"Infiltration Alert"- Odd Trojan Attack

Arez · ‎06-21-2010

Oddly enough I recieved the same virus tonight. ABout an hour ago. I could really use some help with this.

These are the issues...

- I keep recieving pop-ups for "Anti-virus software alerts" - obvioulsy I know this is part of the virus, so i just X out of it.It says "Infiltration Alert" - Your computer is being attacked by an internet virus, It could be a password stealing attack, a trojan - dropper or siilar. Details:

Attack from 82.86.199.117, port 18130

Attacked port: 3445

Threat: Win32/Nuqel,E

- A program called "AV Securiy Suite" is installed in my bottom tool-bar. It doesnt close.

- The virus is not allowing me to open windows task manager, and many other programs/folders.

- I am currently running Norton 360 Full scan, I have my network disabled, and also a downloaded symantec Trojan remover - I have no clue if this will help...

The pop-ups keep getting worse. i could really use some help with this, hopefully it's not going to happen to many 360 users...What shoud we do?

<<Edit: Subject edited to reflect the issue for the moved post>>

mdturner · ‎04-11-2008

Arez wrote:
Oddly enough I recieved the same virus tonight. ABout an hour ago. I could really use some help with this.

These are the issues...

- I keep recieving pop-ups for "Anti-virus software alerts" - obvioulsy I know this is part of the virus, so i just X out of it.It says "Infiltration Alert" - Your computer is being attacked by an internet virus, It could be a password stealing attack, a trojan - dropper or siilar. Details:
Attack from 82.86.199.117, port 18130
Attacked port: 3445
Threat: Win32/Nuqel,E
- A program called "AV Securiy Suite" is installed in my bottom tool-bar. It doesnt close.
- The virus is not allowing me to open windows task manager, and many other programs/folders.
- I am currently running Norton 360 Full scan, I have my network disabled, and also a downloaded symantec Trojan remover - I have no clue if this will help...

The pop-ups keep getting worse. i could really use some help with this, hopefully it's not going to happen to many 360 users...What shoud we do?

Hi Arez

Welcome to the Norton Community Forums

Here is a link to a Bleeping Computer article detailing how to remove the malware from your system.

http://www.bleepingcomputer.com/virus-removal/remove-av-security-suite

You would be better registering with them at www.bleepingcomputer.com to get their assistance with removing this from your system.

I will ask a moderator to move your post to its own thread.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Arez · ‎06-21-2010

Thanks for the reply. I saw this site previous to my message on the forum. Unfortunately, when I read through the site, followed the appropiate steps, and it still will not let me run the malware program. This is very frustrating...

mdturner · ‎04-11-2008

Arez wrote:
Thanks for the reply. I saw this site previous to my message on the forum. Unfortunately, when I read through the site, followed the appropiate steps, and it still will not let me run the malware program. This is very frustrating...

Hi Arez

You should register with Bleeping Computer and have them help you to remove this malware from your system.

Put AV Security Suite in the subject line of your first post to them.

www.bleepingcomputer.com

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

yogesh_mohan · ‎07-29-2008

Try Norton Power Eraser tool mentioned in this page:

http://www.symantec.com/norton/support/DIY/index.j sp

Check whether the scans detect any threats and let us know the results.

Yogesh

hulatexas · ‎07-05-2010

I had the AV security suite trojan. I couldn't open task manager, Norton, any browser, nothing. I ended up starting the computer in safemode, and running Norton 360, which didn't detect anything. I found a strange folder in "documentandsettings/User/localsettings/application/data" folder and trashed it. Restarted the computer and that kept the popups from happening and it let me open Norton, Firefox. I knew by Google that this didn't get rid of it.
I ended up downloading a free spyware/ malware program from CNET, which is a Norton Trusted site. It is called Malwarebytes. Not only did it get rid of all the remnants AV security trojan, but also I had the remnants KOOBFACE.32 worm, which it got rid of.
The KOOBFACE worm like the AV trojan, I got rid of the file to keep it from sending out emails with a link to a malicious website to my friend's. Norton couldn't detect that, either.

If you can't find a suspicious folder, start you computer in safemode with networking, and download the Malwarebytes. Run it and restart your computer normal.
So now the question is will I renew Norton?....Hmmmm.

Here is a partial look at the log of what was detected and deleted:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

this didn't include what was in the folders on the hard drive.

floplot · ‎04-11-2009

Hello hulatexas

Welcome to the Norton Users Discussion Forum

Unfortunately, malware is an ever changing thing. If you would have come here, many of us would have recommended the free version of Malwarebytes also as a good 2nd on demand scanner. It's good at catching what your Norton product may miss, but it is not an antivirus or firewall program. No one antivirus program is going to be able to catch every thing all the time.. We also have a new tool called Power Eraser Tool which may also be able to clean up these types of infections, but it is a tool that should be used with supervision also and used in the normal mode.

Success always occurs in private and failure in full view.

delphinium · ‎11-21-2008

hulatexas and arez:

When you have a popup of this nature, you should not "x" out of it. They are designed in such a way that no matter where you click, it allows the installation of the downloader. Use alt F4 instead. I highly recommend that you still get checked at a free malware removal forum. Bleeping Computer is quite backed up at the moment, but others may have some room.

Frequently, rootkits are also downloaded with this type of malware. Malwarebytes does not identify the TDL3/TDL4 rootkits. Special scans and tools will be needed to find it and deal with it, if you picked it up.

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain