Popup Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by Black Widow, Jun 15, 2008.

  1. Black Widow

    Black Widow Private E-2

    Hi,

    I've recently been on the recieving end of an irritating malware that I cannot seem to rid myself of. The only effect on my system seems to be that, whenever I attempt to access any of the files through my Windows Explorer, a popup with the following appears:

    'Attention, <Name>! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!'

    I'm then presented with a yes and a no button. Obviously I'm declining to download the software, but pressing the no button takes me to the following URL

    Unfortunately, I'm far from an expert in the world of computing and this popup is beginning to drive me insane. Any help that you could offer would be greatly appreciated!

    I was first alerted to the presence of something wrong on my computer when I noticed a process called ITUN~KA2.EXE taking up about thirty percent of my resources. I'm not actually sure if this process is related to my current problem, but I've been unable to find much information about the process on the internet.

    Thank you very much for any help you can offer!
     
    Last edited by a moderator: Jun 15, 2008
    Black Widow, Jun 15, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Last edited by a moderator: Jun 15, 2008
    TimW, Jun 15, 2008
    #2
  3. Black Widow

    Black Widow Private E-2

    Apologies for not reading that thread first. I've just finished the 'READ & RUN ME FIRST' list and am attatching the relevant logs.

    Thanks again!
     

    Attached Files:

    Black Widow, Jun 17, 2008
    #3
  4. Black Widow

    Black Widow Private E-2

    And the final log.
     

    Attached Files:

    Black Widow, Jun 17, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not too bad.....let's just do this:

    If you haven't already, please disable the Guest account in User accounts.

    Please use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 2

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\%username%\Local Settings\Temp

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Jun 17, 2008
    #5
  6. Black Widow

    Black Widow Private E-2

    Thanks again for all your help, I'm sure there are many more things you'd rather be doing than helping us fools that they've (for some unknown reason) allowed onto the internet! :)

    New MG log attached.

    P.S. Should I delete any of my old logs?

    Thanks!
     

    Attached Files:

    Black Widow, Jun 17, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet......one last thing:

    Run thisDisable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2. Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Jun 18, 2008
    #7
  8. Black Widow

    Black Widow Private E-2

    You've been an outstanding help TimW, I can't thank you enough.

    I've just got one final question: I've uninstalled CF and MG, but do Spybot, CCleaner and MalwareBytes require an uninstallation process? Or can I simply delete the setup/executable files from my desktop?

    Thanks.
     
    Black Widow, Jun 18, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    All of them will be in your add/remove programs list and can be uninstalled that way (recommended).

    Frankly, I keep CCleaner and Malwarebytes..both good programs to have on hand. :)
     
    TimW, Jun 18, 2008
    #9
  10. Black Widow

    Black Widow Private E-2

    Excellent, well I'll take your advice and keep those two on my computer then, as I'm sure you know more about all this than I do (after seeing you merrily clean my computer)!

    Thanks for all your help, It's made a drastic difference to the state of my computer and everything seems to be running far more happily now; plus, I've the peace of mind of knowing that (at least for the time being) I'm pretty much clear of malware!

    Rest assured, I'll be reccomending this site to anyone with Malware/Trojan/Virus issues in the future (though who knows if that's a desireable circumstance for you guys :p)!

    You do a wonderful job and I commend you for doing it free of charge and out of your own personal time.

    Let's hope that my future posts on this forum are more recreational and light-hearted than my previous ones.

    Thanks again!
     
    Black Widow, Jun 18, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are very welcome......safe surfing. :)
     
    TimW, Jun 18, 2008
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds