Odd message window

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

A few hours ago I was working at my computer (Toshiba laptop) and I got a
rather odd message window, saying that my computer might be vulnerable to the
mytob virus and that it was recommended that I "DOWNLOAD" (in all caps)
updates, or something to that effect. There was nothing to do but click "OK,"
which I did.

I don't recall ever seeing a window pop up a propos of nothing like this,
then warn me about a security problem without offering me any options to
actually do anything about it. Should I be concerned that this is itself a
sign of some sort of virus activity, or is this more normal than I thought?
 
KTP said:
A few hours ago I was working at my computer (Toshiba laptop) and I
got a rather odd message window, saying that my computer might be
vulnerable to the mytob virus and that it was recommended that I
"DOWNLOAD" (in all caps) updates, or something to that effect. There
was nothing to do but click "OK," which I did.

I don't recall ever seeing a window pop up a propos of nothing like
this, then warn me about a security problem without offering me any
options to actually do anything about it. Should I be concerned that
this is itself a sign of some sort of virus activity, or is this more
normal than I thought?
Click to expand...

The message did not come from Windows. It came from malware that is
trying to trick you into purchasing one of the many rogue
antivirus/spyware programs.

Start by doing the normal troubleshooting for malware per:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Make sure you do the preparatory work. If after doing the general work
you are still getting the popups, post back with the *exact* text of
the popups.

Malke
 
Thanks. The thing is, it only happened once, and the window didn't seem to
offer any kind of link to a site to purchase software or otherwise rip me off
somehow.

Is this type of malware going to cause me any other kinds of trouble, i.e.
sending out e-mails under my name, or attaching itself to e-mails that I send
out?

Thanks again for your help.
 
KTP said:
Thanks. The thing is, it only happened once, and the window didn't
seem to offer any kind of link to a site to purchase software or
otherwise rip me off somehow.

Is this type of malware going to cause me any other kinds of trouble,
i.e. sending out e-mails under my name, or attaching itself to e-mails
that I send out?
Click to expand...

I can't answer your question because I don't know what malware (if any)
your computer has. Go through the preparatory steps (which are just
good housekeeping) and at least scans with Ad-aware and Spybot Search &
Destroy. See what they turn up.

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
 
Thanks. I still seem to be having some sort of problem, though -- today I got
two message windows and one browser pop-up in quick succession, all trying to
get me to download something called DriveCleaner. The browser window was
trying to direct me to the address
http://drivecleaner.com/.freeware/download2.php?resize=1&ad=1cdm_us_en_exit&link=system&aff=,
and some sort of ActiveX process was blocked as this was going on. Then, a
few minutes later I got a message window that said, "There is a security
vulnerability from the Backtera Virus. We recommend you DOWNLOAD one of the
security software programs to prevent malware infections."

To review, here's what I've done since my original inquiry here:

Ran Spybot in regular mode -- 9 problems fixed. Also ran CCleaner, and
cleaned thoroughly enough that it actually screwed up my Internet connection.

Downloaded installers for Symantec AntiVirus (a free version via university
server), AdAware, and Spybot on my Mac, then transferred them to a jump drive.

Uninstalled Norton Internet Security, installed Symantec AntiVirus and
AdAware. Updated Spybot (since I already had it).

Went to Safe Mode and ran all three. SAV found nothing. Spybot found nothing
new since the scan in regular mode. AdAware found and quarantined 6 problems.

I assumed that was the end of it until today. Following the latest incident,
I uninstalled Spybot and performed a fresh installation from the jump drive,
then again updated it. Ran SAV, Spybot, and AdAware in Safe Mode, and none of
them found anything. Also ran CCleaner in Safe Mode and deleted 17 files that
I found by "scanning for issues."

The only part of your instructions I didn't follow pretty closely was
updating the security software on a different computer as well -- since my
other computer is a Mac, all I could do was download the installers. Also, it
occurs to me that when I uninstalled Norton Internet Security, I used
CCleaner. I assumed that the files previously quarantined by NIS would be
deleted, but is it possible that those viruses were somehow "let loose" in
the process and were not found by SAV later?

Any further advice would be much appreciated -- I'm kind of stumped at this
point.
 
KTP wrote:

See comments inline:
Thanks. I still seem to be having some sort of problem, though --
today I got two message windows and one browser pop-up in quick
succession, all trying to get me to download something called
DriveCleaner. The browser window was trying to direct me to the
address
hxxp://drivecleaner.xxx/
Click to expand...

url munged to prevent some clueless person from clicking on it
and some sort of ActiveX process was blocked as this was going on.
Then, a few minutes later I got a message window that said, "There is
a security vulnerability from the Backtera Virus. We recommend you
DOWNLOAD one of the security software programs to prevent malware
infections."
Click to expand...

