I believe it is fake anti-virus called "antivir something". It wont let me do anything and disabled internet in windows. I'm running Linux on live CD right now. Microsoft Security Essentials can't detect the fake program. Does anyone know where the EXE is located so I can delete it manually?
| |
|
Welcome to KnowledgeSutra - Dear Guest 
, Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply
w/o Sign-Up!
| |
0
13 replies to this topic
#2
-
- Kontributors
-
- 1,967 posts
Trap Grand Marshal Member
- Gender:Male
- Interests:Working on my Rift fansite
- myCENT:13.49
-
Posted 02 August 2010 - 07:30 PM
NNNOOOOOO, on 02 August 2010 - 05:35 PM, said:
I believe it is fake anti-virus called "antivir something". It wont let me do anything and disabled internet in windows. I'm running Linux on live CD right now. Microsoft Security Essentials can't detect the fake program. Does anyone know where the EXE is located so I can delete it manually?
Seems to me like it may have things in your auto run on startup, as well as your registry.
I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go.
#3
-
- Kontributors
-
- 139 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 02 August 2010 - 08:26 PM
rpgsearcherz, on 02 August 2010 - 07:30 PM, said:
Seems to me like it may have things in your auto run on startup, as well as your registry.
I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go.
I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go.
#4
-
- Kontributors
-
- 139 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 02 August 2010 - 09:00 PM
Nvm. I reported it to Microsoft.
I fixed the internet. Only Firefox was working. I managed to get the others to work because that fake antivirus enabled proxy. I had to disable it. now it works fine.
I fixed the internet. Only Firefox was working. I managed to get the others to work because that fake antivirus enabled proxy. I had to disable it. now it works fine.
Edited by NNNOOOOOO, 03 August 2010 - 12:22 AM.
#5
-
- Kontributors
-
- 139 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 03 August 2010 - 04:05 PM
Email from Microsoft:
Quote
The Microsoft Malware Protection Center (MMPC) strives to keep you informed about the status of your submission.
Analysis of the file(s) in Submission ID MMPC10080238706584 is now complete.
This is the final email that you will receive regarding this submission.
You can view your submission online at the following link:
You can view your submission online at http://www.microsoft...F8-A83682650290
The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 8/2/2010 1:56:29 PM Pacific Time.
Below is the determination for your submission.
========
Submission ID MMPC10080238706584
Submitted Files
=============================================
dhktunmtssd.exe [Trojan:Win32/FakeSpypro]
The following links contain more information regarding the detections listed above:
http://go.microsoft....in32/FakeSpypro
Your submission was scanned using antimalware definition version 1.87.1119.0.
========
Detections listed above are included in the latest pre-release signatures and made available in the following formats:
For Microsoft Antimalware products including; Microsoft Forefront products, Microsoft Security Essentials or Windows Live OneCare:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=181947
* 64 bit operating systems:
http://go.microsoft..../?LinkID=181948
For Microsoft Antispyware products including; Windows Defender:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=182292
* 64 bit operating systems:
http://go.microsoft..../?LinkID=182293
The following link explains how to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system:
http://support.micro...kb/827218/en-us
Alternatively, detections listed above are included as an update and made available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The latest antimalware definition update is always available for download at the following location:
http://go.microsoft..../?LinkID=110446
If you have questions relating to this submission please contact mailto:mmpcres@microsoft.com and reference your submission ID.
========
Additional Help
For more information about updating definitions and answers to other questions, visit the following link:
http://www.microsoft....aspx#new_defns
Protection updates are also be available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The Microsoft Malware Protection Center (MMPC) Portal is continuously updated with detailed information about threats and definitions for Microsoft's Security related products.
You can visit the MMPC Portal at: http://go.microsoft..../?linkid=114450
If you believe that any file that you submitted is being incorrectly detected or you have questions relating to this submission, please contact mailto:mmpcres@microsoft.com and reference your submission ID.
If you need immediate assistance and information on best practices for removing malware in your environment, additional support options are available at the following websites:
For IT Professionals -
http://support.micro...p/securityitpro
For Home Users -
http://support.micro...pr=securityhome
Thank you,
Microsoft Malware Protection Center
Analysis of the file(s) in Submission ID MMPC10080238706584 is now complete.
This is the final email that you will receive regarding this submission.
You can view your submission online at the following link:
You can view your submission online at http://www.microsoft...F8-A83682650290
The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 8/2/2010 1:56:29 PM Pacific Time.
Below is the determination for your submission.
========
Submission ID MMPC10080238706584
Submitted Files
=============================================
dhktunmtssd.exe [Trojan:Win32/FakeSpypro]
The following links contain more information regarding the detections listed above:
http://go.microsoft....in32/FakeSpypro
Your submission was scanned using antimalware definition version 1.87.1119.0.
========
Detections listed above are included in the latest pre-release signatures and made available in the following formats:
For Microsoft Antimalware products including; Microsoft Forefront products, Microsoft Security Essentials or Windows Live OneCare:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=181947
* 64 bit operating systems:
http://go.microsoft..../?LinkID=181948
For Microsoft Antispyware products including; Windows Defender:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=182292
* 64 bit operating systems:
http://go.microsoft..../?LinkID=182293
The following link explains how to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system:
http://support.micro...kb/827218/en-us
Alternatively, detections listed above are included as an update and made available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The latest antimalware definition update is always available for download at the following location:
http://go.microsoft..../?LinkID=110446
If you have questions relating to this submission please contact mailto:mmpcres@microsoft.com and reference your submission ID.
