Help!!

  • Thread starter Thread starter adrian palmer
  • Start date Start date
A

adrian palmer

Guest
Despite having both a firewall and an up-to-date anti-virus program running
on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have
run a virus scan through the antivirus software, and it has told me that I
have a trojan, and that it has removed it. However I keep getting a
Windows-type security pop-up saying that my firewall has detected a problem.
The pop-up seems suspicious and some of the wording doesn't seem consistent
with other windows msgs i've had before. My only option with this pop-up is
to download some software to remove it. This leads me to this website:

http://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a=

Has anyone heard of this? Are thety actually affiliated with Microsoft, and
will it remove the problem? I have downloaded the latest Mallicious Software
program and run it, which also tells me that I have a problem, but not really
what to do about it. CAn anyone help me please??
Adrian
 
Re: Help!!

From: "adrian palmer" <adrianpalmer@discussions.microsoft.com>

| Despite having both a firewall and an up-to-date anti-virus program running
| on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have
| run a virus scan through the antivirus software, and it has told me that I
| have a trojan, and that it has removed it. However I keep getting a
| Windows-type security pop-up saying that my firewall has detected a problem.
| The pop-up seems suspicious and some of the wording doesn't seem consistent
| with other windows msgs i've had before. My only option with this pop-up is
| to download some software to remove it. This leads me to this website:

| hxxp://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a=

| Has anyone heard of this? Are thety actually affiliated with Microsoft, and
| will it remove the problem? I have downloaded the latest Mallicious Software
| program and run it, which also tells me that I have a problem, but not really
| what to do about it. CAn anyone help me please??
| Adrian

You left out important details.
- What Trojan ?
- What file (fully qualified name and path) ?
- What anti virus application detected this ?





No, they aren't affiliated with Microsoft. In fact this looks like they are associated
with the crooks of RBN.

PCAntispy_Installer_eng.exe and PCCleanPro_Installer_eng.exe are basically the same.

http://www.virustotal.com/analisis/fc0d4be1c43a58ef4a1637546b0a26f9
http://www.virustotal.com/analisis/be2bf700ee9096b51a5ae639be1afdbc

AntiVir 7.8.1.34 2008.09.18 TR/Dropper.Gen
Ikarus T3.1.1.34.0 2008.09.19 Virus.Win32.Roodro
Webwasher-Gateway 6.6.2 2008.09.18 Trojan.Dropper.Gen

You are still infected. Old game, malware installs on PC, gets you to download so-called
anti malware to get you to pay for remover.


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Help!!



adrian palmer wrote the following on 9/18/2008 15:38:
> Despite having both a firewall and an up-to-date anti-virus program running
> on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have
> run a virus scan through the antivirus software, and it has told me that I
> have a trojan, and that it has removed it. However I keep getting a
> Windows-type security pop-up saying that my firewall has detected a problem.
> The pop-up seems suspicious and some of the wording doesn't seem consistent
> with other windows msgs i've had before. My only option with this pop-up is
> to download some software to remove it. This leads me to this website:
>
> http://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a=
>
> Has anyone heard of this? Are thety actually affiliated with Microsoft, and
> will it remove the problem? I have downloaded the latest Mallicious Software
> program and run it, which also tells me that I have a problem, but not really
> what to do about it. CAn anyone help me please??
> Adrian

Could it possibly be this Trojan-Spy.Win32.GreenScreen?
http://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/

I'm curious because I have a user who reported today his Windows
"firewall" warned of finding a problem.

Lance
*****
 
Re: Help!!

From: "Lance" <lltbhill@link_earth.net>



| Could it possibly be this Trojan-Spy.Win32.GreenScreen?
| hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/

| I'm curious because I have a user who reported today his Windows
| "firewall" warned of finding a problem.

| Lance
| *****

Lovely... SpyNoMore fraud/crap

He has a trojan which sends hime to a rogue anti amwlare siite and your reply, send hime
to another !

