Constant popup security alerts

Win XP Pro - SP3 - Norton360 - Norton firewall enabled - windows firewall disabled and popup alerts disabled in the windows secrity center. 

Getting a popup from Windows Security Center stating the Windows firewall (which is not on) had blocked some features of this program - Win32.Zafi.B.

I do not see in scan results that Norton 360 has ever detected this worm.  Downloaded and ran a Symantec removal tool for it and ran it just incase and it found nothing. 

In the security alert window, Keep blocking and Unblock are greyed out.  The only option is "Enable protection"  The text reads "Click to Download and activate protection".  Perfect Defender 2009 is what it is recommending to download and activate.  Not doing that.

 

First, am I correct that Win32.Zafi.B is not infecting this computer?  That this is a false alert to get you to downoad Perfet Defender.

How do I stop the security center alerts?

 

Thanks for any help.

You have got a Mis-leading Application on your computer, or it could be the recent Trojan discovered as that Displays Fake Security Alerts.

 

Please follow these instructions exactly:

 

01. Download and Install Malwarebytes' Anti-Malware.  Then, Update.   Web Link provided below.

 

02. Re-start in Safe Mode; instructions provided below.

 

03. Make sure you are Dis-connected from the Internet.

 

04. Run a Full Scan with Malwarebytes' Anti-Malware of all Drives.

 

05. Once that Scan is Complete, re-start in to Normal Mode, and do another Full Scan with Malwarebytes of all Drives.  Please do not Connect to the Internet un-til this second Full Scan is Done.

 

06. Report back here and let us know the Results.

 

I would also like to draw your attention to this Thread: http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=31048.

 

 

Malwarebytes' Anti-Malware: http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=contentBody;mostPopTwoColWrap&cdlPid=10997.

 

Starting your Computer in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam.

Message Edited by Floating_Red on 01-24-2009 04:18 PM
Message Edited by Floating_Red on 01-24-2009 04:19 PM

Thank you for the excellent instructions.  Just finished.  The safe mode scan found a file and a registry value and removed both.  The full scan in normal mode found nothing. 

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wclock (Trojan.FakeAlert) -> Quarantined and deleted successfully.Files Infected:

C:\Documents and Settings\XXXXXXXX\Application Data\Google\yfijv17721328.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

You're welcome.  :D

 

Have you still got the Alerts, or are they away?

 

Thank you for Reporting Back.

 

Well done Floating_Red

 

Quads 

Alerts seem to be gone.

Give it until Monday, January 26, 2009, and, if no more Alerts come up, then please Mark which Post was your Solution.  Thanks!

 

Has your Situation Changed from below?

 


Floating_Red wrote:

Give it until Monday, January 26, 2009, and, if no more Alerts come up, then please Mark which Post was your Solution.  Thanks!

 


 

Everything is fine.  Thanks again.  It was nice to be able to come to afriendly and helpful forum.

symantec have got a whip if we're not friendly... :smileysurprised:

 

I have the same problem, pop up warning of worm with the only option to buy the defender 2009 software.

 

But the fix described below didn't work for me, though I followed them to the letter. I'm desperate to get this pop up off my machine, any other suggestions?

 

I downloaded Anti-Malware, updated it, restarted in safe mode, ran both complete and quick scans, but Anti Malware found nothing. I rebooted in normal mode, re ran both scans, but the Malwarebytes scanner still found nothing.

 

Let em know if you have any other ideas to get this thing to go away.

 

many thanks.

That fix didn’t work for me, see my post to the orginal problem, let me know if you have any other ideas, greatly appreciated. THanks.

scribe250,

 

In that case, please use SUPERAntiSpyware and follow the Instrucions on Post 02.

 

Please let me know how you get on!

 

 

SUPERAntiSpyware for Windows: http://www.download.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html?tag=mncol&cdlPid=11002526.

 

Message Edited by Floating_Red on 02-18-2009 11:16 PM
Message Edited by Floating_Red on 02-18-2009 11:16 PM

I actually was successful at removing this thing manually using the information from this thread:

 

http://www.precisesecurity.com/blogs/2008/12/02/perfect-defender-2009/

 

This pop up thing has wreaked havoc across the web, I think it's curious there isn't an official Norton removal tool by now as more and more people get infected.

 

Manual removal requires  a start in safe mode and the deletion of at least six files, but there was no other option for me after both Norton and Malwarebytes Anti-Malware scans found nothing.

 

Thanks for your reply, and best of luck to those who are unlucky enough to get this.