"Your computer is infected" warning

[carlrowley1]

Hello guys

I had gone to a web-site, looked harmless enough, and got one of them "your computer is infected" and all sorts of warnings.

I managed to click every X on the screen without any of them coming back, and ran a malwarebytes scan, and picked this up.

But is this related to the "your computer is infected" messages i was getting, or is there something else lurking around..

Or basically is this what malwareBytes had just picked up from the site i had just been to..., the messages have gone know



[Saving space, attachment deleted by admin]

[Dr Jay]

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[carlrowley1]

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Hello dragonMaster

Just done a search before i seen your reply

Just checking if necessary to do this, MBAM has changed the value in the registry to (0) so it is not picking this up anymore.
This thread (bottom post)
http://forums.malwarebytes.org/index.php?showtopic=12349

All this indicates is that the ability to make changes to active desktop is disabled and MBAM is attempting to enable it . If you don't want to see this again tell MBAM to ignore the scan result .

I believe this is from one of the developers of MBAM

But i'll carry on with the combofix scan dragonMaster if its needed, no problem.

Here's another thought , why diden't McAfee site advisor pick this up, all the web-sites listed had green ticks on them.
Anyway its only a 30 day free trial, changed it now to avast

[Azzaboi]

Please do not post advice unless you are Malware Specialist on this forum. Dave

[Dr Jay]

Download ComboFix from here:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

===

Then do this script:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  Registry::
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges]
  
  AWF::
  
  REBOOT::
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[carlrowley1]

Download ComboFix from here:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Hello dragonMaster.
I should have mentioned i have windows 7 64 bit

Yes downloaded from the link, but apparantly it says incompatable OS, this only works on XP and 2000.

Also, as soon as i drag CFScript.txt into comboFix.exe the program will run, but  CFScript.txt still shows on the desk top.

[Dr Jay]

Oh ok.

Please open Notepad and enter in the following:

Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges]

Then, click File > Save as...
Save as file.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on file.reg, and it will finish quickly. Confirm prompts then restart your computer.

Please post a new Malwarebytes log in your next reply.

[carlrowley1]

Oh ok.

Please open Notepad and enter in the following:Then, click File > Save as...
Save as file.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on file.reg, and it will finish quickly. Confirm prompts then restart your computer.

Please post a new Malwarebytes log in your next reply.

Sorry dragonMaster

Is this what i have to copy to note pad

Windows Registry Editor Version 5.00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

I wasen't sure i shoud copy the "windows registry Editor Version 5,00"  thats all

[Dr Jay]

Yes. Make sure the exact lines in the codebox are copied in to notepad.

Code: [Select]

Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges]

[carlrowley1]

OK, drangonMaster  here is the new MBAM scan,  looks fine

[Saving space, attachment deleted by admin]

[Dr Jay]

Good. Any more issues?

[carlrowley1]

Good. Any more issues?

No dragonMaster all is fine, computer running nice and smooth.

Just out of interest, don't you use hijackThis any more, even if it is only for  an initail scan

[Dr Jay]

Sometimes.

Do you want to know how to protect your self in the future? Also, want to clean up the computer?

[carlrowley1]

Sometimes.

Do you want to know how to protect your self in the future? Also, want to clean up the computer?

Any advice would be great, here's what i have at present.  MBAM ,  SWB,  Avast 5.0 ,  and Winpatrol.
And i do regular clean ups with, ccleaner

[Dr Jay]

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.