This is one of those rogue sites that is trying to lure you into buying
their useless product - which will probably install more malware onto
your computer. I went to the site and it told me how Vulnerable!!! my
computer is, which is nonsense since I'm not even running Windows.
To review, here's what I've done since my original inquiry here:

Ran Spybot in regular mode -- 9 problems fixed. Also ran CCleaner, and
cleaned thoroughly enough that it actually screwed up my Internet
connection.
Click to expand...

You didn't go through my instructions then because I don't mention
CCleaner. Sorry about your Internet connection but that's what happens
when you just run cleaning programs aggressively without knowing what
you are doing.
Downloaded installers for Symantec AntiVirus (a free version via
university server), AdAware, and Spybot on my Mac, then transferred
them to a jump drive.

Uninstalled Norton Internet Security, installed Symantec AntiVirus and
AdAware. Updated Spybot (since I already had it).
Click to expand...

Why did you uninstall NIS which already included the antivirus? True,
the Corporate version is better but was your NIS outdated -
subscription expired? In any case, NIS/SAV will not remove this type of
malware.
Went to Safe Mode and ran all three. SAV found nothing. Spybot found
nothing new since the scan in regular mode. AdAware found and
quarantined 6 problems.

I assumed that was the end of it until today. Following the latest
incident, I uninstalled Spybot and performed a fresh installation from
the jump drive, then again updated it. Ran SAV, Spybot, and AdAware in
Safe Mode, and none of them found anything. Also ran CCleaner in Safe
Mode and deleted 17 files that I found by "scanning for issues."
Click to expand...

Why did you uninstall Spybot? Can't comment on CCleaner since I don't
use it.
The only part of your instructions I didn't follow pretty closely was
updating the security software on a different computer as well --
since my other computer is a Mac, all I could do was download the
installers.
Click to expand...

This is exactly what you were supposed to do. You download installers
and updates and use them on the infected machine, not the one on which
you download them.
Also, it occurs to me that when I uninstalled Norton
Internet Security, I used CCleaner. I assumed that the files
previously quarantined by NIS would be deleted, but is it possible
that those viruses were somehow "let loose" in the process and were
not found by SAV later?
Click to expand...

Can't comment on NIS or CCleaner since I don't use them. If you didn't
follow the uninstall routine for NIS, all bets are off with what was
left. However, NIS probably wouldn't have picked up this type of
malware anyway.

Go back to my website and reread the instructions for the preparatory
steps. Note that all work is supposed to be done in Safe Mode. Get
Ewido and its full updated database. Install it - in Safe Mode - and
run it in Safe Mode. As noted on my site, after your machine is clean
you can uninstall Ewido.

If running Ewido doesn't help and you continue to get popups, then run
HijackThis and post your log to one of the forums linked on my website
(not here, please).

Naturally, I have assumed that your XP is current with all Service Packs
(SP2 has been out for nearly 2 years now) and Windows Updates.

For your convenience, here is the link again:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
 
You didn't go through my instructions then because I don't mention
CCleaner. Sorry about your Internet connection but that's what happens
when you just run cleaning programs aggressively without knowing what
you are doing.
Click to expand...

I wasn't complaining, just trying to give a thorough account.
Why did you uninstall NIS which already included the antivirus? True,
the Corporate version is better but was your NIS outdated -
subscription expired? In any case, NIS/SAV will not remove this type of
malware.
Click to expand...

I did that in case the malware had somehow tampered with my existing version
of NIS.
Why did you uninstall Spybot?
Click to expand...

Same reason. My Spybot was on the computer before I had the malware problem,
and the impression I got was that I needed to be using a "fresh" version.
This is exactly what you were supposed to do. You download installers
and updates and use them on the infected machine, not the one on which
you download them.
Click to expand...

What I meant is that I couldn't download the updates on a separate machine
because my separate machine is a Mac and most of these programs seem to
update from within the application (though I'll go back to their websites
again to double-check this). So I downloaded the installers, transferred them
to my PC, installed the security programs in regular mode, opened them,
installed updates, then switched to Safe Mode and ran them.
Go back to my website and reread the instructions for the preparatory
steps. Note that all work is supposed to be done in Safe Mode. Get
Ewido and its full updated database. Install it - in Safe Mode - and
run it in Safe Mode. As noted on my site, after your machine is clean
you can uninstall Ewido.
Click to expand...

Okay, thanks again.
 
Okay, I did all the preparatory steps you described in Safe Mode, then
installed Ewido (along with the update installer) in Safe Mode, and ran it,
and it still didn't find anything. I didn't bother with AdAware or SpyBot
this time.

Is it possible that something was making these windows appear on my computer
without actually leaving traces of itself on my hard drive? Obviously I'll
watch for any further suspicious activity, but are there other precautions I
need to be taking as far as making sure I don't inadvertently transmit this
to somebody else?
 
Back
Top