Generic FakeALert.b

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by leetm024, Jan 11, 2008.

  1. leetm024

    leetm024 Private E-2

    Hi-
    I am new to Major Geeks (recommend by a friend). I have McAfee which said it found and removed the Generic FakeAlert.b..but I have a flashing question mark shield in the notification area on my task bar. It keeps popping up a "system warning". I tried reading KingSteve612 thread...and started to do what was told there...but when I rebooted in safe mode and looked in system32 to change the files from dll to ddd...none of the files listed in that thread were in my system32? Can someone help me get rid of this?
     
    leetm024, Jan 11, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!

    As many malwares change the files they use to random ones, the fixes posted for others many not work for you, so please do run the below,



    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    DavidGP, Jan 12, 2008
    #2
  3. leetm024

    leetm024 Private E-2

    What do you mean by attach requested logs?
     
    leetm024, Jan 13, 2008
    #3
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi


    When you read and go through the Removal Guide, at various steps within it you will run scans which will generate some logs, these logs will need to be attached to one of your posts in this thread. What these logs show the malware experts here where the malware is located on your PC, what files its infected.

    So logs that you will get to attach are:

    MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
    AVG
    Combofix logs.

    [​IMG]

    Some guidance on HOW TO: Attach Items To Your Post


    After these are attached our malware experts will review these to see if your OK, if not they will issue you some further removal instructions,
     
    DavidGP, Jan 13, 2008
    #4
  5. leetm024

    leetm024 Private E-2

    Thanks...I have tried all the steps in the removal guide...but the flashing shield icon still remains next to the time in the lower right corner of the computer. It periodically flashes a "System Warning" saying: "System Alert: System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution". This then takes you to an Internet Explorer site...which I have not downloaded anything from. This does not seem to be affecting the performance of my computer.....I am able to use all applications on my system. It is just annoying that it keeps popping up the system warning. Attached are the logs you needed....except for the AVG Anti-spyware report. When this was done...I went to the reports tab and it said there were no reports??
     

    Attached Files:

    leetm024, Jan 13, 2008
    #5
  6. leetm024

    leetm024 Private E-2

    Have not heard back from you since my last post on the results? Any word on a solution?
     
    leetm024, Jan 17, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the instructions in the below link and be sure to attach the 2 requested logs exactly when requested:

    Removing Zlob aka SmitFraud, SpySheriff, Infections



    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.


    Make sure you tell me how things are working now!
     
    chaslang, Jan 17, 2008
    #7
  8. leetm024

    leetm024 Private E-2

    Do you think this will finally get the flashing shield and system warning that pops up off my system? I will run these instructions tonight after work or tomorrow and let you know.


     
    leetm024, Jan 18, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! Once you run SmitFraud fix and we complete any additional required manual steps afterwards, your problem will be gone.
     
    chaslang, Jan 18, 2008
    #9
  10. leetm024

    leetm024 Private E-2

    Great...thanks. I will let you know when I am done with these next steps.


     
    leetm024, Jan 18, 2008
    #10
  11. leetm024

    leetm024 Private E-2

    Here is the rapport.txt

     

    Attached Files:

    leetm024, Jan 19, 2008
    #11
  12. leetm024

    leetm024 Private E-2

    Here is the rapport.txt after the cleaning section. It never prompted me to replace infected file..guess it did not find one? But after running these steps and rebooting info normal mode the flashing shield icon is gone. So I guess this worked. Unless you know of anything else I need to do....I believe you have helped me! Thank you so much!


     

    Attached Files:

    leetm024, Jan 19, 2008
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You forgot part of what I requested in msg # 7


     
    chaslang, Jan 19, 2008
    #13
  14. leetm024

    leetm024 Private E-2

    Sorry about that...here you go.

     

    Attached Files:

    leetm024, Jan 19, 2008
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below old versions of software:
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_05

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - C:\WINDOWS\system32\qhcvdw.dll (file missing)

    After clicking Fix, exit HJT.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.


    Make sure you tell me how things are working now!
     
    chaslang, Jan 20, 2008
    #15
  16. leetm024

    leetm024 Private E-2

    Ran this latest thread of yours...here is the mglog you requested. Let me know if there is anything else. If there is not...can I delete the files/downloads off my desktop you had me do?
     

    Attached Files:

    Last edited by a moderator: Jan 20, 2008
    leetm024, Jan 20, 2008
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean.


    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN
      • Now type combofix /u in the runbox and click OK.
      • Note: The space between the X and the /U, it must be there.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    7. If we had you run Avenger, you can delete all files related to Avenger now.
    8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
    9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    12. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    13. After doing the above, you should work thru the below link:
     
    chaslang, Jan 20, 2008
    #17
  18. leetm024

    leetm024 Private E-2

    Thanks for all you help!
     
    Last edited by a moderator: Jan 21, 2008
    leetm024, Jan 20, 2008
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     
    chaslang, Jan 21, 2008
    #19

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds