1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

JS:FakeWarn-E [Trj], please, please help!

Discussion in 'Malware Removal' started by SweetLD215, Sep 9, 2010.

  1. SweetLD215

    SweetLD215 Private E-2

    Hello,

    I am not sure what I did, but I got something called JS:FakeWarn-E [Trj], and I cannot do anything except use Mozilla. I tried clicking internet explorer and every website generates a windows security alert with a green shield at the bottom of the screen. I tried to run Ad-Aware, but can't. I tried to run Hi-Jack this, but can't. It'll pop up for a short second, then disappear, and give me an error alert. I can't even run regular applications like paint shop pro, Microsoft Word, etc. I'm assuming you need a HijackThis log or something of the sort, but I have no idea what to run since nothing works. Please help! I truly need a functioning computer since I have an online class to attend.
     
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

  3. SweetLD215

    SweetLD215 Private E-2

    Hi there. I went to that site, but it wants me to download ESET Smart Installer. I am able to download it but when I try to install, the computer thinks it is another security threat and kicks me out of the install. :(

    Is there anything else I can run online using Mozilla that doesn't need an install?

    I can't even do a system restore because it reads that as a security threat too.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  5. SweetLD215

    SweetLD215 Private E-2

    Safe mode was great! I was able to do a bunch of things.

    - I went through the add/remove programs and was able to remove the Viewpoint Media Player.

    - Then went to the java step and here is what I got...
    Computer will not uninstall either of the following:
    Java(TM) 6 Update 15
    Java (TM) SE Runtime Environment 6
    The error message says:
    "The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance."
    I also cannot install the latest version in safe mode which is the only way I would be able to install at the moment.

    -I ran CCleaner

    - I don't have Norton Antivirus but do have Avast; however, it doesn't work even in safemode. I think Avast may have a virus? I don't know if that's possible but it was just generating errors saying it couldn't run because of a virus.

    -I have Windows Vista
    Running on 32 bit Operating System
    Intel Core 2 Duo CPU E6550 @ 2.33 GHz (if any of that is helpful)

    -I made sure MSconfig is in normal setup mode.

    -I clicked the link and went through the list. I didn't see any of those items listed in my add/remove programs

    -I ran the Defogger program and it worked

    -I downloaded the Vista Cleaning products
    For Malewarebytes, I tried to find where to rename it from mbam-setup.exe to mb.exe, but I could not find that option.
    I got combofix.exe downloaded but it says that Avast is intereferring with it because Avast is still running. I checked and don't see anywhere that Avast is running. I even checked the task manager applications and processes and did not find it.
    RootRepeal gave me this error: "Error - FOPS DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000 100)" But it looks like it is working anyways.

    -Disabled User Account Control

    I ran SUPERAntiSpyware but I don't see a log saved to attach. It did find issues and I followed the instructions on the forum to get rid of everything though.

    I ran Malwarebytes and attached the results.

    I ran HijackThis and attached the results

    I have a zipfile of MGlog and attached that as well.


    I couldn't run the RootRepeal. I got this error
    DeviceIoControl Error! Error Code = 0x0

    The security error doesn't keep popping up, but Internet Explorer does not seem to work. It will only direct me to the mypoints search page. I can't go to google or any other page. Even if I type the web address in directly, it simply diverts me back to my mypoints search page.
    Also, should I get rid of Avast?
     

    Attached Files:

  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Try and complete my instructions in normal mode from now on if possible.

    Uninstall the below outdated java:

    • Java(TM) 6 Update 15
    • Java(TM) SE Runtime Environment 6

    Mirar <--- uninstall this crap.

    Mozilla Firefox (3.0.19) <--- Update this!

    If you did not deliberately set this proxy yourself then please include it in the HJT fix below:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    Now I would like for you to run a FRESH version of ComboFix, the one you have on your desktop is outdated.

    Download the new version, let it overwrite the old, and run it as per the instructions in the Read and Run Me First.

    Rescan with SUPERantispyware and attach the log regardless of whether it found anything or not.

    Run CCleaner.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.


    Tell me how things are running?
     
  7. SweetLD215

    SweetLD215 Private E-2

    I was able to uninstall both Javas once in regular mode.
    I can't get Mirar to uninstall by using the Add/Remove program feature in the Control Panel. Is there any other way to get rid of it?

