Not what you were looking for? Ask our experts!
Reply
Contributor
nd_junk
Posts: 11
Registered: ‎01-26-2010
Accepted Solution

Constant WIndows popup security alerts

Last night I evidently got this malware on my machine.  It now constantly popups messages, which have no way to close them (no X, cannot right click and pick close, cannot even MOVE them from where they are on the screen) the only option is to cick upgrade your protection, which then launches an IE window and goes to web sites like porno.org, adult.com, or viagara.com. 

 

I immediatly disconnected from the internet, and started a Full scan.  I have updated files from about an hour before (last night about 7 pm) and Norton finds NOTHING. 

 

I am sort of a novice user, I did searvh a lot about this and I see it has been around for a LOOOONG time... I also see downloading MALWARE on another thread... 

 

Does anyone have any other suggestions on how to claen this up?  I have Vista.

 

I see that I now have a new user on my maching, that NORTON 360 allowed to be created with new security permissions, called LOVTSYSGUARD.  I also get CONSENT.EXE is infected, along with a lot of other files same message.

 

I get Windows security alert with ..."Click here for the scan you computer..." popping up all the time.

 

Your help is much appreciated!!!

 

nd

 

 

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Constant WIndows popup security alerts

nd_junk

Are you able to open task manager?  There may be a process that you can disable to stop the malware's activity.  Try to download and install Malwarebytes to see if it will install and if it finds and removes the problem.  You can also try Superantispyware.

http://www.filehippo.com/download_malwarebytes_anti_malware/

 

 

 

 


http://www.superantispyware.com/portablescanner.html

 

Any time you find yourself with a popup on a website, NEVER click to close it.  Those kinds of popups are designed so that if you click on it anywhere, it loads it into your machine.  Once in, it stops the antivirus from working properly.

 

You will be able to post the logs by saving them to Notepad and attaching them using the attachments link below.

 

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Contributor
nd_junk
Posts: 11
Registered: ‎01-26-2010

Re: Constant WIndows popup security alerts

delphinium, thanks for the reply.

 

1. I am not able to open task manager.  I get a file is corrupted.

 

2.  Any suggestions on what to do when you cannot close the window?   There is no X in the corner, when I right click on the minimized window on the bar, the only option is move, and when it is active ALT + F4 does not work.   Should I shut down my PC ?  Other options I am not aware of?

 

3. I donwloaded Malwarebytes and will install tonight and see if that removes it.  What I am worried about is the new user on the machine, with the new permissions that were set.  I could not get into manage my computer, to see the security alerts... like I say I am not all that experienced in this.   Should I hard shut down the PC, and restart in safe mode, install Malwarebytes, scan, reboot in regular mode, rescan...

 

Anything else I should be aware of?   One thing, I set up my Vista like MS suggested (and have been hating it ever since) with an Admin user (that I normally do not use except to install progs) and a normal user, which I was logged in as when I picked this up.  The virus totally bypassed the security and installed itself without asking for the admin password.  Weird, when to even delete shortcuts off the desktop I need to use the admin password!!!!

 

Thanks,

nd

floplot
Posts: 10,576
Topics: 215
Kudos: 2,051
Solutions: 365
Registered: ‎04-11-2009

Re: Constant WIndows popup security alerts

Hi junk

 

Before you scan with malwarebytes, don't forget to update it. You will have to see if the malware will let you run the program. If you can't do it in regular mode, then try safe mode., Please make sure though that it is the free version and that you do a full scan. Please post the log here if you are able to do the scan.

 

When you get a popup rogue type of malware, the best thing to do is to shut down the computer the fastest way possible without trying to close up or touch that rogue malware.

Success always occurs in private and failure in full view.




Rootkit Eradicator
elsewhere
Posts: 1,410
Registered: ‎05-30-2009

Re: Constant WIndows popup security alerts


nd_junk wrote:

 

OP:

I am sort of a novice user, I did searvh a lot about this and I see it has been around for a LOOOONG time... I also see downloading MALWARE on another thread

 

What malware did you discover that's been around for 'a LOOOONG time'?

 

Next post:

 

1. I am not able to open task manager.  I get a file is corrupted.

 

...

 

Anything else I should be aware of?   One thing, I set up my Vista like MS suggested (and have been hating it ever since) with an Admin user (that I normally do not use except to install progs) and a normal user, which I was logged in as when I picked this up.  The virus totally bypassed the security and installed itself without asking for the admin password.  Weird, when to even delete shortcuts off the desktop I need to use the admin password!!!!

