• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Constant WIndows popup security alerts

Last night I evidently got this malware on my machine.  It now constantly popups messages, which have no way to close them (no X, cannot right click and pick close, cannot even MOVE them from where they are on the screen) the only option is to cick upgrade your protection, which then launches an IE window and goes to web sites like porno.org, adult.com, or viagara.com. 

I immediatly disconnected from the internet, and started a Full scan.  I have updated files from about an hour before (last night about 7 pm) and Norton finds NOTHING. 

I am sort of a novice user, I did searvh a lot about this and I see it has been around for a LOOOONG time... I also see downloading MALWARE on another thread... 

Does anyone have any other suggestions on how to claen this up?  I have Vista.

I see that I now have a new user on my maching, that NORTON 360 allowed to be created with new security permissions, called LOVTSYSGUARD.  I also get CONSENT.EXE is infected, along with a lot of other files same message.

I get Windows security alert with ..."Click here for the scan you computer..." popping up all the time.

Your help is much appreciated!!!

nd

Replies

Kudos0

Re: Constant WIndows popup security alerts

Last night I evidently got this malware on my machine.  It now constantly popups messages, which have no way to close them (no X, cannot right click and pick close, cannot even MOVE them from where they are on the screen) the only option is to cick upgrade your protection, which then launches an IE window and goes to web sites like porno.org, adult.com, or viagara.com. 

I immediatly disconnected from the internet, and started a Full scan.  I have updated files from about an hour before (last night about 7 pm) and Norton finds NOTHING. 

I am sort of a novice user, I did searvh a lot about this and I see it has been around for a LOOOONG time... I also see downloading MALWARE on another thread... 

Does anyone have any other suggestions on how to claen this up?  I have Vista.

I see that I now have a new user on my maching, that NORTON 360 allowed to be created with new security permissions, called LOVTSYSGUARD.  I also get CONSENT.EXE is infected, along with a lot of other files same message.

I get Windows security alert with ..."Click here for the scan you computer..." popping up all the time.

Your help is much appreciated!!!

nd

Kudos0

Re: Constant WIndows popup security alerts

nd_junk

Are you able to open task manager?  There may be a process that you can disable to stop the malware's activity.  Try to download and install Malwarebytes to see if it will install and if it finds and removes the problem.  You can also try Superantispyware.

http://www.filehippo.com/download_malwarebytes_anti_malware/


http://www.superantispyware.com/portablescanner.html

 

Any time you find yourself with a popup on a website, NEVER click to close it.  Those kinds of popups are designed so that if you click on it anywhere, it loads it into your machine.  Once in, it stops the antivirus from working properly.

 

You will be able to post the logs by saving them to Notepad and attaching them using the attachments link below.

 

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Constant WIndows popup security alerts

delphinium, thanks for the reply.

1. I am not able to open task manager.  I get a file is corrupted.

2.  Any suggestions on what to do when you cannot close the window?   There is no X in the corner, when I right click on the minimized window on the bar, the only option is move, and when it is active ALT + F4 does not work.   Should I shut down my PC ?  Other options I am not aware of?

3. I donwloaded Malwarebytes and will install tonight and see if that removes it.  What I am worried about is the new user on the machine, with the new permissions that were set.  I could not get into manage my computer, to see the security alerts... like I say I am not all that experienced in this.   Should I hard shut down the PC, and restart in safe mode, install Malwarebytes, scan, reboot in regular mode, rescan...

Anything else I should be aware of?   One thing, I set up my Vista like MS suggested (and have been hating it ever since) with an Admin user (that I normally do not use except to install progs) and a normal user, which I was logged in as when I picked this up.  The virus totally bypassed the security and installed itself without asking for the admin password.  Weird, when to even delete shortcuts off the desktop I need to use the admin password!!!!

Thanks,

nd

Kudos0

Re: Constant WIndows popup security alerts

Hi junk

Before you scan with malwarebytes, don't forget to update it. You will have to see if the malware will let you run the program. If you can't do it in regular mode, then try safe mode., Please make sure though that it is the free version and that you do a full scan. Please post the log here if you are able to do the scan.

When you get a popup rogue type of malware, the best thing to do is to shut down the computer the fastest way possible without trying to close up or touch that rogue malware.

Success always occurs in private and failure in full view.
Kudos0

Re: Constant WIndows popup security alerts


nd_junk wrote:

OP:

I am sort of a novice user, I did searvh a lot about this and I see it has been around for a LOOOONG time... I also see downloading MALWARE on another thread

What malware did you discover that's been around for 'a LOOOONG time'?

Next post:

1. I am not able to open task manager.  I get a file is corrupted.

...

