Hi,

I kept getting the following popups:

a) Windows Security Alert
Your computer is making unauthorized copies of your system and Internet files. Run scan now to prevent any unauthorised access to your files! Click here to download spyware remover...

If I click on the YES button to download the spyware remover (I'm not logon though), the browser would bring me to hxxp://go.winantivirus.com/MTY2NjU=/2/6018/ax=1/ed=1/ex=1/455/

Is this site to be trusted? How can I get rid of this popup?

b) URGENT!!! Windows Security Notification!
2953 Privacy Violations Found! Click here to download and install software to eliminate them!

If I click to download, the browser would go to hxxp://go.privacyprotector.com/.......


c) Warning: possible malware infection!
Malware files are detected on your computer! It's strongly recommended to scan your system immediately in order


d) Your computer is infected!
Windows has detected spyware infection!
It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

If I click where it instructed, the browser goes to the hxxp://go.winantivirus.com/MTY2NjU=/2/6018/ax=1/ed=1/ex=1/455/

I've tried using the spybot to check problems and to fix them but after rebooting the system, the errors appear again.

What has happened to my system and What should I do? :sad: Thanks!

Hi, welcome to Safer Networking!

Please click Here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Hi,

I'm actually using another computer to post my thread. The supposedly infected computer is not accessible to the Internet and 1 thing I noticed is that Control Panel and 'Safely Remove Hardware' are inaccessible.

Can I download the Hijack... based on your advice and run it on the infected computer?

Thx!

Hi,

Looks like I can run the HJTInstall on the infected computer.

Btw, when I run the Spybot check problems, it kept identifying the problem as:

Microsoft.Windows.Explorer
User Settings
HKEY_USERS\S-1-5-21-1957994488-220523388-682003330-1124\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel!=W=0

Even after fixing this problem, when I reboot the system and do a check problem using Spybot again, the same problem will re-surface.

Will get the log shortly. Thanks!

Hi,


I'm actually using another computer to post my thread. The supposedly infected computer is not accessible to the Internet and 1 thing I noticed is that Control Panel and 'Safely Remove Hardware' are inaccessible.

Can you please describe it more thoroughly? Does it give an error? Can you see it?


Can I download the Hijack... based on your advice and run it on the infected computer?

Yes, that's how it should be done

Ah, I see now. It's a system policy that has been changed (probably by malware) in your registry. We'll fix that as soon as I get a HijackThis log.

Moshi, you still there?

Due to inactivity this thread is now closed:spider:

If you wish to reopen this thread, please send me or a moderator a private message (pm). Please include a link to this topic.

This only applies to the original topic starter. Everyone, please start a new topic.