Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: New quarantine appearance - Trojan.FakeAV.NMi

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default New quarantine appearance - Trojan.FakeAV.NMi

    Completion of full scan on this machine usually produces list of "unthreatening" items - I read quickly, ignore and monthly empty quarantine after a glance.
    Windows XP Home, V.2002, SvPk 3 updated. Spybot,SuperAntiSpyware, Vipre 2013 Anti-virus all run regularly.
    TROJAN.FakeAV.NMI appeared 2 days ago - I don't think it should even have gotten into quarantine as I have settings I thought
    blocked and deleted such things. Obviously I don't.

    It is quarantined. Should I delete it? If it appears again what should I do. Any advice I'm not smart enuf to ask for?

  2. #2
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default CORRECTION: SHOULD HAVE READ: TROJAN.FakeAV.NMl (not i)

    Quote Originally Posted by WHONOZEABOT View Post
    Completion of full scan on this machine usually produces list of "unthreatening" items - I read quickly, ignore and monthly empty quarantine after a glance.
    Windows XP Home, V.2002, SvPk 3 updated. Spybot,SuperAntiSpyware, Vipre 2013 Anti-virus all run regularly.
    TROJAN.FakeAV.NMI appeared 2 days ago - I don't think it should even have gotten into quarantine as I have settings I thought
    blocked and deleted such things. Obviously I don't.

    It is quarantined. Should I delete it? If it appears again what should I do. Any advice I'm not smart enuf to ask for?
    CORRECTION: The item appearing was; TROJAN.FakeAV.NMl (original submission said NMi)

  3. #3
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default Update - aug.8 search results - definite virus recognition -what do i do?

    Quote Originally Posted by WHONOZEABOT View Post
    CORRECTION: The item appearing was; TROJAN.FakeAV.NMl (original submission said NMi)
    If reader cannot tell, I am utterly confused with this SpyBot forum process. What I do know is"

    Spybot AV identified a virus clearly today as follows: (HERE ARE THE LINE ITEMS ON THE AV SCAN REPORT:

    Trojan.FakeAV.NMI

    Executable

    C:\System Volume Info\_restore{BEE3A94B-B755-457B -A573-F68398179D8}\RP67w\A0144573.exe

    This info is in my Quarantine file; I have not clicked on the "fix" function.

    I haven't the slightest idea how to handle this - and I have read everything I can from SpyBot.

    Do I delete? Is there another step first?

    I will not use this PC until this is dealt with.

    Thank you for assistance.
    Last edited by tashi; 2013-08-09 at 00:00. Reason: Moved from the malware forum

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello WHONOZEABOT,

    I will leave a note for one of the detectives to advise regarding the actual detection.

    When something is in quarantine it is inactive. How is the computer running in general, any issues?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default

    Quote Originally Posted by tashi View Post
    Hello WHONOZEABOT,

    I will leave a note for one of the detectives to advise regarding the actual detection.

    When something is in quarantine it is inactive. How is the computer running in general, any issues?

    Best regards.
    Thank you - I knew it was "harmless" left alone; I've always proceeded with other security programs to follow their delete or don't delete recommendation, but couldn't find anything to tell me what was the correct course.

    I was surprised to find it showing up, frankly, as I am running the SpyBot Pro version - but that may be something I'm doing or not - I keep AV/AM on (it seems to shut itself down). I haven't seen or found a Trojan on this machine in 2 or 3 years; may have opened something inadvertantly.

    Given the time I put into keeping machine secure, cookie and malware cleaned, and the discipline I've gradually learned to use to pare back my start-up list, I'm surprised on the machine being slower that early days, but I can't say I'm having problems. I use Secunia for updates, and do spot clean with CCCleaner and WinClean, the former mostly to reduce the advertising cookies I never seem to keep out.

    thank you for your assistance.

  6. #6
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default waiting for "detective"- Mentioned in tashi response of August 8

    I am waiting for "detective" to follow up tashi response. Trojan sits near end of every full

    scan - I "fix" the rest and am leaving it alone until advised.

    I guess the best answer to tashi on computer running is, in general, it is. Not as fast as I've had it run before, and
    I keep zip on it - oddly erratic on archiving of Google emails but Google keeps changing things that don't need changing but may need fixing when they are thru - so I don't blame that on a Trojan. this machine is scanned twice a day, once AV/AM, once pure Malware with spot checks to clear cookies and garbage out using CCleaner - for the amount of work I put into it, it should run faster - the start-up menu is bare-bones, etc. I use no social networks, no video, few photos, mostly mail and general search and it still seems to
    be slow - lots of trouble with MS UPdate but that seems to be nothing unusual and their Mr. Fixit is useless.

    I would just like to know I've kept it secure so it'll run - thank you.