Anything else I should be aware of?   One thing, I set up my Vista like MS suggested (and have been hating it ever since) with an Admin user (that I normally do not use except to install progs) and a normal user, which I was logged in as when I picked this up.  The virus totally bypassed the security and installed itself without asking for the admin password.  Weird, when to even delete shortcuts off the desktop I need to use the admin password!!!!


See comment above.

I just tried to delete Task Manager as a Standard User. Vista UAC asked for an Admin password. Vista says it's not happening, unless I give the Admin password...

You say:

"One thing, I set up my Vista like MS suggested (and have been hating it ever since) with an Admin user (that I normally do not use except to install progs) and a normal user, which I was logged in as when I picked this up. "

Hate and UAC don't mix. Any chance that you've accidentally decided 'whatever' and OK'd a UAC prompt that you shoudn't have? Normal or 'Standard' users usually require the entry of an Admin password before systemic changes are made.

Kudos0

Re: Constant WIndows popup security alerts

In C:\Program Files  you could have a Folder called 'Sysguard'.

If so, this could be the cause. your problems sound similar to what this would cause.

If so, you will also have have some rogue registry attached to your m/c.

Run 'Malwarebytes as suggested above, to see if it finds anything like this.

Kudos0

Re: Constant WIndows popup security alerts

Thanks for the reply. 

What malware did you discover that's been around for 'a LOOOONG time'?

So just searching, I am getting the exact error:  "click here for the scan you computer" that I am getting since yesterday, this is just the first three.  These are almost a year old.... While I do recognize they may be not EXACTLY the same virus, they all have amazing similiarities, and put the same error message on the fake "Windows Security alert" pupup box. 

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-system-pro  June  2009

http://forums.pcpitstop.com/lofiversion/index.php/t165730.html Feb 2009

http://news.cnet.com/conficker-also-installs-fake-antivirus-software/ April 2009

Also, when I looked for security programs, here is what the North page has to say:

Why Choose Norton 360™?

  • Protects your PC, online activities and your identity 24/7 – Delivers award-winning protection against viruses, spyware, worms, phishing, hackers, and more in one complete, fully automated solution.

And all of the research I have done, including on these Norton forums, points me to MALWAREBYTES to remove these malware programs.     If something (or something vewry similiar!) has been around for over a year I guess I kind of expect Norton 360 to protect against it.

Anyways... here are the logs. 

What I did was start in safe mode with networking. Installed MWB, ran it (first time without updating as I could not get my cell card to work) it found nothing.  Update it, scanned again, found nothing. 

ANy thoughts you have are MUCH APPRECIATED!

Also, just to be clear, Task Manager is not deleted, It just does not start.

Kudos0

Re: Constant WIndows popup security alerts

Here are the logs, the first one from the original scan, and the second one from the scan performed after I was able to update the software..

Thanks for all your suggetions, I really appreciate it!

nd

Kudos0

Re: Constant WIndows popup security alerts

MBAM may not work in Safe Mode because the "Alert" cannot ping to its host, therefore MBAM cannot detect it and remove it.

Try running MBAM in normal Windows conditions, and this should be picked up by MBAM which can then remove it.

If not, try looking around for some removers approved by Symantec or another AntiVirus company

Kind Regards

Dazza

Kudos0

Re: Constant WIndows popup security alerts

Hey all,

Over the past week, I have been starting my computer each day in regular mode, updating NORTON 360, performing a complete scan, then updating MALWAREBYTES, and doing another complete scan.  Both programs find nothing. 

I have a hard time believing it just went away...  any thoughts?  I can post logs, current versions, etc.  I have not been getting any of the popup windows, since that first day or so.  

I see in the Norton log, that some new user gained access and was granted security items, but when I look at the normal Windows Users, I do not see it.   I am very new to Manage My Computer... if anyone has any suggestions or advice I would appreciate it.  I can get there, and look through the items, but for a lot of things I am not sure what I am looking at or how to interpret what I see.  

I would much appreciate anything or any suggestions anyone has.. I will look for that folder tonight.


Thanks

ND

Kudos0

Re: Constant WIndows popup security alerts

I do not have any sysguard folder.

I am running again, updating Norton 360, doing a full scan, updating malearebytes, and doing a full scan.  I will post he results.

thanks!

nd

Kudos0

Re: Constant WIndows popup security alerts


nd_junk wrote:

I do not have any sysguard folder.

I am running again, updating Norton 360, doing a full scan, updating malearebytes, and doing a full scan.  I will post he results.

thanks!

nd


That's because people are giving you old info on file names and folders, Your First post does tell me the Rogue you have.

I would say by now Malwarebytes Fully up to date should remove it,  I used Hijackthis to break it first for a poster on this Forum.

But others have just not clicked.

