| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 117168 | 2011-04-05 10:41:00 | Is this a fake virus Alert? It has me worried. | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1192252 | 2011-04-06 00:58:00 | Get remover update it then scan. Then select all the options under the utils menu. Might help if you disable system restore too | Speedy Gonzales (78) | ||
| 1192253 | 2011-04-06 02:20:00 | Here it is (www.bleepingcomputer.com). Its called FakePAV. I could check it out with teamviewer from here. If you think its still on the system There are no indications that it is still on the system Speedy, everything is functioning normally and every check so far (other than last night's remedial actions) has turned up nothing. The false alerts are gone and as I mentioned above, the firewall and AV are operational, it is just auto and manual update that are not working. I've updated MWB again and run it with zero results. I'll be taking a break for lunch in a minute so I'll update and run Spybot again, that was what got me on the path to recovery last night when it cleaned out some nasty stuff, and the Eset online scan I ran later found nothing other than some very old low risk stuff in an ancient archive file, now deleted. Rkill also drew a blank. CCleaner registry check points to some issues but unless I get advice that it is safe to use I'm leaving that alone. Likewise system restore, I don't want to shut it down and find I have no restore points if it goes arse-up on me. Attached are three screen shots that summarise the current problem and an example of CCleaners registry report. I don't have an HP scanjet installed, and never have, it was on my old computer, so how it got into the current registry I have no idea. Cheers Billy 8-{) |
Billy T (70) | ||
| 1192254 | 2011-04-06 02:26:00 | I wouldnt rely on ccleaner's registry option. It doesn't remove malware. Its for files / programs that have been installed / uninstalled. And programs that may leave parts in the registry / folders Selecting all the options in trojan remover will reset whatever. Hopefully it'll fix windowsupdate or whatever isnt working |
Speedy Gonzales (78) | ||
| 1192255 | 2011-04-06 02:38:00 | Can you fire up regedit and check where I mention in my blog post? www.c2s.co.nz |
Chilling_Silence (9) | ||
| 1192256 | 2011-04-06 04:22:00 | Can you fire up regedit and check where I mention in my blog post? www.c2s.co.nz I am on XP Pro and Firefox Chill, and I've looked for the at but there is no directory off C: labelled "ProgramData", just "Program Files" and I found nothing there. Using ZTree I did a full search of C: for filespec: hOh16633jDhEo16633* which should have found that filename/string if it was anywhere on the drive, including the Registry, but it brought up nothing. I have no alerts or any other problems beyond the single issue in my last post i.e. that auto and manual updates of MSE don't work, and I an relying on MSE doing the auto-update before its next scan as the info I found on the web (in relation to this problem) said it would. I'll go take a deeper nosy into the registry next I guess, but I already checked there (but not in safe mode) and only the first entry is shown, not the nasty one. Cheers Billy 8-{) |
Billy T (70) | ||
| 1192257 | 2011-04-06 04:36:00 | no Billy, you've taken it literaly :) firstly, you have XP, so "ProgramData", for Chill in Vista or win 7 is the same as "Program Files" for you in XP. But he is saying to use regedit and look in HKLM\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once to see if there is any random generated charactor string that is similar to the one listed as hOh16633jDhEo16633 It could be anything at all.... you cant look for hOh16633jDhEo16633 :) |
bevy121 (117) | ||
| 1192258 | 2011-04-06 05:02:00 | Bummer! That is why instructions for complex functions should never rely on assumptions made about the competence or experience of the recipient, or assume that which is obvious to the instructor is equally obvious to the intructee. Do I have to search in safe mode or do I need to be in S-M to make edits? I didn't bother for the initial look-see. Cheers Billy 8-{) |
Billy T (70) | ||
| 1192259 | 2011-04-06 05:06:00 | Don't need to be in safe mode unless regedit won't open | Chilling_Silence (9) | ||
| 1192260 | 2011-04-06 05:25:00 | Get teamviewer and I'll have a look | Speedy Gonzales (78) | ||
| 1192261 | 2011-04-06 05:26:00 | Attached are three screen shots that summarise the current problem and an example of CCleaners registry report. I don't have an HP scanjet installed, and never have, it was on my old computer, so how it got into the current registry I have no idea. Cheers Billy 8-{) Far from being an expert in these matters, but looking at the first screen shot, some of those infections are related to itunes folders, is it possible you(son) have been downloading music from dodgy places? |
plod (107) | ||
| 1 2 3 4 5 | |||||