 


See comment above.

 

I just tried to delete Task Manager as a Standard User. Vista UAC asked for an Admin password. Vista says it's not happening, unless I give the Admin password...

 

You say:

 

"One thing, I set up my Vista like MS suggested (and have been hating it ever since) with an Admin user (that I normally do not use except to install progs) and a normal user, which I was logged in as when I picked this up. "

 

Hate and UAC don't mix. Any chance that you've accidentally decided 'whatever' and OK'd a UAC prompt that you shoudn't have? Normal or 'Standard' users usually require the entry of an Admin password before systemic changes are made.

 

 

 

 

 

 

 

Super Spam Squasher
boneidle
Posts: 908
Registered: ‎05-09-2009

Re: Constant WIndows popup security alerts

In C:\Program Files  you could have a Folder called 'Sysguard'.

If so, this could be the cause. your problems sound similar to what this would cause.

If so, you will also have have some rogue registry attached to your m/c.

 

Run 'Malwarebytes as suggested above, to see if it finds anything like this.

 

Contributor
nd_junk
Posts: 11
Registered: ‎01-26-2010

Re: Constant WIndows popup security alerts

Thanks for the reply. 

What malware did you discover that's been around for 'a LOOOONG time'?

So just searching, I am getting the exact error:  "click here for the scan you computer" that I am getting since yesterday, this is just the first three.  These are almost a year old.... While I do recognize they may be not EXACTLY the same virus, they all have amazing similiarities, and put the same error message on the fake "Windows Security alert" pupup box. 

 

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-system-pro  June  2009

 

http://forums.pcpitstop.com/lofiversion/index.php/t165730.html Feb 2009

 

http://news.cnet.com/conficker-also-installs-fake-antivirus-software/ April 2009

 

Also, when I looked for security programs, here is what the North page has to say:

Why Choose Norton 360™?

  • Protects your PC, online activities and your identity 24/7 – Delivers award-winning protection against viruses, spyware, worms, phishing, hackers, and more in one complete, fully automated solution.

 

And all of the research I have done, including on these Norton forums, points me to MALWAREBYTES to remove these malware programs.     If something (or something vewry similiar!) has been around for over a year I guess I kind of expect Norton 360 to protect against it.

 

Anyways... here are the logs. 

 

What I did was start in safe mode with networking. Installed MWB, ran it (first time without updating as I could not get my cell card to work) it found nothing.  Update it, scanned again, found nothing. 

 

ANy thoughts you have are MUCH APPRECIATED!

 

Also, just to be clear, Task Manager is not deleted, It just does not start.

 

 

 

Contributor
nd_junk
Posts: 11
Registered: ‎01-26-2010

Re: Constant WIndows popup security alerts

Here are the logs, the first one from the original scan, and the second one from the scan performed after I was able to update the software..

 

Thanks for all your suggetions, I really appreciate it!

 

nd

Contributor
dazza-n360
Posts: 22
Registered: ‎10-26-2009

Re: Constant WIndows popup security alerts

MBAM may not work in Safe Mode because the "Alert" cannot ping to its host, therefore MBAM cannot detect it and remove it.

 

Try running MBAM in normal Windows conditions, and this should be picked up by MBAM which can then remove it.

 

If not, try looking around for some removers approved by Symantec or another AntiVirus company

 

Kind Regards

Dazza

Contributor
nd_junk
Posts: 11
Registered: ‎01-26-2010

Re: Constant WIndows popup security alerts

Hey all,

 

Over the past week, I have been starting my computer each day in regular mode, updating NORTON 360, performing a complete scan, then updating MALWAREBYTES, and doing another complete scan.  Both programs find nothing. 

 

I have a hard time believing it just went away...  any thoughts?  I can post logs, current versions, etc.  I have not been getting any of the popup windows, since that first day or so.  

 

I see in the Norton log, that some new user gained access and was granted security items, but when I look at the normal Windows Users, I do not see it.   I am very new to Manage My Computer... if anyone has any suggestions or advice I would appreciate it.  I can get there, and look through the items, but for a lot of things I am not sure what I am looking at or how to interpret what I see.  

 

I would much appreciate anything or any suggestions anyone has.. I will look for that folder tonight.


Thanks

ND