    I updated Firefox, and at first, it would not work due to some issue with the proxy settings. I went to Tools, Network, Connection settings, and switched for "use proxy settings" to "Auto detect proxy settings for this network" and that got it to connect to the internet. Hopefully that's alright.

    I've attached log files for ComboFix, Avenger, MGlogs, and SuperAnti Spyware

    The computer seems to be doing really well. Internet Explorer even works! =) You are amazing!

    I do have a question - should I get rid of Avast or is it a good program?
     

    Attached Files:

  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Apologies for the slight delay in a response, very busy weekend at work.

    Yes, try using Your Uninstaller!

    You mentioned:
    Is this still the case? You could always uninstall and re-install to be on the safe side. Actually, looking at your logs you are using an outdated version of avast anyway. Avast 5 is the latest. So uninstall it, then carry out my instructions, and only reinstall after we are finished.

    Before we continue I need for you to get combofix.exe directly onto your desktop and NOT in the below location:
    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::
    
    Driver::
    ASKService
    ASKUpgrade
    Viewpoint Manager Service
    WPRO_40_1340
    
    File::
    c:\windows\system32\drivers\WPRO_40_1340.sys
    c:\windows\TEMP\TMP000000A9AC736B62FEDE478B
    c:\windows\system32\WPRO_40_1340woem.tmp
    
    Folder::
    c:\program files\AskBarDis
    c:\program files\Viewpoint
    C:\Users\New Account\AppData\Local\Temp\FCTB000060497
    c:\users\New Account\AppData\Local\xyatrbsfy
    
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Install the current version of avast.

    Let me know if things are still running okay.
     
  9. SweetLD215

    SweetLD215 Private E-2

    Hi there,

    I haven't gotten to do this stuff yet (been insane at work and at school) but hopefully I'll be able to run these things tomorrow =)
     
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No problem, I will be here floating about somewhere.
     
  11. SweetLD215

    SweetLD215 Private E-2

    Hello,

    Ok I followed your instructions. I installed the Your Uninstaller and I think it worked in getting rid of Mirar. It was a bit confusing because it gave me an error (I had the error typed up, but when I ran ComboFix, it rebooted and I lost what I typed since I didn't save it). It basically said it couldn't find it, but then it asked if I wanted to continue uninstalling since it didn't finish. I think that did the trick.

    I also installed the right combofix and got it on my desktop, and ran the MGtools. I've attached the logs.

    My computer seems to be running properly now. Hopefully all the bad stuff is gone. =)
     

    Attached Files:

  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi.

    Now we need to use ComboFix again
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::
    
    Driver::
    WPRO_40_1340
    
    File::
    c:\windows\system32\WPRO_40_1340woem.tmp
    c:\windows\system32\drivers\WPRO_40_1340.sys
    
    Folder::
    C:\Users\New Account\AppData\Local\temp\FCTB000060497
    C:\Users\New Account\AppData\Local\temp\Low
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    You need to install AV.
     
  13. SweetLD215

    SweetLD215 Private E-2

    Hi there,

    I followed your instructions and attached the two logs.

    What is AV? Is that Avast? If so, I did install it.
    It is the avast! Free Antivirus
    Program version: 5.0.677
    Virus definition version: 100918-1

    Is this the right one?
     

    Attached Files:

  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, so you did, I missed it. Too tired and back from work now. I'll review those last logs tomorrow after work. :)
     
  15. SweetLD215

    SweetLD215 Private E-2

    Ok, sounds great. Thank you so much!
     
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  17. SweetLD215

    SweetLD215 Private E-2

    Hi there!

    I followed your instructions. Hopefully my computer is good now. *crossing fingers*
     

    Attached Files:

  18. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Could you please go to VirusTotal.com and upload the following files for analysis:

    • C:\Windows\System32\WPRO_40_1340woem.tmp

    Could you please get this: WPRO_40_1340woem.tmp into a zipped file and attach it for me in your next post? To do this, see the below:

    Please go to start > Run and paste in the following:

    log retrievable @ C:\collect.zip


    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Don't forget the collect.zip and the VT results.
     
  19. SweetLD215

    SweetLD215 Private E-2

    Hi there!

    I'll follow the steps when I get home this evening. You mentioned the ATF Cleaner is only for Windows XP and 2000. I run on Windows Vista, unfortuantely. Does this mean I should not do that step?
     
  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    *slaps head* yes, my bad. Run Ccleaner. You have alot of temporary files that should be flushed out.
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds