How To Fix How blackhat SEO and Fake Anti-Virus work


TIP: You should click here to fix Windows errors and optimize system speed.


How blackhat SEO and Fake Anti-Virus work is the name of the error that contains information about the error, including the reason why it occurred, which system component or application was malfunctioning that caused the error, and other information. The numerical code in the name of the error contains data that can be decoded by the manufacturer of the faulty component or application. An error using this code can occur in many different places in the system. Although the name contains some details, it is still difficult for the user to find and eliminate the cause of the error without specialized technical knowledge or the appropriate software.

From the Forums

A user in the forum details it further:


In this video , Sophos Senior Security Advisor Chester Wisniewski shows how a major web threat works, step by step. This video walks you through how malware authors use blackhat SEO to lure readers to download malicious fake anti-virus, and then demonstrates how fake anti-virus trick users into giving away credit card information.  



What causes How blackhat SEO and Fake Anti-Virus work

If you received this error on your PC, it means that there is a malfunction in your system. Common causes are incorrect or unsuccessful installation or removal of software that could leave invalid entries in the Windows registry, the effects of a virus or malware attack, an incorrect system shutdown due to a power failure, or another factor in which a person with little technical knowledge accidentally deletes the required A system file or registry entry, as well as several other reasons. The immediate cause of "How blackhat SEO and Fake Anti-Virus work" is a failure when one of its normal operations is properly started by a system or application component.

 

More info on How blackhat SEO and Fake Anti-Virus work


RECOMMENDED: Click here to fix Windows errors and optimize system speed.

Looking for code work? Write fake anti-virus scripts

Shysters involved in the business are increasingly adopting the business structures of mainstream security firms - even to the point of running call centres designed to persuade people not to try to apply for refunds, and recruitment programs. One said: "Nice buyer, hope can work for him again in the future."

Of course when the job involves tricking the unsuspecting into visiting scareware portals in order to flog software of little or no utility it's probably wise to take these glowing reviews with a pinch of salt. Looking for code work? The market for scareware is booming.

However, prospective applicants are warned not to expect a big payday - the budget for the whole project is between $30 and $250.
.dell-box{border:1px solid #00f;width:318px;padding:8px;margin-bottom:16px;font-family:"Trebuchet MS",Arial,FreeSans,Helvetica,sans-serif;}.dell-box h3{font-size:16px;margin:0 0 8px 0;}.dell-box h4{font-size:14px;margin:0 0 2px 0;}.dell-box h5{font-size:12px;margin:0 0 12px 0 ;}a:link { color: #000; text-decoration: none;}a:visited { color: #000; text-decoration: none;}a:hover { color: #00f; text-decoration: none;}

On the plus side the prospective employer, redlinecl, has 100 per cent positive feedback from previous coding lackeys. The Register
The ad, posted on Monday (screenshot here), was spotted by security researcher Patrik Runald of Websense, who notes that the same chap was previously involved in fake PayPal pages, spam campaigns and...


Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. Please perform the following scan:Download DDS by sUBs from one of the following links. It also causes advertising popup, though this is fairly rare (once or twice an hour, max).I am running Windows XP, Service Pack 3, and I have Trend Micro PC-cillin Internet Security 14 for antivirus software.

Run the scan, enable your A/V and reconnect to the internet. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. I have also turned on Windows firewall, as per the instructions on this site.My antivirus program detects an infected file called C:\WINDOWS\SysNotifier.exe, and classifies it as something called "Mal_FakeAV-9".

No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. Information on A/V control HERER,K




If not please perform the following steps below so we can have a look at the current condition of your machine. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate y...


Various Shortcuts Created On Desktop + Fake Anti-virus Warnings + Fake Error Screens & More.

But then they suddenly re-surface after they have been removed. I ran various scans with AVG, ComboFix and Malwarebytes' Anti-Malware. Also, fake blue error screens appeared on my desktop if I allowed it to go to the screensaver.

Shortcuts linking to such programs as "Micro Antivirus 2009", "QUALITY PORN", "BEST ZOO PORN", etc. Thank you very much for reading.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:40:32 PM, on 9/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exe...


XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Please copy and paste the contents of that file here.NEXT:Running OTLWe need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedNEXT:Please provide an update on how things are running in your next reply.




I will try very hard to fix your issues, but no promises can be made. If no reboot is require, click on Report. AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. I mananged to get both Malwarebytes and Superantispyware on my computer and was able to get rid of much of the problems by running these programs. I am going to stick with you until ALL malware is gone from your system. I also had m...


Beware of “Anti-Virus-1″ - Another Fake Anti-virus in Town

In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus. When run, this adware warns the user that the computer is not protected.
Attention please! If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected.

The main screen displayed is a spoof of the Window Security Center. There is a new adware "Anti-Virus-1". Rogue programs appear to be everywhere these days.
The end aim is to sell users a pay version of the fake antivirus in order to eliminate the threats.

It then pretends to scan the system for malware. So make sure you don't install this or any other fake-antivirus program. Additionally, when infected users visit certain Web pages with comparative reviews of antivirus products, there will be redirected to a spoof page showing a review of an 'antivirus', called Antivirus2010, with functions and characteristics similar to Anti-Virus-1.

