Serious Antispyware Soft rogue attack!!! (formerly: may have lost all faith...)

[muddpuddle]

Seriously, another eye roll?  If nothing else I'm getting a good laugh from you.

From a post, from me, above, "...reboot, F8 to restart in safe mode with networking.  Downloaded Malwarebytes Anti Malware, installed, and did the free scan.  It found several files related to the Antispyware Soft rogue and it found several other items.  Cleaned, rebooted, and everything including Avast! appears to be back to normal."

[Hermite15]

Seriously, another eye roll?  If nothing else I'm getting a good laugh from you.

From a post, from me, above, "...reboot, F8 to restart in safe mode with networking.  Downloaded Malwarebytes Anti Malware, installed, and did the free scan.  It found several files related to the Antispyware Soft rogue and it found several other items.  Cleaned, rebooted, and everything including Avast! appears to be back to normal."

yeah, I found the tone you used somehow laughable tbh and didn't have the patience to read your entire post >>> where it appeared - somewhere in the middle of it - that you solved your problem. We'll never know where it came from, what it was exactly, how interesting Can you post MBAM log?

[YoKenny]

@ muddpuddle

Logos is good for a good laugh.

[Hermite15]

@ muddpuddle

Logos is good for a good laugh.

and Yokenny is good for the recycle bin; well that's what I'd do with you personally, ditch it

ps: did you pm the OP about me this time?

[ryan556]

I agree with Logos 100% you gave us no proof that you were infected and you could not provide a link to were u got avast or your key. If you really think your infected run malwarebyte's antimalware. www.malwarebytes.com only download free version

[Hermite15]

I agree with Logos 100% you gave us no proof that you were infected and you could not provide a link to were u got avast or your key. If you really think your infected run malwarebyte's antimalware. www.malwarebytes.com only download free version

...well he said he run MBAM...that was silently written in the middle of a long post (that I didn't have the patience to read first)...but he didn't post the log, the thread is completely useless.

[muddpuddle]

Well here is the Malwarebytes' Log if you want it.  I was correct about the file Iburmpjtssd.exe, if nothing else, you could preemptively block this file from net access and whatever else is possible.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4103

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/15/2010 8:21:08 AM
mbam-log-2010-05-15 (08-21-08).txt

Scan type: Full scan (C:\|F:\|H:\|I:\|)
Objects scanned: 722676
Time elapsed: 1 hour(s), 39 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckcseock (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckcseock (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup\8_29_2007.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\**********\Local Settings\Application Data\uksqafsgs\lburmpjtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

[JoeBlack40]

[/quote] Don't get too paranoid. Security forums are 95 % paranoia. I will not limit my account in XP and I will never use sandboxing. I also will not use any browser but IE. I've been on line 11 years now and have never been infected by anything or hacked by anyone. Just use a firewall, even the Windows ones will help (If you are able to stand the annoyances of a HIPS based firewall, use that. I personally have abandoned that as well), and a good AV program. If anything does manage to get by, the free version of Malwarebytes will be 99.9% capable of fixing things. I would also advise putting your computer behind a router and not connecting directly to a modem, even if you only have one computer in the house.
[/quote]
Aha...so you use only IE,windows firewall and an AV...and you use your pc once a week and you visit only sites for kids?

[Dch48]

No single malware product can protect one from all the nasties out there. Hence the best defense is using "layered" protection, be knowledgeable of the risks of using the internet (visit security forums), sandbox browser, and if using Win XP use a Limited User Account.
 Don't get too paranoid. Security forums are 95 % paranoia. I will not limit my account in XP and I will never use sandboxing. I also will not use any browser but IE. I've been on line 11 years now and have never been infected by anything or hacked by anyone. Just use a firewall, even the Windows ones will help (If you are able to stand the annoyances of a HIPS based firewall, use that. I personally have abandoned that as well), and a good AV program. If anything does manage to get by, the free version of Malwarebytes will be 99.9% capable of fixing things. I would also advise putting your computer behind a router and not connecting directly to a modem, even if you only have one computer in the house.

Aha...so you use only IE,windows firewall and an AV...and you use your pc once a week and you visit only sites for kids?

Nope, I am online at least 8 hours a day, every day,  playing online games such as World of Warcraft and Team Fortress 2 as well as browsing and searching extensively every day. I download and install new things frequently as well. I have never been infected or hacked as I said. There have been a handful of attempts but they were always blocked by my AV at the time. First McAfee, then Norton for 9 years, then Comodo, and now Avast! In fact, for the first 4 years I was on Dial up with Windows 98SE and only used an AV without even having a firewall of any kind.

[Saty]

@ muddpuddle,

your log looks fine, if your not experiencing any problems id say your good to go~grin~

im sorry but I have no idea how to address your  lingering CPU problem.(i think you mentioned it in your original post for the thread)

Sat

[JoeBlack40]

[/quote] Nope, I am online at least 8 hours a day, every day,  playing online games such as World of Warcraft and Team Fortress 2 as well as browsing and searching extensively every day. I download and install new things frequently as well. I have never been infected or hacked as I said. There have been a handful of attempts but they were always blocked by my AV at the time. First McAfee, then Norton for 9 years, then Comodo, and now Avast! In fact, for the first 4 years I was on Dial up with Windows 98SE and only used an AV without even having a firewall of any kind.
[/quote]

Ok,i don't want to go off-topic here anymore,if this configuration suites you,fine.I understand that some people finds annoying HIPS alerts,difficult to understand and useless.

[bo.elam]

muddpuddle, start using Sandboxie and you ll never again have
this kind of trouble, and more so if you do your browsing with
Firefox, NoScript and Addblock plus. That software will keep you
clean from Rogues better than any AV. Most likely Rogues wont
have a chance to run, but if it does all you have to do is delete
the contents of the Sandbox and you are back to square 1. Clean.
I use Sbxie together with Avast and Defense Wall and there is no
slowdown at all. My PC is fast and runs the same whether I am
using all 3 programs or none of them. I mention the latter because
some people think Sbxie slows down your machine but that has
never happened to mine. I am also talking about Sbxie because
you said that you might consider start using it.
Bo

[ace2701]

OK, I've had that mess on my kid's computer twice
and cleared it out both times.  First, restart in safe mode.
Next, turn off system restore.  Then, open Internet Options.
You will find that nasty so-and-so has turned on your
proxy setting.  Uncheck it.  Run (or download) Malwarebytes free
and do a quick scan.  Delete all files and registry entries that
it finds.  Re-start in normal mode (I haven't re-started system
restore yet, I'm waiting to see if it messes up again).  Their
Vista OS has remained clean for a week so far. 
Now I would like to know of any URLs that carry this monster,
so I can tell my grandkids not to go there.

[NON]

I think this FakeAV rogue was downloaded by using drive-by method. Recently there are so many infected web-page, so not to go one site can't protect your PC from them .

I recommend to update Windows, Adobe Reader, Java, Flash Player to correct vulnerability. Maybe your PC had some vulnerability and some exploits attacked them.