says i have a virus, but cant get rid of it.

TheMSsForum.com: The Microsoft Software Forum

i have a little ?mark on my computer, it says that i have a virus. i tried to
download VirusBurst but it wont go through is there another way to get rid of
this. i'm new at this computer thing. anything would help, thank you
Top

Re: says i have a virus, but cant get rid of it. by David

David
Sun Sep 10 17:35:29 CDT 2006

From: "dazed and confused." <dazed and confused. @discussions.microsoft.com>

| i have a little ?mark on my computer, it says that i have a virus. i tried to
| download VirusBurst but it wont go through is there another way to get rid of
| this. i'm new at this computer thing. anything would help, thank you

Do you actually have a REAL anti virus productr on your PC ?

Where was this "?mark " on your computer and what virus did it purport you to have ?

Did you click on this and it told you to download VirusBurst ?

We need to get all the facts straight. It sounds like you are infected with a FakeAlert
type Trojan and it is telling you to download a Rogue anti virus application. Indications
are that VirusBurst is a Rogue anti malware utility and if yes, then it is malware and the
Question Mark on the PC was a con job to get you to download malware and then have you pay
for it !

This certainly smells of a SmitFarud Trojand type situation !

Please provide the facts ASAP !


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Top

Re: says i have a virus, but cant get rid of it. by dazedandconfused

dazedandconfused
Sun Sep 10 20:40:03 CDT 2006

Hi David, the icon is down where the time is, its a little question mark with
a circle around it, it also flashes a red circle with a line through it. i
did try to download the virusburst thing with no luck, i'm running a securtiy
monitor and it says that im fine with a couple of glitches. i'm not sure what
to do.

"David H. Lipman" wrote:

> From: "dazed and confused." <dazed and confused. @discussions.microsoft.com>
>
> | i have a little ?mark on my computer, it says that i have a virus. i tried to
> | download VirusBurst but it wont go through is there another way to get rid of
> | this. i'm new at this computer thing. anything would help, thank you
>
> Do you actually have a REAL anti virus productr on your PC ?
>
> Where was this "?mark " on your computer and what virus did it purport you to have ?
>
> Did you click on this and it told you to download VirusBurst ?
>
> We need to get all the facts straight. It sounds like you are infected with a FakeAlert
> type Trojan and it is telling you to download a Rogue anti virus application. Indications
> are that VirusBurst is a Rogue anti malware utility and if yes, then it is malware and the
> Question Mark on the PC was a con job to get you to download malware and then have you pay
> for it !
>
> This certainly smells of a SmitFarud Trojand type situation !
>
> Please provide the facts ASAP !
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Top

Re: says i have a virus, but cant get rid of it. by PA

PA
Mon Sep 11 01:58:26 CDT 2006

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Security, Shell/User)

dazed and confused. wrote:
> Hi David, the icon is down where the time is, its a little question mark
> with a circle around it, it also flashes a red circle with a line through
> it. i did try to download the virusburst thing with no luck, i'm running
> a
> securtiy monitor and it says that im fine with a couple of glitches. i'm
> not sure what to do.
>
> "David H. Lipman" wrote:
>
>> From: "dazed and confused." <dazed and confused.
>> @discussions.microsoft.com>
>>
>>> i have a little ?mark on my computer, it says that i have a virus. i
>>> tried to download VirusBurst but it wont go through is there another way
>>> to get rid of this. i'm new at this computer thing. anything would help,
>>> thank you
>>
>> Do you actually have a REAL anti virus productr on your PC ?
>>
>> Where was this "?mark " on your computer and what virus did it purport
>> you
>> to have ?
>>
>> Did you click on this and it told you to download VirusBurst ?
>>
>> We need to get all the facts straight. It sounds like you are infected
>> with a FakeAlert type Trojan and it is telling you to download a Rogue
>> anti virus application. Indications are that VirusBurst is a Rogue anti
>> malware utility and if yes, then it is malware and the Question Mark on
>> the PC was a con job to get you to download malware and then have you pay
>> for it !
>>
>> This certainly smells of a SmitFarud Trojand type situation !
>>
>> Please provide the facts ASAP !
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> http://www.ik-cs.com/got-a-virus.htm

Top

Re: says i have a virus, but cant get rid of it. by Pandaman

Pandaman
Mon Sep 11 03:53:02 CDT 2006

My reply is at the bottom of your message :


"dazed and confused." wrote:

> Hi David, the icon is down where the time is, its a little question mark with
> a circle around it, it also flashes a red circle with a line through it. i
> did try to download the virusburst thing with no luck, i'm running a securtiy
> monitor and it says that im fine with a couple of glitches. i'm not sure what
> to do.
>


Hi . I am not David but will try to help . Your computer is infected . In no
case download and install anything it says . Perform carefully the
instructions here
http://pandaman.my.contact.bg
to check for and eliminated all the malicious software you have on your
computer .

