944,131 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Fake windows security and ballon msgs
Ad:
Permalink
Sep 13th, 2005
0

Fake windows security and ballon msgs

Expand Post »
I keep getting fake windows security messages and "your computer may be at risk" ballons (in the bottom right of windows - i guess that's what its called). I've searched the forums and tried the things others have.

I've run CWS newest version and hijack this. Also have run Norton 2005 with newest definitions etc. I still get these messages at seemingly random intervals.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:33:39 AM, on 9/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\mIRC\mirc.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\hijackthis\HijackThis.exe

I've cleaned out most of what i didn't recognize or found in the sticky post that could be safely fixed.

Please let me know if there is any other relevant info needed.

Thanks.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Near_Miss is offline Offline
5 posts
since Sep 2005
Permalink
Sep 13th, 2005
0

Re: Fake windows security and ballon msgs

I'm going to guess that you recently upgraded to SP2. That's Window's new Security Center letting you know that it doesn't like how you do things. You can load up Security Center by double-clicking the shield in your system tray or by going to Control Panel\Security Center. You can get rid of the annoying alerts by clicking the link on the left side of the Security Center that says "Change the way Security Center alerts me".
Reputation Points: 38
Solved Threads: 25
Posting Shark
chrisbliss18 is offline Offline
902 posts
since Aug 2005
Permalink
Sep 13th, 2005
0

Re: Fake windows security and ballon msgs

no, updated a long time ago, clicking on the windows brings me to fake pages that are loaded with links to more spyware
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Near_Miss is offline Offline
5 posts
since Sep 2005
Permalink
Sep 13th, 2005
0

Re: Fake windows security and ballon msgs

searching the symantec site i think i have this "adware.findspyware"

heres the link http://sarc.com/avcenter/venc/data/a...ndspyware.html
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Near_Miss is offline Offline
5 posts
since Sep 2005
Permalink
Sep 13th, 2005
0

Re: Fake windows security and ballon msgs

Also, the change the way windows alerts me is in grey (can't click)

Hope this helps.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Near_Miss is offline Offline
5 posts
since Sep 2005
Permalink
Sep 13th, 2005
0

Re: Fake windows security and ballon msgs

Since you have some type of spyware infection, use the guide linked to in the bottom of my sig to run through a series of cleaners that can remove most types of malware off of your system. Let me know if this takes care of your problem.
Reputation Points: 38
Solved Threads: 25
Posting Shark
chrisbliss18 is offline Offline
902 posts
since Aug 2005
Permalink
Sep 14th, 2005
0

Re: Fake windows security and ballon msgs

Thanks chrissbliss18,

I had tried quite a few of those solutions. However, windows antispyware beta did the trick by identifying two dll files that the other programs skipped over. After deleting them in safe mode, the fake messages seem to have stopped. I doubt if my system is completely clean, but the malware or w/e isn't working now.

The specific files were sqlbnmi.dll and sqllgao.dll both in \\windows\system32

I did notice that this malware? uses hh.exe to display winprotect . net[removed] when you click on the "Your computer may be at risk" ballon or Windows Security Center. I don't know if its an original windows help program or part of the malware. Anyway I deleted hh.exe and ballon.wav from \\windows but they regenerated themselves everytime windows started and connected to the internet. Now that the two dll's have been removed this is no longer a problem. Maybe this is relevant to the moderator for his "fixes for specific infections" thread, I think this is a varaint of the Adware.ClickDloader or maybe not =)

Thanks again chris!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Near_Miss is offline Offline
5 posts
since Sep 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Can't remove w-find.com. HijackThis log provided
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Another YupSearch problem





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC