Author Topic: Trojan.fakealert (Read 14465 times)

Chrysta · « **on:** February 17, 2010, 03:12:47 AM »

Awhile ago I got infected with the 'Personal Antivirus' virus, and I had MacAfee at the time. Then I downloaded Malwarebytes and Avast and got rid of it. I think I still have something connected to it that didn't get deleted.

Now a couple months later, I had another fake alert telling me that my computer was infected with tons of viruses. I downloaded Spyware Doctor and Spybot Search and Destroy. I can't pay for Spyware doctor, and I deleted what I found from Spybot. I believe Spyware doctor found Trojan.fakealert. In the past I ran Malwarebytes and Avast scans and they came clean, and just now I ran both scans and they came clean.

Now part of me wants to not necessarily believe Spyware doctor or Spybot and trust what their scan tells me. On the other hand, they found things that Avast and Malwarebytes didn't.

So I need help determining if my computer is really infected and if it is, how I get rid of Trojan.fakealert and the other things it found, especially since Avast didn't find anything.

Wizho · « **Reply #1 on:** February 17, 2010, 04:45:48 AM »

Download Hitman Pro, and execute it holding the left Ctrl key.
Do a scan and check the infected files, remove infections as needed, restart if needed.

Yanto.Chiang · « **Reply #2 on:** February 17, 2010, 07:20:02 AM »

Hi,

Welcome to the avast forum,

You may to :

1. Download Combofix

2. Please follow the user guidance for Combofix usage

Hopefully may help you.

Cheers,

Pondus · « **Reply #3 on:** February 17, 2010, 07:59:24 AM »

I hope you removed McAfee before you installed avast?
Did you update Malwarebytes befor you scanned? Latest is 1.44 database 3749
can you post the scan log

How to remove Personal Antivirus (Removal Guide)
http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus

You can also try
SuperAntiSpyware 4.33.1000 http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

iloqutiss1 · « **Reply #4 on:** February 17, 2010, 03:46:28 PM »

I had the misfortune of picking up the same infection less than four hours after a fresh windows install.Spyware doctor called it fakealert and warned me about allowing an installer which I allowed anyway, then wham! This is a particularly nasty piece of malware. Lucky for me my father in law came over to babysit that night and is a pro IT guru! Look at running processes in your task manager and if you see bnz.exe or bno.exe right click and select end process tree, then yes to are you sure prompts. go to cnet and download malwarebytes and ccleaner. Ccleaner has a tool that allows you to easily see all processes that load on startup and deactivate any you want to. You can probably kill most of them, but pay special attention to bno.exe and bnz.exe.. bad stuff, they replicate in your system and a new copy reactivates everytime a program removes its infection. use your windows search function to search your system for them and delete manually then run ccleaner to clean your systems temp files, recycle bin etc. then run malwarebytes. You may still not be rid of it though! Avast won't find it, only anti-spyware type programs like spybot. Keep trying different anti malware, spyware, adware etc. till your system consistently comes clean. Also this thing installed a program.. can't remember what it was called. So look at installed programs in your add/remove programs in control panel. If you don't recognize it, its not a windows update or component, and you don't use it.. consider getting rid of it.

emantoyaks · « **Reply #5 on:** February 18, 2010, 12:55:51 AM »

hmmm... try to goto in safemode by the way of restarting ur pc and click "F5" or "F6" i think.

and scan ur pc using http://malwarebytes.org

Good luck and God bless...

Omid Farhang · « **Reply #6 on:** February 18, 2010, 01:17:55 AM »

Hi iloqutiss1

Try to do a scan with updated version of Malwarebytes Antimalware. download it from http://www.filehippo.com/download_malwarebytes_anti_malware/

if the malware did not allow you to run Malwarebytes Antimalware, download the Hitman Pro from http://www.surfright.nl/en/downloads/, Hold the Ctrl Key and double click on hitmanpro.exe to run, keep Ctrl key holding until Hitman Pro screen appear, click on next and let it scan and remove the malwares it find (During removal you might active 30 days trial version). after Hitman Pro removed the malware reboot the computer and scan with Malwarebytes Antimalware.

Chrysta · « **Reply #7 on:** February 18, 2010, 01:43:26 AM »

I had a 30 trial of McAfee and I waited until it ended to download Avast.

