rouge antivirus?

[Lesbian Robots]

i'm not sure how it got in but a Rouge AntiVirus named WinAntivirus2007 got into my system. and AdAware20007, Windows Defender, and Trend Micro PC Cillin were unable to even detect anything, PC Cillin doesnt work in safe mode and AdAware2007 didnt detect anything, i was told to get a hijack this log of my computer and i have tht and i was wondering if i should post it here?

[Evans]

Go ahead, attach it.

[Lesbian Robots]

(ten letters)

[Evans]

Check and fix:
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ugelpoxi.exe (file missing)


Other than that, I see nothing special or that I don't like seeing.

Get a screenshot of the pop up you get.



EDIT:
Quick google search yielded this:

Malware Mike Worthington -- 22/07/06

If malware authors are indeed so very very clever, how can we be sure that some of them are not posing as antivirus or antimalware providers?

1.
Rouge antivirus Anonymous -- 15/08/06

Oh yes, they do so, they make programs that acts like a real antivirus or antipyware product. That's called rouge antivirus or rouge antispyware tools. Those will trick the user to pay some money by saying that the computer is infected or is in danger and if they would like to remove buy the upgrade blah blah blah. Some of them even displays a yellow bubble (as an urgent notofication in the same way as Microsoft displays when the firewall is not turned on or when a new update is available) so that it says that there is an infection on the computer and to remove click here. When you so you go to their website and you have to use your credit card to get rid of that message to keep popping up...

[b1gwi11]

windows defender sucks IMO.

also did you try just merely uninstalling it like you would any other program?

[Lesbian Robots]

ok i tried the fix you just gave me if it keeps continueing i'll send pictures of hte popups i'm geting

[Lesbian Robots]

when i try to go to the hijack this site, this kind of popup comes up, it doenst come up maximized or anyhting it pops up sized to the window that you were working in. as to completely cover the window you were working in.


the other popup cmae up soon as i clicked uplaod for hte images

[Evans]

Look, Corey told you to use different antivirus programs. Trash the ones you use now and try new ones. Kaspersky is free. Use it.

[Corey]

Look, Corey told you to use different antivirus programs. Trash the ones you use now and try new ones. Kaspersky is free. Use it.

I did?

[Lesbian Robots]

Kaspersky is not free and no corey did not say what you said he did

[Squeble001]

i use avg free and spy bot both free

[SegNin]

Use FireFox or some other alternate browser instead of IE.
That way you can get to the Hijack this site.

I also recommend AVG free edition for anti-virus:
http://free.grisoft.com/

Although you already have Trend-Micro which isn't bad either, I guess.

I see you have Lavasoft AdAware, but not Spybot S&D.

Get it and scan your computer with both of them
http://www.safer-networking.org/

Make sure to fully update them both for you scan.

[maca]

You need to use this program

Download Links:
Links are hidden from guests. Please register to be able to view these links.

[Panda Man]

i'm not sure how it got in but a Rouge AntiVirus named WinAntivirus2007

lol that thing sucks doesn't it? Maximum PC did an article about it as well, they contacted the company and they (the company) said there was no way the program would inject self installing apps onto people's computers and nag them to buy it. lol rite. Ok anyways:

Use this tool - http://secured2k.home.comcast.net/to...undoBeGone.exe

Maca's tool should work as well. This will remove all the adware/spyware, but not the program itself. Now go to add/Remove programs in the control panel, and remove WinAntiVirus manually. Then get a copy of ewido, know known as AVG anti-spyware, install/update/run.

It should be completely now, if not then this post can help you more:

http://www.bleepingcomputer.com/foru...10&hl=Winfixer

[Lesbian Robots]

thank you all, this worked my compuiter is now completly clean, altho i had to delete my system restore because AdAware did a backup of the system wile the malicious softwre was still installed so then Windows was protecting bakcup copys of the bad software a tutorial on how to deal with stuff like this should be stickied.