That site states if you want to remove something get the download [
Download_snm-2.67_swpl.exe].
That is a downloader downloads; snm-2.67_swpl.exe for SpyNoMore and here are the
results.

AntiVir 7.8.1.34 2008.09.18 PHISH/FraudTool.SpyNoMore.G.76
Arcavir 1.0.5 200809181409 2008-09-18 1.22
Riskware.Fraudtool.Spynomore.G
Avast 4.8.1195.0 2008.09.18 Win32:Spyware-gen
CAT-QuickHeal 9.50 2008.09.17 FraudTool.SpyNoMore.g (Not a Virus)
CP Secure 1.1.0.715 2008.09.19 2008-09-19 5.88
FraudTool.W32.SpyNoMore.g
Ewido 4.0 2008.09.18 Not-A-Virus.Adware.EShoper
Fortinet 3.113.0.0 2008.09.18 Misc/SpyNoMore
GData 19 2008.09.19 Win32:Spyware-gen
Ikarus T3.1.1.34.0 2008.09.19 Trojan.Hooker.31
K7AntiVirus 7.10.461 2008.09.18 not-a-virus:FraudTool.Win32.SpyNoMore.g
Kaspersky 7.0.0.125 2008.09.19 not-a-virus:FraudTool.Win32.SpyNoMore.f
Quick Heal 9.50 2008.09.17 2008-09-17 1.79 FraudTool.SpyNoMore.g
(Not a Virus)
Sophos 4.33.0 2008.09.19 SpyNoMore Installer
TheHacker 6.3.0.9.087 2008.09.18 Aplicacion/SpyNoMore.g

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Help!!


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...
> From: "Lance" <lltbhill@link_earth.net>
>
>
>
> | Could it possibly be this Trojan-Spy.Win32.GreenScreen?
> |
> hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/

Cut and paste from that URL:
"Trojan-Spy.Win32.GreenScreen is a melicious warning message"

....so, do I need anti-melware software now too?
 
Re: Help!!


"FromTheRafters" <erratic@ne.rr.com> wrote in message
news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...
>> From: "Lance" <lltbhill@link_earth.net>
>>
>>
>>
>> | Could it possibly be this Trojan-Spy.Win32.GreenScreen?
>> | hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/
>
> Cut and paste from that URL:
> "Trojan-Spy.Win32.GreenScreen is a melicious warning message"
>
> ...so, do I need anti-melware software now too?
>
>
You most certenly do! <wink>
 
Re: Help!!


"FromTheRafters" <erratic@ne.rr.com> wrote in message
news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...
>> From: "Lance" <lltbhill@link_earth.net>
>>
>>
>>
>> | Could it possibly be this Trojan-Spy.Win32.GreenScreen?
>> |
>> hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/
>
> Cut and paste from that URL:
> "Trojan-Spy.Win32.GreenScreen is a melicious warning message"
>
> ...so, do I need anti-melware software now too?

Only if you know a big green guy named MEL. Otherwise you are just
fine, young man. (G)

And David L. wears mittens when he types, so be gentle with him.

Kissies.......from the Great White North
>
>
 
Re: Help!!


"Heather" <figgyd@nospam.invalid> wrote in message
news:uZVECanGJHA.2580@TK2MSFTNGP05.phx.gbl...
>
> "FromTheRafters" <erratic@ne.rr.com> wrote in message
> news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...
>>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...
>>> From: "Lance" <lltbhill@link_earth.net>
>>>
>>>
>>>
>>> | Could it possibly be this Trojan-Spy.Win32.GreenScreen?
>>> |
>>> hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/
>>
>> Cut and paste from that URL:
>> "Trojan-Spy.Win32.GreenScreen is a melicious warning message"
>>
>> ...so, do I need anti-melware software now too?
>
> Only if you know a big green guy named MEL. Otherwise you are just fine,
> young man. (G)
>
> And David L. wears mittens when he types, so be gentle with him.
>
> Kissies.......from the Great White North

This wasn't a David L typo - it was the 'professional' software
company's "melicious warning message" removal program's
sales pitch.