And yes, I have updated Malwarebytes and done scans, and they come up clean.

I don't know whose advice to follow, since you all said something different, so I will go down the line through each one.

I downloaded SUPERantispyware and ran a scan, it found three tracking cookies, that was it, I deleted them and ran the scan again and it came out clean. Should I run it again in safe mode? Should I run any of these scans in safe mode?

Anyway, thanks for the replies.

Omid Farhang · « **Reply #8 on:** February 18, 2010, 01:48:26 AM »

Hi Chrysta

Since you have done Malwarebytes Antimalware ans SUPERAntiSpyware, now you might try Hitman Pro http://www.surfright.nl/en/downloads/
Also, Posting here a HiJackThis log would give us more info.

emantoyaks · « **Reply #9 on:** February 18, 2010, 04:52:07 AM »

@Chrysta remember it is not advisable to use two antivirus in your pc., bcos it caused a conflict and ur pc will having trouble,..

use only one, only avast and uninstall ur Mcafee.

Nosnibor · « **Reply #10 on:** February 18, 2010, 07:20:52 PM »

Quote from: Chrysta on February 17, 2010, 03:12:47 AM

Awhile ago I got infected with the 'Personal Antivirus' virus, and I had MacAfee at the time.

The next time you get one of these fake pop up (most likely while you are surfing the net) saying you are infected, DONT PANICK, you are not infected YET-- press ctrl-alt-delete to open the task manager and close ALL occurances of iexplorer (this action has now stoped the FAKE dead and your PC is still clean) DO NOT close the pop up using the red X top right corner nor using the cancel or no button as this will infect you more by means of a DRIVE BY DOWNLOAD

hope it helps ya

Chrysta · « **Reply #11 on:** February 19, 2010, 03:41:43 AM »

I ran Hitman Pro and the scan came up clean. I deleted the program and then installed Combofix.

This is my Combofix log. --- Not really sure what it all means. Did it delete the bad things for me? Can I delete Combofix now and run the next program on my list?

Not all of the log fits in one post so I will do it in two posts.

ComboFix 10-02-18.07 - Chrysta 02/18/2010 20:23:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1661 [GMT -6:00]
Running from: c:\users\Chrysta\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-648665810-3373998031-3992693303-500
c:\program files\Common Files\Uninstall
c:\program files\PAV
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\oem6.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-19 02:29 . 2010-02-19 02:29   --------   d-----w-   c:\users\Chrysta\AppData\Local\temp
2010-02-19 02:06 . 2010-02-19 02:06   15944   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-02-19 02:06 . 2010-02-19 02:06   --------   d-----w-   c:\programdata\Hitman Pro
2010-02-19 02:06 . 2010-02-19 02:06   --------   d-----w-   c:\program files\Hitman Pro 3.5
2010-02-17 21:13 . 2010-02-17 21:13   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-02-17 21:13 . 2010-02-19 02:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-17 21:13 . 2010-02-19 02:04   --------   d-----w-   c:\users\Chrysta\AppData\Roaming\SUPERAntiSpyware.com
2010-02-16 04:13 . 2010-02-16 04:13   --------   d-----w-   c:\users\Chrysta\AppData\Local\Threat Expert
2010-02-15 06:44 . 2010-02-17 02:56   --------   d-----w-   c:\program files\Spyware Doctor
2010-02-13 03:35 . 2010-02-13 03:56   --------   d-----w-   c:\program files\Celebrity Toolbar
2010-01-22 22:39 . 2009-12-16 11:44   834048   ----a-w-   c:\windows\system32\wininet.dll
2010-01-22 22:39 . 2009-12-18 13:01   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-01-20 17:05 . 2010-01-20 17:05   --------   d-----w-   c:\programdata\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 05:58 . 2009-10-10 00:25   --------   d-----w-   c:\program files\uTorrent
2010-02-16 05:58 . 2009-07-10 06:56   --------   d-----w-   c:\users\Chrysta\AppData\Roaming\uTorrent
2010-02-16 03:48 . 2009-05-04 14:21   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-16 03:48 . 2009-06-12 08:06   5115824   ----a-w-   c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 03:23 . 2009-05-04 17:41   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-02-16 03:22 . 2009-05-04 17:41   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-02-16 00:21 . 2009-05-01 23:01   1356   ----a-w-   c:\users\Chrysta\AppData\Local\d3d9caps.dat
2010-02-11 22:19 . 2009-05-15 03:37   2926   ----a-w-   c:\users\Chrysta\AppData\Roaming\wklnhst.dat
2010-02-11 09:18 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-01-20 17:04 . 2009-04-25 13:33   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-20 14:47 . 2009-04-25 12:59   --------   d-----w-   c:\program files\Common Files\Adobe
2010-01-14 17:12 . 2009-10-03 07:46   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-07 22:07 . 2009-05-04 14:21   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-05-04 14:21   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-01 02:17 . 2010-01-01 02:17   --------   d-----w-   c:\program files\Coupons
2009-12-11 11:43 . 2010-02-10 19:30   302080   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 19:30   98816   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 19:30   904776   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 19:30   3600456   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 19:30   3548216   ----a-w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 19:30   30720   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 19:30   12288   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:30   1314816   ----a-w-   c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:30   22528   ----a-w-   c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:30   31744   ----a-w-   c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:30   123904   ----a-w-   c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:30   13312   ----a-w-   c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:30   82944   ----a-w-   c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:30   50176   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:30   91136   ----a-w-   c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:30   212992   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:30   105984   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 22:42 . 2009-05-20 02:10   1669040   ----a-w-   c:\programdata\WildTangent\Game Console - WildGames\Downloads\en-us\Installers\SetupGamesClient.exe
2009-11-24 23:54 . 2009-06-01 13:48   1280480   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-06-01 13:48   48560   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-06-01 13:48   23120   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-06-01 13:48   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-04-25 15:04 . 2009-04-25 15:01   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