After that , learn how to protect your computer again in my site ! Good luck


--
Panda_man
Bronze level Contributor
Top

Re: says i have a virus, but cant get rid of it. by David

David
Mon Sep 11 16:02:57 CDT 2006

From: "dazed and confused." <dazedandconfused@discussions.microsoft.com>

| Hi David, the icon is down where the time is, its a little question mark with
| a circle around it, it also flashes a red circle with a line through it. i
| did try to download the virusburst thing with no luck, i'm running a securtiy
| monitor and it says that im fine with a couple of glitches. i'm not sure what
| to do.
|
|

You did NOT fully answer my questions...
"Did you click on this and it told you to download VirusBurst ?"



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

Part 1
-----------

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Top

Re: says i have a virus, but cant get rid of it. by karl

karl
Tue Sep 12 07:51:33 CDT 2006


"dazed and confused." <dazedandconfused@discussions.microsoft.com> wrote in
message news:E44EE57B-464C-4D91-9A15-98465E0FB7B4@microsoft.com...
> Hi David, the icon is down where the time is, its a little question mark
> with
> a circle around it, it also flashes a red circle with a line through it.
> i
> did try to download the virusburst thing with no luck, i'm running a
> securtiy
> monitor and it says that im fine with a couple of glitches. i'm not sure
> what
> to do.

http://free.grisoft.com is free antivirus, I recommend it. I've never heard
of the product you're talking about, nor would I trust it.

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info


Top

Re: says i have a virus, but cant get rid of it. by PA

PA
Tue Sep 12 14:19:29 CDT 2006

karl levinson, mvp wrote:
> "dazed and confused." <dazedandconfused@discussions.microsoft.com> wrote
> in
> message news:E44EE57B-464C-4D91-9A15-98465E0FB7B4@microsoft.com...
>> Hi David, the icon is down where the time is, its a little question mark
>> with
>> a circle around it, it also flashes a red circle with a line through it.
>> i
>> did try to download the virusburst thing with no luck, i'm running a
>> securtiy
>> monitor and it says that im fine with a couple of glitches. i'm not sure
>> what
>> to do.
>
> http://free.grisoft.com is free antivirus, I recommend it. I've never
> heard
> of the product you're talking about, nor would I trust it.

VirusBurst = SpywareQuake = smitFraud (AKA Zlob), Karl. <w>
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Security, Shell/User)

Top

Re: says i have a virus, but cant get rid of it. by David

David
Tue Sep 12 17:10:55 CDT 2006

From: "PA Bear" <PABearMVP@gmail.com>


|
| VirusBurst = SpywareQuake = smitFraud (AKA Zlob), Karl. <w>

That's what it looks like. A new SmitFraud using a FakeAlert Trojan.

However, it is NOT a ZLob associate, actually more like a Rival.
http://www.virusburst.com/

If you look at the page it specifically says...
Latest threats
09-07 Lootseek.JJ
09-06 Rizalof.HT
09-06 ZCodec
09-05 Clagge.B
09-03 Downloader.KCC


The ZCodec is a ZLob Trojan and it is assumed it may remove the ZLob to gain "legitimacy".
{ ROFLOL }

http://www.symantec.com/en/uk/small_business/security_response/writeup.jsp?docid=2006-090516-0204-99

I do NOT see an update for it on SpyWare Warrior but I expect an update on the site real
soon :-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Top

Re: says i have a virus, but cant get rid of it. by PA

PA
Wed Sep 13 02:11:44 CDT 2006

David H. Lipman wrote:
<snip>
> I do NOT see an update for it on SpyWare Warrior but I expect an update on
> the site real soon :-)

<QP>
SmitFraudFix v2.87 (WinXP, Win2K)

Changelog:
Version 2.87 (September 10, 2006)

