PDA

View Full Version : Ideas on removing WorldSecurityOnline.fake alert?


katzencm
2007-10-19, 01:41
Please help me. I downloaded new SPYBOT and ran scan. Ot found subject file but shuts down (5 times at least) everytime it tries to remove it. Ran scan in safe mode and it found nothing. Cannot delete this file at all. Other scans show more viruses that don't come up in SPYBOT. Also now Windows Security Center will not let me turn on virus protection. It was on before I upgraded to 1.5. Can anyone help me fix this?

Total number of scanned objects: 60215
Number of viruses found: 4
Number of infected objects: 6
Number of suspicious objects: 3
Duration of the scan process: 00:39:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is lockedskipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{54607B0D-2771-44A0-ACB3-20AB94CF88C0}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search Destroy\Recovery\ZlobVideoActiveXObject.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-17_Log.ALUSchedulerSvc.LiveUpdate Object is lockedskipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4e82c551.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4e82c551.zip ZIP: infected - 1skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-1262c766.zip/HiPointInstallShieldRT.classInfected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-1262c766.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cindy\Cookies\index.datObject is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\History\History.IE5\index.dat Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\History\History.IE5\MSHist012007101720071018\index.dat Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cindy\Local Settings\Temp\History\History.IE5\index.datObject lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\laf2CB.tmp_tobedeleted_tobedeletedInfected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.cskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.datObject is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\~DF985.tmp Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\~DFEB29.tmp Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\~DFF7FC.tmpObject is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskipped
C:\Documents and Settings\Cindy\NTUSER.DAT Object is lockedskipped
C:\Documents and Settings\Cindy\ntuser.dat.LOGObject is lockedskipped
C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\BD7RB416\deliver46860[1].htmSuspicious: Exploit.HTML.Mhtskipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is lockedskipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is lockedskipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{51267417-B33C-4783-A2FB-CCFAFA2247D8}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\KATZENBACH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F91D23A0-A8C1-421C-BBFB-23B98A14C33C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_cF3SnRdZCmbwouq Object is locked skipped
C:\WINDOWS\Temp\mcmsc_darqoxYFP0y9qTx Object is locked skipped
C:\WINDOWS\Temp\mcmsc_jiYfqEyWsIY24ys Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ryQmLYiyGwWoWZf Object is locked skipped
C:\WINDOWS\Temp\ZLT01b40.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT038bb.TMP Object is locked skipped
C:\WINDOWS\Temp\{FCF1FFA1-7C9F-6FF0-DF3B-C5FA8F07EB7D}-laf2CB.tmp Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:50 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
katzencm
2007-10-19, 15:02
The actual file is worldsecurityonline.fake alert. Can anyone help me?
katzencm
2007-10-19, 15:34
Please help me. I downloaded new SPYBOT and ran scan. it found subject file but shuts down (5 times at least) everytime it tries to remove it (Not overheating). Ran scan in safe mode and it found nothing. Cannot delete this file at all. Other scans show more viruses that don't come up in SPYBOT. Also now Windows Security Center will not let me turn on virus protection. It was on before I upgraded to 1.5. Can anyone help me fix this?

Total number of scanned objects: 60215
Number of viruses found: 4
Number of infected objects: 6
Number of suspicious objects: 3
Duration of the scan process: 00:39:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is lockedskipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{54607B0D-2771-44A0-ACB3-20AB94CF88C0}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search Destroy\Recovery\ZlobVideoActiveXObject.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-17_Log.ALUSchedulerSvc.LiveUpdate Object is lockedskipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4e82c551.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4e82c551.zip ZIP: infected - 1skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-1262c766.zip/HiPointInstallShieldRT.classInfected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Cindy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-1262c766.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cindy\Cookies\index.datObject is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\History\History.IE5\index.dat Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\History\History.IE5\MSHist012007101720071018\index.dat Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cindy\Local Settings\Temp\History\History.IE5\index.datObject lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\laf2CB.tmp_tobedeleted_tobedeletedInfected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.cskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.datObject is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\~DF985.tmp Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\~DFEB29.tmp Object is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temp\~DFF7FC.tmpObject is lockedskipped
C:\Documents and Settings\Cindy\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskipped
C:\Documents and Settings\Cindy\NTUSER.DAT Object is lockedskipped
C:\Documents and Settings\Cindy\ntuser.dat.LOGObject is lockedskipped
C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\BD7RB416\deliver46860[1].htmSuspicious: Exploit.HTML.Mhtskipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is lockedskipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is lockedskipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{51267417-B33C-4783-A2FB-CCFAFA2247D8}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\KATZENBACH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F91D23A0-A8C1-421C-BBFB-23B98A14C33C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_cF3SnRdZCmbwouq Object is locked skipped
C:\WINDOWS\Temp\mcmsc_darqoxYFP0y9qTx Object is locked skipped
C:\WINDOWS\Temp\mcmsc_jiYfqEyWsIY24ys Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ryQmLYiyGwWoWZf Object is locked skipped
C:\WINDOWS\Temp\ZLT01b40.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT038bb.TMP Object is locked skipped
C:\WINDOWS\Temp\{FCF1FFA1-7C9F-6FF0-DF3B-C5FA8F07EB7D}-laf2CB.tmp Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:50 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
pskelley
2007-10-20, 00:24
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Please post a complete HJT log.

Thanks
katzencm
2007-10-20, 01:20
This is the logfile I ran yesterday. I am not very computer savy so I'm assuming this is HVT log. Sorry if it isn't but if you tell me what to do I can do it and post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:50 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
pskelley
2007-10-20, 01:25
You are posting only a portion of the log, look at what others are posting. When the log is in notepad, click on Edit > Select All. The entire contents will be highlited. Copy and paste the entire contents to this topic.

Thanks
tashi
2007-10-20, 01:31
Two topics merged.
katzencm
2007-10-20, 02:12
Ok...I talked to my computer guy at work. He suggested I uninstall spybot, turn off system restore and reboot in safe mode and delete the shown files manually. I did that and also reinstalled McAfee Security Center. So just now I reinstalled Spybot and ran another scan. The WorldSecurityOnline.fake alert and other suspicious files were gone but it came up with two MicrosoftVirusScanDisableNotify registry changes. I checked fix and it said it did. When I opened up the Microsoft Security Center it still says virus protection is off and won't let me turn it on. Does this have something to do with Spybot? I never had the shield with X in the middle until I updated to the newest version of spybot. I also ran another HJT file but I don't want to post if you think my computer is ok. Thanks
pskelley
2007-10-20, 02:21
No way I can tell if the computer is clean without seeing at least the information I keep requesting.

I can say this is the malware forum and suggest you ask your Spybot questions here:
http://forums.spybot.info/forumdisplay.php?f=4 <<< Spybot forum
http://forums.spybot.info/forumdisplay.php?f=16 <<< false positives

You can ask Microsoft questions here:
http://support.microsoft.com/

Since you are dealing with another computer technician, I prefer you continue with that person, to many folks directing you can cause more trouble than good.

Thanks
katzencm
2007-10-20, 02:34
I understand this is a malware forum. I had a malware problem yesterday but it seems to be fixed now. I didn't post the log because I didn't want to waste your time with it since it seemed like spybot took care of everything that come up today. I appreciate your help with my problem. I will go to the microsoft website and try to find out why their virus protection is not on in my computer. Thanks again for your help. I think this product is great. My Air Force computer professional is the person who told me about it when I had a problem earlier this year. Thanks again for your help:bigthumb:
tashi
2007-10-29, 20:32
Safe surfing katzencm. :)

This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.