Chrysta · « **Reply #12 on:** February 19, 2010, 03:42:21 AM »

Second half of Combofix log.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-4-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-25 13:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5e,ca,3d,af,53,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/1/2009 7:48 AM 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [4/25/2009 9:28 AM 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/1/2009 7:48 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/1/2009 7:48 AM 53328]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 12:05 PM 155648]
S2 SftService;SoftThinks Agent Service;"c:\windows\sminst\sftservice.EXE" --> c:\windows\sminst\sftservice.EXE [?]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [11/4/2008 5:16 PM 22904]

--- Other Services/Drivers In Memory ---

*Deregistered* - SASENUM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 20:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2010-02-18 20:32:04
ComboFix-quarantined-files.txt 2010-02-19 02:32

Pre-Run: 90,708,385,792 bytes free
Post-Run: 90,655,232,000 bytes free

- - End Of File - - 5641BDFAB7B84067BD1808AADF34DFCF

Chrysta · « **Reply #13 on:** February 19, 2010, 04:39:05 AM »

To iloqutiss - Neither one of these 'bno.exe and bnz.exe' were there when I went to the task manager. Should I still do ccleaner?

Nosnibor- When the fake alert popped up, I exited out of it by hitting the red 'x', which I figured I shouldn't have done.

So it looks like I've done everything that everyone said besides HijackThis, which I am going to do now.

Chrysta · « **Reply #14 on:** February 19, 2010, 04:47:16 AM »

Here is the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:14 PM, on 2/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Dell Remote Access.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SoftThinks Agent Service (SftService) - Unknown owner - C:\Windows\sminst\sftservice.EXE (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7245 bytes

Author Topic: Trojan.fakealert (Read 14465 times)

Chrysta

Trojan.fakealert

Wizho

Re: Trojan.fakealert

Yanto.Chiang

Re: Trojan.fakealert

Pondus

Re: Trojan.fakealert

iloqutiss1

Re: Trojan.fakealert

emantoyaks

Re: Trojan.fakealert

Omid Farhang

Re: Trojan.fakealert

Chrysta

Re: Trojan.fakealert

Omid Farhang

Re: Trojan.fakealert

emantoyaks

Re: Trojan.fakealert

Nosnibor

Re: Trojan.fakealert

Chrysta

Re: Trojan.fakealert

Chrysta

Re: Trojan.fakealert

Chrysta

Re: Trojan.fakealert

Chrysta

Re: Trojan.fakealert