Yeah - I'll trust software from a company that can't even run
a spellcheck on thier website text. I wonder if their EULA
has an "I except" button on it.

Reply should work.
 
Re: Help!!

From: "FromTheRafters" <erratic@ne.rr.com>


| "Heather" <figgyd@nospam.invalid> wrote in message
| news:uZVECanGJHA.2580@TK2MSFTNGP05.phx.gbl...

>> "FromTheRafters" <erratic@ne.rr.com> wrote in message
>> news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...

>>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>>> news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...
>>>> From: "Lance" <lltbhill@link_earth.net>



>>>> | Could it possibly be this Trojan-Spy.Win32.GreenScreen?
>>>> |
>>>> hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/

>>> Cut and paste from that URL:
>>> "Trojan-Spy.Win32.GreenScreen is a melicious warning message"

>>> ...so, do I need anti-melware software now too?

>> Only if you know a big green guy named MEL. Otherwise you are just fine,
>> young man. (G)

>> And David L. wears mittens when he types, so be gentle with him.

>> Kissies.......from the Great White North

| This wasn't a David L typo - it was the 'professional' software
| company's "melicious warning message" removal program's
| sales pitch.

| Yeah - I'll trust software from a company that can't even run
| a spellcheck on thier website text. I wonder if their EULA
| has an "I except" button on it.

| Reply should work.

ROFLOL !



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Help!!--solution here

Re: Help!!--solution here

Hi

Checkout........

What is Antispyware-reviews.biz hijacker?
********************************
Antispyware-reviews.biz is a browser hijacker that was designed to sell
rogue anti-spyware products (such as PcAntiSpyware). Antispyware-reviews.biz
may slow your computer and decrease internet connection speed. It can
secretly install dangerous spyware applications to steal private data and
track keystrokes. Antispyware-reviews.biz hijacker may also come bundled
with other applications.

Antispyware-reviews.biz behaviour:
**************************
Antispyware-reviews.biz may show popups
Antispyware-reviews.biz may secretly install spyware programs
Antispyware-reviews.biz may be difficult to remove
Antispyware-reviews.biz may recreate itself
Antispyware-reviews.biz may slow your PC

Antispyware-reviews.biz manual removal instructions:
****************************************
Start the computer in safe mode
Remove Antispyware-reviews.biz files and unregister files:
gtawclv.dll
gtawclv.dll
vjxwnn.dll
cfqbw.dll
fdpzgi.dll
vmlwp.dll
veptlh.dll
isfmdl.dll

Delete Antispyware-reviews.biz registry entires:
************************************
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
82C8422E-86A3-41C1-9F2E-094F7BF849E2
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
14B65C62-1F53-4B15-9476-5D697608536F
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
47EFD4AD-CB46-4549-B24B-CEE415394C56
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB
F4D76F09-7896-458a-890F-E1F05C46069F

--
Warm Regards
Kalyan



"adrian palmer" <adrianpalmer@discussions.microsoft.com> wrote in message
news:8E4B15AB-C2AB-4647-99A9-35DB6F1ACEB1@microsoft.com...
> Despite having both a firewall and an up-to-date anti-virus program
> running
> on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have
> run a virus scan through the antivirus software, and it has told me that I
> have a trojan, and that it has removed it. However I keep getting a
> Windows-type security pop-up saying that my firewall has detected a
> problem.
> The pop-up seems suspicious and some of the wording doesn't seem
> consistent
> with other windows msgs i've had before. My only option with this pop-up
> is
> to download some software to remove it. This leads me to this website:
>
> http://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a=
>
> Has anyone heard of this? Are thety actually affiliated with Microsoft,
> and
> will it remove the problem? I have downloaded the latest Mallicious
> Software
> program and run it, which also tells me that I have a problem, but not
> really
> what to do about it. CAn anyone help me please??
> Adrian
 
Back
Top