PDA

View Full Version : Fraud Windows Protection Suite



gazzed
2010-04-07, 03:59
Hi
My Sister in law bought her laptop to me after running it with expired Mcafee security for about a month, and boy, it was a mess.

The first thing I did was to uninstall Mcafee to try and get Nod32 Security Suite on, but was unable to install it, and the same went for "Malwarebytes", I was however able to install "Spy Bot" and after a scan I had a list as long as your arm, but it was only able to clear a fraction of the list, but it did allow me to get Nod32 on.

Nod32 detected some 200 infections and was able to clean most of them, which then allowed me to get "Malwarebytes" on, after a full scan I had a list with nearly 800 entries and was able to clear most of them.

This done, and another scan with "Spy Bot" allowed a lot more of the entries to be removed.

After a lot of scanning I finally ended up with just 17 entries which spybot was unable to remove, this was the "Fraud Windows Protection Suite" and "Microsoft Windows Redirected Hosts".

I did a google search and found this site and read some of the posts, which were identical to the problems I was having, so downloaded "Hijackthis" with the intention of signing up and posting the log in the hope somebody could help.

When I ran "Hijackthis", I had a message pop up (Can't remember exactly what it said) but to cut a long story short Type in the run box "Notepad C:\Windows\System32\Drivers\etc\hosts", and to save the file as "Hosts" (With the quotes) I followed the instuctions and checked the box's in the Hijackthis window against the notepad file, and clicked fix selected.

After running spy bot again all appears to be clean, but I think I still may need a bit of help, ie what should I do with the "Hosts" file?, when windows explorer is opened it takes about 2 minutes before anything is listed, and for some reason windows has decided to become unactivated, which is strange, and there were 57 running processes, I have diabled some but would appreciate any help on the ones I can stop and also ones that shouldn't be running.

I won't post any log files until asked to do so.

Many Thanks,

Gary.

tashi
2010-04-07, 18:03
Hello gazzed,

Please see this forum's FAQ and start a new topic providing a HJT log downloaded from the link provided. "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Also link back to this topic so that helpers know the history. :) To that end before I close this thread please explain further.


When I ran "Hijackthis", I had a message pop up (Can't remember exactly what it said) but to cut a long story short Type in the run box "Notepad C:\Windows\System32\Drivers\etc\hosts", and to save the file as "Hosts" (With the quotes) I followed the instuctions and checked the box's in the Hijackthis window against the notepad file, and clicked fix selected.
Was this a log analyzer giving you "instructions"? Where did you download it from and what did you "fix"?

Best regards

tashi
2010-04-08, 04:23
New topic: http://forums.spybot.info/showthread.php?t=56698