    WHAT DOES IT MEAN "MOVED" WHEN I ENTERED MY THREAD -? WHERE AND WHY? I could not find anything in the FAQ specific enough to make that understandable.


    Quote Originally Posted by tashi View Post
    Hello WHONOZEABOT,

    I will leave a note for one of the detectives to advise regarding the actual detection.

    When something is in quarantine it is inactive. How is the computer running in general, any issues?

    Best regards.
    Last edited by WHONOZEABOT; 2013-08-11 at 05:29. Reason: forgotten question

  7. #7
    Member of Team Spybot micha's Avatar
    Join Date
    Oct 2005
    Posts
    31

    Post

    Hallo WHONOZEABOT,
    try booting your computer into Safe Mode, then run Spybot, try to remove these items and boot your computer again.

    How to Start Your Computer in Safe Mode:

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode with Networking menu item
    • Press Enter.


    Best regards.

  8. #8
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default Continued unsolved TROJAN.FAKEAV.NMI removal issue

    My thread on this topic was moved, presumably by Tashi, who answered most of my questions, but said a "detective" or some such would
    assist with malware issues and, I presume, how I remove this. It sits in quarantine and I know you'll say it can do no harm - but why keep it there and
    run risk I delete it when I shouldn't - I'm no expert but I don't believe you'd tell me to keep it there for the life of this machine (or my life).

    I ask other questions but this is the most concerning one. I don't know where my thread is now - I"m sure I didn't need to post new thread but
    I could find nothing as far as I went in FAQ that told me how to find a thread that had been moved. thank you

    Is there anyway I can get email notice when threads are responded to ? I thought there was but again didn't have an hour find out how and where.\
    I did the "subscribe to thread" and I did not check box to confine response to Forum, but I received no notice.
    Last edited by tashi; 2013-08-15 at 18:20. Reason: Moved from the malware forum and merged

  9. #9
    Junior Member
    Join Date
    Mar 2013
    Posts
    10

    Default

    Quote Originally Posted by micha View Post
    Hallo WHONOZEABOT,
    try booting your computer into Safe Mode, then run Spybot, try to remove these items and boot your computer again.

    How to Start Your Computer in Safe Mode:

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode with Networking menu item
    • Press Enter.


    Best regards.
    I HAVE NOT BEEN ABLE TO REMOVE TROJAN.FakeAVE.NMI shown as executable C:\SystemVolumeInfo\_restore{huge number here
    which I have recorded} then column info is file Viruses Rule=SpybotAV

    Please note carefully:

    I have two administrator approved users: here are my step-by-step actions:
    Using Safe Mode and SpyBot, I opened Scan results, scrolled down to last item (the Trojan virus) and was surprised to find
    two in that listing, each dated June 8,2013 5 or 6 seconds apart. I used Spybot to delete both.
    I then went to Administrator II, and this time found no virus.
    I exited, re-booted and opened in the usual way.

    Virus was still in Admin I - I deleted it with the normal check and fix-checked method.

    When I used the machine next, I found it had re-appeared. I deleted it within SAfe Mode.

    The next time I used Admin I or II it was not there. I closed the machine for that day.

    I opened the machine this AM and it is there again.

    I have thus used the safe mode method and the regular method and it still appears as I described in the beginning of this reply.

    WHAT DO YOU WANT ME TO DO NEXT? Tho despite best efforts machine is slower, the odd thing is I do not use Internet Explorer
    in either Admin account, yet Admin II, particularly, shows 35-40 cookies every time and Admin I something like 26. Why do I have cookies in a program I don't use (it is on the machine as it is Windows XP Home - but I use Google, Chrome for any function I might have once used IE for.

    Do you want me to send you the long locator number? It is followed by \RP672\AO144573.exe

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello WHONOZEABOT,
    Quote Originally Posted by WHONOZEABOT View Post
    WHAT DOES IT MEAN "MOVED" WHEN I ENTERED MY THREAD -? WHERE AND WHY? I could not find anything in the FAQ specific enough to make that understandable.
    It means you started a new topic and it was moved and merged with your open thread.

    There is an edit at the bottom of the post, for instance,
    "Last edited by tashi; Aug 15th, 2013 at 09:20 AM. Reason: Moved from the malware forum and merged"

    Quote Originally Posted by WHONOZEABOT View Post
    Is there anyway I can get email notice when threads are responded to ? I thought there was but again didn't have an hour find out how and where.\
    I did the "subscribe to thread" and I did not check box to confine response to Forum, but I received no notice.
    Members can keep track of their threads and choose how to be notified about updates. Subscriptions

    Please upload the suspected file to VirusTotal to recheck and verify the scan result with different engines, then let us know the result please.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •