|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-30-2007, 10:57 AM
|
#1 (permalink) | |||
|
Registered User
Join Date: Aug 2007
Posts: 6
OS: WinXP 2002, Service Pack 2
|
Fake virus alert pop-ups - Tk58.exe
Hello,
I'm running XP and tried a Deckard scan, but the program crashes midway each time. So I have a HijackThis log and an Activescan log. The real McAfee (not fake pop-ups) occasionally finds Trojans called "Tk58.exe" and possibly other names (this is my mother's computer - she left notes for me). None of these appear in McAfee's log, however. What is listed there are "rru22011.exe" and "wolyz22011.exe" as having been allowed to make a one-time change to the registry! The Panda scan notes the location. McAfee's log reads: Quote:
Quote:
Quote:
|
|||
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-30-2007, 12:42 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Fake virus alert pop-ups - Tk58.exe
Hi MomsPC and welcome to the TechSupportForums
My name is Trevuren and I will be helping you with your problem. A. Please provide a list of uninstallable programs. To Provide a List of Installed Programs
B. Please download this file - combofix.exe by sUBs
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. Regards, Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
08-30-2007, 02:39 PM
|
#3 (permalink) | ||
|
Registered User
Join Date: Aug 2007
Posts: 6
OS: WinXP 2002, Service Pack 2
|
Re: Fake virus alert pop-ups - Tk58.exe
Thanks a million, Trevuren. . .
Quote:
Quote:
|
||
|
|
|
|
08-30-2007, 02:50 PM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Fake virus alert pop-ups - Tk58.exe
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
Now to Clean out the Java cache: Go into the Control Panel and double-click the Java Icon.
Please provide me with a fresh HJT log run after the Java upgrade. I think that you may have forgotten. Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
08-31-2007, 07:49 AM
|
#5 (permalink) | |
|
Registered User
Join Date: Aug 2007
Posts: 6
OS: WinXP 2002, Service Pack 2
|
Re: Fake virus alert pop-ups - Tk58.exe
Sorry about that -- I misread the instructions thinking the HJT log asked for in step B was the same one from step A.
Here's the post-Java install log: Quote:
|
|
|
|
|
|
08-31-2007, 08:48 AM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Fake virus alert pop-ups - Tk58.exe
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
08-31-2007, 09:34 AM
|
#7 (permalink) | ||
|
Registered User
Join Date: Aug 2007
Posts: 6
OS: WinXP 2002, Service Pack 2
|
Re: Fake virus alert pop-ups - Tk58.exe
Quote:
Quote:
|
||
|
|
|
|
08-31-2007, 03:29 PM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Fake virus alert pop-ups - Tk58.exe
A. 1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window: Code:
File:: c:\windows\system32\unPPC.exe Folder:: C:\Program Files\MyWaySA C:\temp\FrankProtocol C:\temp\FrankPacManager C:\temp\FrankMedium C:\temp\FrankHandler C:\temp\FrankFormat C:\temp\FrankDevice C:\temp\FrankContents C:\temp\Frank 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.  5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Also, Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner Click Yes, when prompted to install its ActiveX component. (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) The program launches and downloads the latest definition files.
There is no option to clean/disinfect, however, we need to analyze the information on the report.   To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply, along with a fresh HijackThis log
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-01-2007, 01:44 PM
|
#9 (permalink) | |||
|
Registered User
Join Date: Aug 2007
Posts: 6
OS: WinXP 2002, Service Pack 2
|
Re: Fake virus alert pop-ups - Tk58.exe
Quote:
Quote:
Quote:
|
|||
|
|
|
|
09-01-2007, 03:05 PM
|
#10 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Fake virus alert pop-ups - Tk58.exe
Everything looks fine, all items are either in Quarantine or in your System Restore Cache. We will delete part of the quarantined files now.
Using Windows Explorer (Windows Key + E), please locate and delete the following folder and all its content: C:\ Qoobox<==Folder If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations. Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-02-2007, 04:54 AM
|
#11 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 6
OS: WinXP 2002, Service Pack 2
|
Re: Fake virus alert pop-ups - Tk58.exe
Thanks again, Trevuren. My one question would be, and maybe you cover it in your final cleanup steps... if a flash drive were used with this PC, would it contain the same infection? Should it be thrown away, or can it be disinfected without reinfecting the machine you plug it into?
Besides that small question, I'm happy to go through the final clean-up steps. Shoot away. |
|
|
|
|
09-02-2007, 10:43 AM
|
#12 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Fake virus alert pop-ups - Tk58.exe
Flash Drives can contain most of the same infections that a normal drive can contain. It depends what is on them. You need to scan them to find out.
These drives, like your main drives, can have special types of infections that come into play when the drive is started up but we have checked for those through the scans that I have asked to perform. Congratulations, your log looks CLEAN There are a few things you must do once you are completely clean: 1. Time for some housekeeping Please download the OTMoveIt by OldTimer
2. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only
For Technical Support, double-click the e-mail address located at the bottom of each menu. 3. Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open. I strongly recommend installing the following applications:
So how did I get infected in the first place? Regards, Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
| Thread Tools | |
|
|
