgemc[Caution: Executable File] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer[Caution: Executable File] C:\Program Files\Spyware Doctor\pctsSvc[Caution: Executable File] C:\WINDOWS\System32\alg[Caution: Executable File] C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\aAvgApi[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy[Caution: Executable File] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat[Caution: Executable File] C:\DOCUME~1\NEPALE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File] C:\DOCUME~1\NEPALE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Microsoft Office\Office10\WINWORD[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File] C:\WINDOWS\System32\wbem\wmiprvse[Caution: Executable File] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit[Caution: Executable File],C:\WINDOWS\system32\wscript[Caution: Executable File] C:\WINDOWS\system32\boot.vbs, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {613C1E9B-077F-4679-006F-02197C172746} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched[Caution: Executable File]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG[Caution: Executable File] O4 - HKLM\..\Run: [CARPService] carpserv[Caution: Executable File] O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2[Caution: Executable File] O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray[Caution: Executable File] O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray[Caution: Executable File]" O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3[Caution: Executable File] O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager[Caution: Executable File]" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [apistrmon] C:\WINDOWS\system32\lorqhmde[Caution: Executable File] O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File] O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File] O4 - HKCU\..\Run: [srvInfoGen] C:\WINDOWS\system32\mjoncxel[Caution: Executable File] O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: Executable File] O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4146264746 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4248445014 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File] O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File] O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File] O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc[Caution: Executable File] O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc[Caution: Executable File] O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File] O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer[Caution: Executable File] O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv[Caution: Executable File] O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch[Caution: Executable File] O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent[Caution: Executable File] O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs[Caution: Executable File] O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc[Caution: Executable File] -- End of file - 9767 bytes -- To the person above, I got rid of Antivirus XP just not these pop up things.. arrg. Its actually quite easy to get rid of Antivirus Xp, just used the programs I listed above it will be gone its just these trojan popups that won't go. Link to comment Share on other sites More sharing options...
reny06 Posted August 23, 2008 Share Posted August 23, 2008 My name is Ren or Kris and, Its not easy when you cant get an anti virus on your computer Link to comment Share on other sites More sharing options...
pryomancer Posted August 23, 2008 Share Posted August 23, 2008 In regards to your HJT log: O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager[Caution: Executable File]" AcPro7_0_9 -reboot 1 O2 - BHO: (no name) - {613C1E9B-077F-4679-006F-02197C172746} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) Run your scan again, and find those entries, select them and press the Fix button. One of them is installed by an adult site. I'm saying nothing. Link to comment Share on other sites More sharing options...
konzserwas Posted August 23, 2008 Share Posted August 23, 2008 Did you just tell him to get rid of ctfmon[Caution: Executable File]?!! dude, that's a system process Link to comment Share on other sites More sharing options...
Sbrideau Posted August 23, 2008 Share Posted August 23, 2008 Did you just tell him to get rid of ctfmon[Caution: Executable File]?!! dude, that's a system process ctfmon[Caution: Executable File] can be a virus/spyware/trojan/worm too. It has to be at the right place in the system folders to not be any of the things I mentionned earlier. If I know enough about HJT, I would think it's a trojan in this case. Link to comment Share on other sites More sharing options...
pryomancer Posted August 23, 2008 Share Posted August 23, 2008 I used a HJT analyzer for it, and it highlighted that with a red, which meant remove almost always. I looked up ctfmon, and it appears its a process linked with office xp. However the HJT analyzer said something about ctfmon32, which is malware. Link to comment Share on other sites More sharing options...
Mat Posted August 23, 2008 Author Share Posted August 23, 2008 pyro, what do you mean one of them is installed by a adult site..? lol. I have never in my life ever been on.. well except when i looked some of the strange stuff on a certain off topic thread but pretty sure i never went on a site, only looked on google images.. might have something to do with someone using this computer before... Link to comment Share on other sites More sharing options...
Mat Posted August 24, 2008 Author Share Posted August 24, 2008 no change.. :( Link to comment Share on other sites More sharing options...
Sbrideau Posted August 24, 2008 Share Posted August 24, 2008 Oops nevermind this post ;). Link to comment Share on other sites More sharing options...
Georgelemmons Posted August 24, 2008 Share Posted August 24, 2008 Ive got Antivirus XP 2008 aswell, I cant get rid of it and its stuffing around with my browser too I cant get onto any sites that include Anti Viruses This is really annoying! Why do people make pathetic programs like this! God Why do people never pay attention to what they download? Do some research, and never trust an antivirus software download until you can validate that it's malware free (use a computer tech site, or some software site that has reviews. Also, asking on TIF can be a big help :) ) Thanks to Uno for the awsome sig <3 Link to comment Share on other sites More sharing options...
Mat Posted August 29, 2008 Author Share Posted August 29, 2008 Ive got Antivirus XP 2008 aswell, I cant get rid of it and its stuffing around with my browser too I cant get onto any sites that include Anti Viruses This is really annoying! Why do people make pathetic programs like this! God Why do people never pay attention to what they download? Do some research, and never trust an antivirus software download until you can validate that it's malware free (use a computer tech site, or some software site that has reviews. Also, asking on TIF can be a big help :) ) And why do some people never do research before they speak? It is installed by itself, I never chose to install and I am guessing he did not choose to install it either.. It installs by itself. Link to comment Share on other sites More sharing options...
Georgelemmons Posted August 29, 2008 Share Posted August 29, 2008 Ive got Antivirus XP 2008 aswell, I cant get rid of it and its stuffing around with my browser too I cant get onto any sites that include Anti Viruses This is really annoying! Why do people make pathetic programs like this! God Why do people never pay attention to what they download? Do some research, and never trust an antivirus software download until you can validate that it's malware free (use a computer tech site, or some software site that has reviews. Also, asking on TIF can be a big help :) ) And why do some people never do research before they speak? It is installed by itself, I never chose to install and I am guessing he did not choose to install it either.. It installs by itself. It does not install by itself. Ads pop up saying that you're infected or whatever, and you have to click on them to download the virus, which then automatically installs itself after it's downloaded.. In no instance does it ever download and install itself without you doing something. I have had several of the pop-ups, and my computer is still virus free :) Thanks to Uno for the awsome sig <3 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now