Buy BUy -anit virus software...fake pop ups

butterknifeninja · Dec 5, 2007

I down loaded a tool bar and it came with a pop up that comes up on line and off, telling me that my computer is infected and I should buy this anitvirus software.
So I did some reasearch and tried to correct it myself. I am left with the pop up being displayed only when I am on line, it is displayed just under my tool bar.
I'm not sure whick of the hijack this scan results need to be deleated to get rid of this.
Please help.

abri · Dec 5, 2007

Hi butterknifeninja!
Welcome to Major Geeks!

Please follow the instructions and links in the Read & RUN ME FIRST taking care to follow those instructions for your operating system. When you finish, a set of zipped logs will be produced for you to upload to us. Some of these steps should help with your symptoms and then we can look for what remains to be done from the information you post to us.

abri

butterknifeninja · Dec 6, 2007

I am new at doing this, but believe I've gotten rid of most of the problems. The only thing I am haveing trouble with now is the pop up online saying I should run the program and buy it located at the top of the internet page. It only come up now and then.
I have run another scan, I'm just hoping I have not deleated anything important..he he.

chaslang · Dec 7, 2007

You need to follow the instructions that Abri already gave to you so that we can help you. Those instructions do not ask for a HijackThis log. They do ask for the below logs:

ComboFix

AVG AntiSpyware

MGlogs.zip

Those are the logs that you need to attach.

butterknifeninja · Dec 7, 2007

I am still having the problem of a pop up
( Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware...)
displayed under my toolbar.
I have attached the scans from ComboFix and MSGlogs.zip, when I did the scan with AVG, it detected 4 cookies, when I went to try to save a copy a blank screen came up not displaying the results. I thought I had done all of the steps but because nothing came up I am unsure.

chaslang · Dec 7, 2007

Please be more careful following instructions in the future. You ran MGtools.exe from here:

C:\Documents and Settings\Rebecca\My Documents\MGtools.exe

The instructions specifically say that you need to put it in the root folder of your Windows drive. The below is a quote from the READ ME.

MGtools.exe - DO NOT DOWNLOAD THIS TO YOUR DESKTOP! It is critical that you save this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading)
Click to expand...

You were lucky this time, you may not be so lucky the next time.

Also you are running Spybot's Teatimer which the instructions specifically request that you not run.

Now Disable Spybot's TeaTimer

Run Spybot and click Mode

Select Advanced Mode.

Then click Tools and select Resident.

Now in the right window pane, uncheck TeaTimer.

Also while this is open, in the left column now select IE Tweaks

and then in the right pane make sure all the Miscellaneous locks are unchecked.

Now quit Spybot!

Now uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: OFK System - {CD592DBF-7138-4805-A93B-B9491B6E53FC} - C:\WINDOWS\vipextmdx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop

Run avenger.exe by double-clicking on it.

Check the 'Input script manually' box.

Click on the magnifying glass icon.

Copy everything in the Quote box below, and paste it in the box that opens:

Files to delete:
C:\WINDOWS\vipextmdx.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD592DBF-7138-4805-A93B-B9491B6E53FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.bgsp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.ToolBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin
Click to expand...

Now click the 'Done' button.

Click on the traffic light icon and OK the prompt.

You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.

A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

Log in or Sign up

Buy BUy -anit virus software...fake pop ups

butterknifeninja Private E-2

Attached Files:

hijackthis.log

abri MajorGeek

butterknifeninja Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

butterknifeninja Private E-2

Attached Files:

ComboFix.txt

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member