Computer Hope

Software => Computer viruses and spyware => Topic started by: zoe on April 29, 2008, 05:37:15 AM

Title: system error dangerous virus message
Post by: zoe on April 29, 2008, 05:37:15 AM

A "system error dangerous virus message" keeps popping up every few seconds.  I'm sure it is some type of virus.  It asks if I want to install anti-spyware.  I continue to answer "Cancel."  Does anyone know how to get rid of this annoying message? :'(

Title: Re: system error dangerous virus message
Post by: street1 (RIP) on April 29, 2008, 05:47:50 AM

Go to the below 2 links download and use both programs.They
are free. AVG is really great freeware software.

http://majorgeeks.com/download886.html

http://www.majorgeeks.com/AVG_Anti-Spyware_d5287.html

Title: Re: system error dangerous virus message
Post by: zoe on April 29, 2008, 09:54:40 AM

I downloaded and ran both programs but neither picked up a virus.  I also had installed Norton 360, but it did not find one either.  I don't understand why these programs can miss it.  Any suggestions would be greatly appreciated.

Title: Re: system error dangerous virus message
Post by: Dias de verano on April 29, 2008, 10:42:32 AM

The answer is that you have probably picked some malware which is an "anti-spyware" scam. It warns you that you have a "dangerous virus" when you actually do not have one, so that you are induced to install their fake software which will pop up warnings, probably for "viruses" that need their paid-for version! Or else your PC will become full of adware.

Title: Re: system error dangerous virus message
Post by: Spoiler on April 29, 2008, 11:10:53 AM

Take a look though this....it will help you get started with a fix....

http://www.computerhope.com/forum/index.php/topic,46313.0.html

Title: Re: system error dangerous virus message
Post by: patio on April 29, 2008, 02:17:55 PM

You're infected....i'm moving this to the appropiate Forum.
Follow the instructions posted and post back with the logs....

Title: Re: system error dangerous virus message
Post by: zoe on April 29, 2008, 09:01:27 PM

 :-*
Thank you so very much!  I followed the instructions and when I did the scan with Malwarebytes' Anti-Malware, the trojan virus was found!  I can't thank you enough for your help!  You guys are truly heros in a land of creeps who launch nasty viruses!   :-*

Title: Re: system error dangerous virus message
Post by: Broni on April 29, 2008, 09:33:59 PM

That's not all.
You need to post all three logs for us to see, IF your computer is clean.

Title: Re: system error dangerous virus message
Post by: zoe on April 30, 2008, 12:57:29 PM

Here are the 3 logs that you requested.  I deleted the trojan virus from the malware scan which fixed my pop-up message problem.  Thanks again for all your help.   :)

[recovering space - attachment deleted by admin]

Title: Re: system error dangerous virus message
Post by: evilfantasy on April 30, 2008, 03:53:53 PM

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-AA8C-E56FA49CA83A} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Download SDFix.exe (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard).
  
• Finally add the contents of the Report.txt in your next post along with a fresh Hijackthis log.

Title: Re: system error dangerous virus message
Post by: zoe on April 30, 2008, 06:19:46 PM

OK!  Please see attached files.

[recovering space - attachment deleted by admin]

Title: Re: system error dangerous virus message
Post by: evilfantasy on April 30, 2008, 06:48:13 PM

That got on eof them, the next one will need a more powerful tool.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
  
• Link #2 (http://subs.geekstogo.com/ComboFix.exe)
  
• Link #3 (http://www.forospyware.com/sUBs/ComboFix.exe)

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click  this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• Choose Yes to accept the Disclaimers.[

• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

.
Please add the combofix log in the next reply.

Title: Re: system error dangerous virus message
Post by: zoe on May 01, 2008, 04:01:42 AM

See attached.  Thanks!

[recovering space - attachment deleted by admin]

Title: Re: system error dangerous virus message
Post by: evilfantasy on May 01, 2008, 11:26:58 AM

Looks good. We need to scan a file, hopefully it will come back clean.

Scan Suspicious File(s)

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
(If more than one file needs scanned they must be done separately and logs posted for each one)

• Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\C:\WINDOWS\System32\svchost.exe

• At the upload site, click once inside the window next to Browse.
  
• Press Ctrl+V on the keyboard (both at the same time) to paste the file path in the window.
  
• Next click Send File
  • Your file will possibly be entered into a queue which normally takes less than a minute to clear.
• This will perform a scan across multiple different virus scanning engines.
• Important: Wait for all of the scanning engines to complete.
  
• Copy and then Paste the link to the results in the next reply.

Title: Re: system error dangerous virus message
Post by: zoe on May 01, 2008, 07:16:05 PM

I visited the Virustotal site as instructed.  After copying the Code in box (C:\Windows\C:\Windows\System32\schost.exe)  and sending the file, I get this message:  0 bytes size received / Se ha recibido un archivo vacio

Did I do something wrong?  Thanks for your patience.

Title: Re: system error dangerous virus message
Post by: evilfantasy on May 02, 2008, 10:18:58 AM

You didn't do anything wrong, it won't scan 0 byte files.

Go to Start > Run and copy then paste this line into the box and hit enter:

sc stop wscsvc

Now again Start > Run and paste this line and hit enter:

sc delete wscsvc

How is everything now?

Title: Re: system error dangerous virus message
Post by: zoe on May 02, 2008, 01:54:01 PM

Did it!  My computer is running great with no more annoying pop-ups.  Thank you so very, very much for your help.  People like you make the world a much better place!  May God Bless you!

Title: Re: system error dangerous virus message
Post by: evilfantasy on May 02, 2008, 02:01:16 PM

Still a few more fianl steps.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)

.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
Download OTMoveIt2 by OldTimer  OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
Here are some great tools to help you keep from getting infected again.

To prevent unknown applications from being installed on your computer install WinPatrol 2007 (http://"http://www.winpatrol.com/winpatrol.html")

Another thing I would suggest installing SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam.

 Spybot Search & Destroy (http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1) - A safe and effective spyware scanner.
*  (http://www.safer-networking.org/en/tutorial/index.html)Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)

 AVG Anti-Spyware Free Edition (http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0) - Very reliable with a high detection rate.
*  AVG Anti-Spyware User Manual (http://free.grisoft.com/doc/5390/us/frt/0?prd=asf)

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)

 Comodo BOClean (http://www.comodo.com/boclean/CBO_download.html) - Stops trojans and many more malicious attacks.

Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
*  Click here (http://www.freebyte.com/antivirus/#freefirewalls) for a list of free firewalls.
*  Why would I consider a third party firewall? (http://www.microsoft.com/windowsxp/using/security/learnmore/atkin_firewall.mspx#EGF)
* Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)

 UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com[/b]]http://www.windowsupdate.com (http://[b) regularly. This will ensure your computer has always the latest security updates available installed on your computer.
*  Help with Windows updates (http://support.microsoft.com/?scid=ph;en-us;6527)

Learn more about how to protect yourself while on the internet read this article by Tony Klien:  So how did I get infected in the first place? (http://www.castlecops.com/postlite7736-.html)

Let us know if anything else comes up.