Quads 

Kudos0

Re: Constant WIndows popup security alerts

I went back to the 25th os jan, and found the followin information in my security history.  Can you tell me what they are?

1/25/10 10:4426 PM Autoptotect has decected Trojan Pidief.D - Blocked

1/25/10 10:45:12 PM qyqaaa made three modificaitons to your system cofiguration-  Detected

1/25/10 10:45:35 pm lovtsysguard.exe accessed your system resources- Detected

1/25/10 10:45:35 pm an instance of "C:..... local\khukdj\lovtsysguard/exe" is preparing to access the internet- Detected

1/25/10 10:45:36 pm You allowed lovtsysguard to access your network resources - Allowed

1/25/10 10:45:39 pm You allowed lovtsysguard to access your network resources - Allowed

1/25/10 11:03:12 pm You allowed lovtsysguard to access your network resources - Allowed


And then at 11:14pm all the crap hit the fan.

Does anyone have any ideas on what this is?  Also, how do I tell Norton to NOT ALLOW these things to

1. Make changes to my system configuration,

2. Access my network resources

Please help!!!

nd

Kudos0

Re: Constant WIndows popup security alerts

Yes, The other thread where I broke one Rogues hold with Hijackthis here

http://community.norton.com/t5/Norton-360/New-Antivirus-Soft/m-p/200372/highlight/true#M26545

Quads

Kudos0

Re: Constant WIndows popup security alerts

I just notices something else, 1/25/2010 1115pm UNauthorised Access legged (Access Process Data)

Actor:c:...... khukdj\lovtsysguard.ect

Actor PID 2908

Target: c:\program files\Norton 360\Engine\3.5.2.11\uiStub.exe

Target PID: 5028

Action: Access Process Data

Reaction: Unauthorised acess logged

Terminal Session: 1

recommended Action: No Action required

reading this I wonder why is unauthorised access was deteceted WHY WOULD I NOT WANT TO TAKE ANY ACTION???   Plese, Please Please hELP!

nd

Kudos0

Re: Constant WIndows popup security alerts

I ran the Hijack This software, and nothing seems to be really weird... not hijack entries, only R1, R0, o1, o2, o3, o4, o8, o9, 013, o16, o18, o23,  items.

Please does anyone have any other ideas? 

nd

Kudos0

Re: Constant WIndows popup security alerts

Well where is the log, Most people won't know what entry is what.

Quads

Kudos0

Re: Constant WIndows popup security alerts

I am waiting for the log, I can't do anything when I am not given anything.

Quads

Kudos0

Re: Constant WIndows popup security alerts

Sorry for the dealy, attached is the log, and thanks in your advance for your help!

nd

File Attachment: 
Kudos0

Re: Constant WIndows popup security alerts

The Rogue "Antivirus Soft" group is no longer running or set to run on startup in the PC,

We are talking about old dates with the .exe in question, and You have been able to run an up to date Malwarebytes which does have the detections in the definitions.

So either Norton or Malwarebytes removed the files and registry entries  (or combination of both programs).

Quads 

Kudos0

Re: Constant WIndows popup security alerts

I got the ave.exe fake virus alert lastnight,and bleepingcomputer fixed it.Why didnt Norton catch this in the begining?

Kudos1

Re: Constant WIndows popup security alerts


solwinter wrote:

I got the ave.exe fake virus alert lastnight,and bleepingcomputer fixed it.Why didnt Norton catch this in the begining?


All the different variations of the "Antivirus2010" Family, plus the fact new "av.exe" s are always out there,

The detections for them with Norton 

"Antivirus2010"

"Trojan.FakeAV!gen**" like say one of the "av.exe" s detected as "Trojan.FakeAV!gen21"

"Packed.Generic.290"

http://www.virustotal.com/analisis/5718fbc076754b2e01ceded6a132068ff6af9daf98cbb15cd5107881abff325b-126884

Over the weekend Symantec released a fix for "Antivirus.2010" to do with the registry entries and are investigating / looking into the same fix being added to "Trojan.FakeAV!gen**" and "Packed Generic.290".

They should be well and truly added to Norton by Now.

http://community.norton.com/t5/Norton-360/Just-switched-from-McAfee-and/m-p/212596#M29478

I would say that new "av.exe" are still out there for this family.

Quads

Kudos0

Re: Constant WIndows popup security alerts

Hello

Maybe that is what is holding up the release of antivirus definitions for almost a day and a half now.

Success always occurs in private and failure in full view.
Kudos0

Re: Constant WIndows popup security alerts

I doubt it, Symantec can keep releasing up dates and when a change is done for a specific detection name, that just gets released downloaded via LU when ready.

Quads

Replies are locked for this thread.