%DESKTOP%\Virus-Burst.lnk
%STARTMENU%\Virus-Burst 6.1.lnk
%STARTMENU%\Programs\Virus-Burst\
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick
Launch\Virus-Burst 6.1.lnk
%PROGRAMFILES%\Virus-Burst\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}]
(same as VirusBurst)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{016859C2-97B6-45FC-816B-A3B91BA10A0F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03713ADE-819C-43D9-B138-67828D4C0405}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BDF8F38-347C-4810-BDA6-2F85C1050B26}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18A1A6BB-8AE3-47E3-B9D4-75ABFE0CAC03}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D1254A1-4A1A-4339-9DE5-D05CADD5C44C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F34C08C-E0AF-4EB2-AFCF-3A13DC489FA6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49D486E8-1932-492D-B1BD-B4D638BEBD84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49E2EB9D-A5E6-450E-9708-251876BF3E7F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C625EA-B8E3-4FC1-9F6E-8A1B50AA9C8C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F821290-E277-4F87-B4BD-AE48564EF21D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA6B541-EB04-44C9-9156-9573DB5345A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8718256-70C8-4914-8F64-B8B9C1A64AAA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3A42538-303B-4541-915D-C79AD9C75EB8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C48AE974-0D27-47D6-A3E9-881CF3301F72}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA02B168-8841-4248-BF22-67E2EC5958C3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E505FB9B-6CB3-44C5-9F0E-B01121076CC9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00B3D2B1-1EAD-4611-A348-9ECBC4C565A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Paths\Virus-Burst.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Burst]
(Uninstaller = %PROGRAMFILES%\Virus-Burst\uninst.exe)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent] (same as VirusBurst,
SpywareQuake...)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Licenses] (same as SpyFalcon, SpywareQuake...)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Burst]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Virus-Burst"="C:\Program Files\Virus-Burst\Virus-Burst.exe /h"
</QP>
Source: http://siri.urz.free.fr/Fix/ChangeLog.php
--
~Robear

Top

Re: says i have a virus, but cant get rid of it. by David

David
Wed Sep 13 15:52:43 CDT 2006

From: "PA Bear" <PABearMVP@gmail.com>

| David H. Lipman wrote:
| <snip>
>> I do NOT see an update for it on SpyWare Warrior but I expect an update on
>> the site real soon :-)
|
| <QP>
| SmitFraudFix v2.87 (WinXP, Win2K)
|
| Changelog:
| Version 2.87 (September 10, 2006)
|
| %DESKTOP%\Virus-Burst.lnk
| %STARTMENU%\Virus-Burst 6.1.lnk
| %STARTMENU%\Programs\Virus-Burst\
| %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick
| Launch\Virus-Burst 6.1.lnk
| %PROGRAMFILES%\Virus-Burst\
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}]
| (same as VirusBurst)
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{016859C2-97B6-45FC-816B-A3B91BA10A0F}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03713ADE-819C-43D9-B138-67828D4C0405}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BDF8F38-347C-4810-BDA6-2F85C1050B26}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18A1A6BB-8AE3-47E3-B9D4-75ABFE0CAC03}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D1254A1-4A1A-4339-9DE5-D05CADD5C44C}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F34C08C-E0AF-4EB2-AFCF-3A13DC489FA6}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49D486E8-1932-492D-B1BD-B4D638BEBD84}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49E2EB9D-A5E6-450E-9708-251876BF3E7F}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C625EA-B8E3-4FC1-9F6E-8A1B50AA9C8C}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F821290-E277-4F87-B4BD-AE48564EF21D}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA6B541-EB04-44C9-9156-9573DB5345A5}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8718256-70C8-4914-8F64-B8B9C1A64AAA}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3A42538-303B-4541-915D-C79AD9C75EB8}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C48AE974-0D27-47D6-A3E9-881CF3301F72}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA02B168-8841-4248-BF22-67E2EC5958C3}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E505FB9B-6CB3-44C5-9F0E-B01121076CC9}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00B3D2B1-1EAD-4611-A348-9ECBC4C565A7}]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
| Paths\Virus-Burst.exe]
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Burst]
| (Uninstaller = %PROGRAMFILES%\Virus-Burst\uninst.exe)
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent] (same as VirusBurst,
| SpywareQuake...)
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Licenses] (same as SpyFalcon, SpywareQuake...)
| [-HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Burst]
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
| "Virus-Burst"="C:\Program Files\Virus-Burst\Virus-Burst.exe /h"
| </QP>
| Source: http://siri.urz.free.fr/Fix/ChangeLog.php

S!Ri is is on the ball !


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Top