Guest adrian palmer Posted September 18, 2008 Posted September 18, 2008 Despite having both a firewall and an up-to-date anti-virus program running on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have run a virus scan through the antivirus software, and it has told me that I have a trojan, and that it has removed it. However I keep getting a Windows-type security pop-up saying that my firewall has detected a problem. The pop-up seems suspicious and some of the wording doesn't seem consistent with other windows msgs i've had before. My only option with this pop-up is to download some software to remove it. This leads me to this website: http://www.antispyware-review.biz/?wmid=46...d=uWfLn0pimL&a= Has anyone heard of this? Are thety actually affiliated with Microsoft, and will it remove the problem? I have downloaded the latest Mallicious Software program and run it, which also tells me that I have a problem, but not really what to do about it. CAn anyone help me please?? Adrian Quote
Guest David H. Lipman Posted September 18, 2008 Posted September 18, 2008 From: "adrian palmer" <adrianpalmer@discussions.microsoft.com> | Despite having both a firewall and an up-to-date anti-virus program running | on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have | run a virus scan through the antivirus software, and it has told me that I | have a trojan, and that it has removed it. However I keep getting a | Windows-type security pop-up saying that my firewall has detected a problem. | The pop-up seems suspicious and some of the wording doesn't seem consistent | with other windows msgs i've had before. My only option with this pop-up is | to download some software to remove it. This leads me to this website: | hxxp://www.antispyware-review.biz/?wmid=4663&pwebmid=uWfLn0pimL&a= | Has anyone heard of this? Are thety actually affiliated with Microsoft, and | will it remove the problem? I have downloaded the latest Mallicious Software | program and run it, which also tells me that I have a problem, but not really | what to do about it. CAn anyone help me please?? | Adrian You left out important details. - What Trojan ? - What file (fully qualified name and path) ? - What anti virus application detected this ? No, they aren't affiliated with Microsoft. In fact this looks like they are associated with the crooks of RBN. PCAntispy_Installer_eng.exe and PCCleanPro_Installer_eng.exe are basically the same. http://www.virustotal.com/analisis/fc0d4be...a1637546b0a26f9 http://www.virustotal.com/analisis/be2bf70...a5ae639be1afdbc AntiVir 7.8.1.34 2008.09.18 TR/Dropper.Gen Ikarus T3.1.1.34.0 2008.09.19 Virus.Win32.Roodro Webwasher-Gateway 6.6.2 2008.09.18 Trojan.Dropper.Gen You are still infected. Old game, malware installs on PC, gets you to download so-called anti malware to get you to pay for remover. Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe Then post the contents of the HJT log in your post in one of the below expert forums... { Please - Do NOT post the HJT Log here ! } Forums where you can get expert advice for HiJack This! (HJT) Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.malwarebytes.org/forums/index.php?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Lance Posted September 19, 2008 Posted September 19, 2008 adrian palmer wrote the following on 9/18/2008 15:38:<span style="color:blue"> > Despite having both a firewall and an up-to-date anti-virus program running > on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have > run a virus scan through the antivirus software, and it has told me that I > have a trojan, and that it has removed it. However I keep getting a > Windows-type security pop-up saying that my firewall has detected a problem. > The pop-up seems suspicious and some of the wording doesn't seem consistent > with other windows msgs i've had before. My only option with this pop-up is > to download some software to remove it. This leads me to this website: > > http://www.antispyware-review.biz/?wmid=46...d=uWfLn0pimL&a= > > Has anyone heard of this? Are thety actually affiliated with Microsoft, and > will it remove the problem? I have downloaded the latest Mallicious Software > program and run it, which also tells me that I have a problem, but not really > what to do about it. CAn anyone help me please?? > Adrian </span> Could it possibly be this Trojan-Spy.Win32.GreenScreen? http://www.removeonline.com/remove-trojan-...l-instructions/ I'm curious because I have a user who reported today his Windows "firewall" warned of finding a problem. Lance Quote