========
Additional Help
For more information about updating definitions and answers to other questions, visit the following link:
http://www.microsoft....aspx#new_defns
Protection updates are also be available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The Microsoft Malware Protection Center (MMPC) Portal is continuously updated with detailed information about threats and definitions for Microsoft's Security related products.
You can visit the MMPC Portal at: http://go.microsoft..../?linkid=114450
If you believe that any file that you submitted is being incorrectly detected or you have questions relating to this submission, please contact mailto:mmpcres@microsoft.com and reference your submission ID.
If you need immediate assistance and information on best practices for removing malware in your environment, additional support options are available at the following websites:
For IT Professionals -
http://support.micro...p/securityitpro
For Home Users -
http://support.micro...pr=securityhome
Thank you,
Microsoft Malware Protection Center
#6
-
- Kontributors
-
- 760 posts
You can tune a guitar but you can't tuna fish.
- Gender:Male
- Location:Canada
- myCENT:51.52
Posted 03 August 2010 - 04:24 PM
Good job getting rid of the virus. Make sure you check this also for the virus if you haven't already:
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
#7
-
- Kontributors
-
- 139 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 03 August 2010 - 04:56 PM
rob86, on 03 August 2010 - 04:24 PM, said:
Good job getting rid of the virus. Make sure you check this also for the virus if you haven't already:
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
#8
-
- Kontributors
-
- 760 posts
You can tune a guitar but you can't tuna fish.
- Gender:Male
- Location:Canada
- myCENT:51.52
Posted 03 August 2010 - 05:55 PM
NNNOOOOOO, on 03 August 2010 - 04:56 PM, said:
What's the "qilfugcd" item?
gilfugcd was one of the things that run on startup? No idea what it is, but there's no match on Google for it so could be a bunch of random letters used by a virus. Any more information on it? Is it under services or the other tab? What is the path to it on your harddrive if it has one? Does it show a "Manufacturer" ?
#9
-
- Kontributors
-
- 139 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 03 August 2010 - 10:35 PM
rob86, on 03 August 2010 - 05:55 PM, said:
gilfugcd was one of the things that run on startup? No idea what it is, but there's no match on Google for it so could be a bunch of random letters used by a virus. Any more information on it? Is it under services or the other tab? What is the path to it on your harddrive if it has one? Does it show a "Manufacturer" ?
Startup item: qilfugcd Manufacturer: Unknown Command: C:\Users\John\AppData\Local\plwwththi\dhktunmtssd.exe (I now realise that that was the virus file I deleted) Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Date disabled:
I'll go delete the registry for it now.
#11
-
- Kontributors
-
- 57 posts
Member [Level 1]
- Gender:Male
- myCENT:82.58
Posted 20 August 2010 - 11:26 AM
Yes it is very good thing that your found the virus and finally you deleted the virus. Mostly when I face this problem and directly reinstall my window so it was totally hectic process for me. Now I have got very ideas about the deletion of such types of the viruses. For windows XP I removed the recently installed softwares so that I can get rid of the viruses.
#12
-
- KS GFX Crew
-
- 869 posts
Privileged Member
- Gender:Male
- Location:Standin' right behind you...
- Interests:Ultra Pwning...
- myCENT:-61.71
Posted 20 August 2010 - 11:35 AM
Well, thats why should scan something with your Anti-Virus before opening it, especially if its illegal when you download music or movies from torrent sites. 5 minutes for scanning mean nothing to the hours spent trying to contain the virus 
#13
-
- Kontributors
-
- 1,423 posts
Trapped For Life
- Gender:Male
- Location:India
- Interests:computers, computers and computers
- myCENT:76.11
Posted 21 August 2010 - 02:38 AM
Good job getting rid of it soon. But have you made sure that it hasn't infected any of your other files? Once I had a similar worm which disabled my internet connection. I was able to get rid of it and just to be safe I re-formatted my XP installation. But when I scanned with an AV Program, it detected over 1000 infections! The original worm was deleted but it left behind so many infections running silently 
So use a good anti-virus program to run a complete system scan and make sure there aren't any traces of the virus left.
So use a good anti-virus program to run a complete system scan and make sure there aren't any traces of the virus left.
#14
-
- Kontributors
-
- 139 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 21 August 2010 - 03:02 PM
The Simpleton, on 21 August 2010 - 02:38 AM, said:
Good job getting rid of it soon. But have you made sure that it hasn't infected any of your other files? Once I had a similar worm which disabled my internet connection. I was able to get rid of it and just to be safe I re-formatted my XP installation. But when I scanned with an AV Program, it detected over 1000 infections! The original worm was deleted but it left behind so many infections running silently So use a good anti-virus program to run a complete system scan and make sure there aren't any traces of the virus left.
So use a good anti-virus program to run a complete system scan and make sure there aren't any traces of the virus left.Reply to this topic
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
