Windows spyware infection popup notice!

Compaq / Presario 4850 mod 6.5gb d...
February 6, 2010 at 07:22:58
Specs: Microsoft Windows XP Professional (Version 5.1.2600 Build 2600) Compaq 686X1, 8/12/1997, 128MB -?-
I need help, but please pardon my ignorance (newbie). I am receiving non-stop popup messages from two different red, round, button-type icons with a white "X" in the center of them at the bottom bar (that shows what apps. are running?-I guess). Both icons are identical and each one's popup message is identical and alternates back and forth at about 1 second apart. The message reads: "Your computer is infected! Windows has detected spyware infection! It is recommended to use special antispyware tools to prevent data loss. Windows will nowdownload and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!" -- That's fine, but when I click there, nothing happens & the messages keep popping up. Earlier, I posted a message (#65908.html - subcategory: General) about being hijacked by:"somewebspace.com" and "PestTrap" (I have yet to receive a reply) but these popup notices from Windows were not appearing then. They started popping up after I went into "my computer", "local disk (C)" and clicked on "properties" for two windows application icons I saw. One was titled: "antivir" and the other: "anr0008". It was immediately after I clicked on those icons that these popup messages started to appear (and now won't go away). What in the name of the worldwideweb do I need to do to fixit? I appreciate your help and your bearing with my ignorance.

See More: Windows spyware infection popup notice!

Report •

#1
February 6, 2010 at 07:45:46
You may need to download these to a cd, external drive, or usb drive and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.

Rkill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate it . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
February 6, 2010 at 09:01:31
I downloaded rkill to my desktop. double clicked it to run and i get a message from Microsoft that says "pev.rkexe has encountered a problem and needs to close. We are sorry for the inconvenience." While that message was on the screen, i double clicked on rkill again, and i get the following message from notepad.


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Robert Chester on 02/06/2010 at 10:52:59.


Processes terminated by Rkill or while it was running:


Rkill completed on 02/06/2010 at 10:53:01.

The link at bleepingcomputer.com offered to remove all spyware. should i do this?


Report •

#3
February 6, 2010 at 09:19:20
That just means that Rkill did its job.

We just need the Malwarebytes log. Run malwarebytes and if itneeds to reboot to terminate the baddie allow it to reboot and post the Malwarebytes log. Then run Rkill after malwarebytes runs and do the following.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

Related Solutions

#4
February 6, 2010 at 13:52:54
Well, I got to the point of installing "tool.exe" but unable to install the program due to another mess I'm in...A friend of mine was working on my computer and changed the username and password on the administrator account. Unfortunately he was drunk and now can't remember what he changed it to (no kidding-he knows the username, but can't remember the password). He subsequently set up a "user" account without administrator's priveleges and I have been working out of that account ever since. This took place such a long time ago that I don't even remember what the original username and password was in the first place! I tried restarting the computer while holding down on the "F8" key, but I'm getting a choice between the administator or guest account and I can't choose the administrator account because it wants the password (God forbid). Am I totally f.u.b.a.r.? I really do appreciate your help with this mess I'm in!

Report •

Ask Question