Guest David H. Lipman Posted September 19, 2008 Posted September 19, 2008 From: "Lance" <lltbhill@link_earth.net> | Could it possibly be this Trojan-Spy.Win32.GreenScreen? | hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/ | I'm curious because I have a user who reported today his Windows | "firewall" warned of finding a problem. | Lance | Lovely... SpyNoMore fraud/crap He has a trojan which sends hime to a rogue anti amwlare siite and your reply, send hime to another ! That site states if you want to remove something get the download [ Download_snm-2.67_swpl.exe]. That is a downloader downloads; snm-2.67_swpl.exe for SpyNoMore and here are the results. AntiVir 7.8.1.34 2008.09.18 PHISH/FraudTool.SpyNoMore.G.76 Arcavir 1.0.5 200809181409 2008-09-18 1.22 Riskware.Fraudtool.Spynomore.G Avast 4.8.1195.0 2008.09.18 Win32:Spyware-gen CAT-QuickHeal 9.50 2008.09.17 FraudTool.SpyNoMore.g (Not a Virus) CP Secure 1.1.0.715 2008.09.19 2008-09-19 5.88 FraudTool.W32.SpyNoMore.g Ewido 4.0 2008.09.18 Not-A-Virus.Adware.EShoper Fortinet 3.113.0.0 2008.09.18 Misc/SpyNoMore GData 19 2008.09.19 Win32:Spyware-gen Ikarus T3.1.1.34.0 2008.09.19 Trojan.Hooker.31 K7AntiVirus 7.10.461 2008.09.18 not-a-virus:FraudTool.Win32.SpyNoMore.g Kaspersky 7.0.0.125 2008.09.19 not-a-virus:FraudTool.Win32.SpyNoMore.f Quick Heal 9.50 2008.09.17 2008-09-17 1.79 FraudTool.SpyNoMore.g (Not a Virus) Sophos 4.33.0 2008.09.19 SpyNoMore Installer TheHacker 6.3.0.9.087 2008.09.18 Aplicacion/SpyNoMore.g -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest FromTheRafters Posted September 19, 2008 Posted September 19, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > From: "Lance" <lltbhill@link_earth.net> > > > > | Could it possibly be this Trojan-Spy.Win32.GreenScreen? > | > hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/</span> Cut and paste from that URL: "Trojan-Spy.Win32.GreenScreen is a melicious warning message" ....so, do I need anti-melware software now too? Quote
Guest ~BD~ Posted September 19, 2008 Posted September 19, 2008 "FromTheRafters" <erratic@ne.rr.com> wrote in message news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...<span style="color:green"> >> From: "Lance" <lltbhill@link_earth.net> >> >> >> >> | Could it possibly be this Trojan-Spy.Win32.GreenScreen? >> | hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/</span> > > Cut and paste from that URL: > "Trojan-Spy.Win32.GreenScreen is a melicious warning message" > > ...so, do I need anti-melware software now too? > ></span> You most certenly do! <wink> Quote
Guest Heather Posted September 19, 2008 Posted September 19, 2008 "FromTheRafters" <erratic@ne.rr.com> wrote in message news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...<span style="color:green"> >> From: "Lance" <lltbhill@link_earth.net> >> >> >> >> | Could it possibly be this Trojan-Spy.Win32.GreenScreen? >> | >> hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/</span> > > Cut and paste from that URL: > "Trojan-Spy.Win32.GreenScreen is a melicious warning message" > > ...so, do I need anti-melware software now too?</span> Only if you know a big green guy named MEL. Otherwise you are just fine, young man. (G) And David L. wears mittens when he types, so be gentle with him. Kissies.......from the Great White North<span style="color:blue"> > > </span> Quote
Guest FromTheRafters Posted September 19, 2008 Posted September 19, 2008 "Heather" <figgyd@nospam.invalid> wrote in message news:uZVECanGJHA.2580@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > > "FromTheRafters" <erratic@ne.rr.com> wrote in message > news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...<span style="color:green"> >> >> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >> news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl...<span style="color:darkred"> >>> From: "Lance" <lltbhill@link_earth.net> >>> >>> >>> >>> | Could it possibly be this Trojan-Spy.Win32.GreenScreen? >>> | >>> hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/</span> >> >> Cut and paste from that URL: >> "Trojan-Spy.Win32.GreenScreen is a melicious warning message" >> >> ...so, do I need anti-melware software now too?</span> > > Only if you know a big green guy named MEL. Otherwise you are just fine, > young man. (G) > > And David L. wears mittens when he types, so be gentle with him. > > Kissies.......from the Great White North</span> This wasn't a David L typo - it was the 'professional' software company's "melicious warning message" removal program's sales pitch. Yeah - I'll trust software from a company that can't even run a spellcheck on thier website text. I wonder if their EULA has an "I except" button on it. Reply should work. Quote
Guest David H. Lipman Posted September 19, 2008 Posted September 19, 2008 From: "FromTheRafters" <erratic@ne.rr.com> | "Heather" <figgyd@nospam.invalid> wrote in message | news:uZVECanGJHA.2580@TK2MSFTNGP05.phx.gbl... <span style="color:blue"><span style="color:green"> >> "FromTheRafters" <erratic@ne.rr.com> wrote in message >> news:%23VZg%232kGJHA.2580@TK2MSFTNGP05.phx.gbl...</span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >>> news:evWTUYfGJHA.4760@TK2MSFTNGP05.phx.gbl... >>>> From: "Lance" <lltbhill@link_earth.net></span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>>> | Could it possibly be this Trojan-Spy.Win32.GreenScreen? >>>> | >>>> hxxp://www.removeonline.com/remove-trojan-spy-win32-greenscreen-removal-instructions/</span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> Cut and paste from that URL: >>> "Trojan-Spy.Win32.GreenScreen is a melicious warning message"</span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> ...so, do I need anti-melware software now too?</span></span></span> <span style="color:blue"><span style="color:green"> >> Only if you know a big green guy named MEL. Otherwise you are just fine, >> young man. (G)</span></span> <span style="color:blue"><span style="color:green"> >> And David L. wears mittens when he types, so be gentle with him.</span></span> <span style="color:blue"><span style="color:green"> >> Kissies.......from the Great White North</span></span> | This wasn't a David L typo - it was the 'professional' software | company's "melicious warning message" removal program's | sales pitch. | Yeah - I'll trust software from a company that can't even run | a spellcheck on thier website text. I wonder if their EULA | has an "I except" button on it. | Reply should work. ROFLOL ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest kalyan Posted September 22, 2008 Posted September 22, 2008 Re: Help!!--solution here Hi Checkout........ What is Antispyware-reviews.biz hijacker? Antispyware-reviews.biz is a browser hijacker that was designed to sell rogue anti-spyware products (such as PcAntiSpyware). Antispyware-reviews.biz may slow your computer and decrease internet connection speed. It can secretly install dangerous spyware applications to steal private data and track keystrokes. Antispyware-reviews.biz hijacker may also come bundled with other applications. Antispyware-reviews.biz behaviour: Antispyware-reviews.biz may show popups Antispyware-reviews.biz may secretly install spyware programs Antispyware-reviews.biz may be difficult to remove Antispyware-reviews.biz may recreate itself Antispyware-reviews.biz may slow your PC Antispyware-reviews.biz manual removal instructions: Start the computer in safe mode Remove Antispyware-reviews.biz files and unregister files: gtawclv.dll gtawclv.dll vjxwnn.dll cfqbw.dll fdpzgi.dll vmlwp.dll veptlh.dll isfmdl.dll Delete Antispyware-reviews.biz registry entires: A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D 82C8422E-86A3-41C1-9F2E-094F7BF849E2 4090F502-6B2D-41B4-8409-B08905A3A0E6 F10587E9-0E47-4CBE-84AE-7DD20B8684BB 14B65C62-1F53-4B15-9476-5D697608536F BCBC8B3C-397C-4D98-B6BA-FF337B9671E1 80DFDD57-D8B8-4991-82B9-9E9D426668B0 4911E55D-9240-49DB-B878-337DE4F53E70 47EFD4AD-CB46-4549-B24B-CEE415394C56 17D2F953-B2D1-4D1B-BCD3-20432E09ECF1 3DAF1739-AB9E-493E-8DD7-F65CDF363BCB F4D76F09-7896-458a-890F-E1F05C46069F -- Warm Regards Kalyan "adrian palmer" <adrianpalmer@discussions.microsoft.com> wrote in message news:8E4B15AB-C2AB-4647-99A9-35DB6F1ACEB1@microsoft.com...<span style="color:blue"> > Despite having both a firewall and an up-to-date anti-virus program > running > on my PC, I seem to have accumulated a Trojan Virus from somewhere. I have > run a virus scan through the antivirus software, and it has told me that I > have a trojan, and that it has removed it. However I keep getting a > Windows-type security pop-up saying that my firewall has detected a > problem. > The pop-up seems suspicious and some of the wording doesn't seem > consistent > with other windows msgs i've had before. My only option with this pop-up > is > to download some software to remove it. This leads me to this website: > > http://www.antispyware-review.biz/?wmid=46...d=uWfLn0pimL&a= > > Has anyone heard of this? Are thety actually affiliated with Microsoft, > and > will it remove the problem? I have downloaded the latest Mallicious > Software > program and run it, which also tells me that I have a problem, but not > really > what to do about it. CAn anyone help me please?? > Adrian </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.