Its a fake anti-virus program which looks like Windows default "Security Center".
<a target='_blank' title='ImageShack - Image And Video Hosting' href='http://img155.imageshack.us/my.php?image=antivirus1.jpg'><img src='http://img155.imageshack.us/img155/3616/antivirus1.jpg' border='0'/></a><br/><a href="http://g.imageshack.us/img155/antivirus1.jpg/1/">...


How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)

Source ... This particular virus goes by a lot of names, including XP Antispyware, Win 7 Antispyware, Win 7 Internet Security 2011, Win 7 Guard, Win 7 Security, Vista Internet Security 2011, and many, many others. It?s all the same virus, but renames itself depending on your system and which strain you get infected with.

I hope I never have to use it.

They tell you that your PC is infected with fake viruses, and prevent you from doing anything to remove them.

How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)





Quote:
If your PC is infected with the Win 7 Anti-Spyware 2011 malware or something similar, you?ve come to the right place, because we?re going to show you how to get rid of it, and free your PC from the awful clutches of this insidious malware (and many others)
Win 7 Anti-Spyware 2011 is just one of many fake antivirus applications like Antivirus Live, Advanced Virus Remover, Internet Security 2010, Security Tool, and others that hold your computer hostage until you pay their ransom money.


Fake anti-virus/anti-spyware attacks. Please help!

The scan wont take long.When the scan completes, it will open two notepad windows. Doing so can result in system changes, which may not show up in the logs you post.If you have already asked for help somewhere, please post the link to the topic you were helped.We try our best to reply quickly, but for any reason we do not reply in two days, do this:Reply to this topic with the word BUMP.Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. I don't even go on bad websites and I get these. What free progams can I use that will stop these from attacking me?

These are saved in the same location as OTL.Please copy (Edit>Select All, Edit>Copy) the contents of these files, one at a time Make sure all other windows are closed and to let it run uninterrupted.Under the Custom Scan box paste this inCode: [Select]netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sysCan't Get Rid of XP Anti-Spyware Fake Anti-Virus

GMER will produce a log. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. GMER will produce a log.

I cannot seem to get rid of it, it closes down Internet Explorer, and refuses to allow me to run McAfee or Malwarebytes Anti-Malware. The two DDS Logs (DDS and Attach.txt)2. Click OK. I just ran HiJackThis and clicked "SCAN", the following are the logs from the scan results.

Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !Please post the results from the GMER scan in your reply.In your next post/reply, I need to see the following:1. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Once the scan is complete, you may receive another notice about rootkit activity. The program will begin to run.**Caution**These types of scans can produce false positives.

Click No. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gme...


Please diagnose Hijackthis log: Personal Guard 2009 virus (fake anti-virus)

mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-7 34248]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-27 822424]

=============== Created Last 30 ================

2009-09-09 00:44 47,872 a------- c:\windows\syscert.exe
2009-09-09 00:44 38,352 a------- c:\windows\reged.exe
2009-09-09 00:44 33,149 a------- c:\windows\sysexplorer.exe
2009-09-09 00:44 28,320 a------- c:\windows\sys.com
2009-09-09 00:44 18,941 a------- c:\windows\vmreg.dll
2009-09-09 00:44 51,197 a------- c:\windows\spoolsystem.exe
2009-09-09 00:44 <DIR> --d----- c:\program files\Personal Guard 2009
2009-09-09 00:44 385,024 a------- c:\windows\system32\wcenter.exe
2009-09-09 00:01 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-09-09 00:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 00:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-09 00:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-09 00:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 22:59 <DIR> a-d----- c:\windows\system32\images
2009-09-07 15:16 <DIR> --d----- c:\documents and settings\all users\Mi...


Infected with Google redirect virus and fake anti-virus software pop ups

Double-Click on dds.scr and a command window will appear. Unfortunately after I did the system restore webroot is not working properly so I can't post its logs below is the output of DDS. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

I also attached the attach.txt from DDS, I can't attach a GMER log because it is too large. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the content...


Fake youtube link gave me a virus, disabled spyware/malware/anti-virus

I found this running when I entered msconfig on the Run field.
 

Once there, I pick safe mode and it brings me back to the same black screen over and over again. Well, like an idiot I clicked on it and all he-- broke loose. Can someone please help me?

I have realized that I have this lingering around somewhere in my computer. $McRebootA5E6DEAA56$

Would anyone be able to tell me how I go about trying to find out in which folder this is at? It started with a letter G before the words youtube on the URL. I now don't have access to use any of the following on my computer: Safe Mode, System Restore, Spybot Search and Destroy, AVG, Super Antispyware, or Ccleaner. I'm going crazy over here.

I clicked on the link not knowing it was a fake. Once there, it said that I had to update my Adobe in order to see the video. When I try to do system restore, it says it's disabled by group policy. I've searched high and low to try to fix the System Restore problem and it just won't let me.

If I hit F8 after rebooting the computer, it takes me to the black screen where I can choose Safe Mode. Two days ago I was sent a fake youtube link through YIM. Once I clicked on it, it took me to a page that appeared to be a youtube page.


Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 iZ3DShutterService;iZ3DShutterService;C:\Windows\system32\Drivers\iZ3DShutterService.sys --> C:\Windows\system32\Drivers\iZ3DShutterService.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2011-7-25 43704]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:&...


Anti-Virus Doctor and fake Microsoft virus scanner

Please note that your topic was not intentionally overlooked. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. After downloading the tool, disconnect from the internet and disable all antivirus protection.

Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. If not please perform the following steps below so we can have a look at the current condition of your machine. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle




Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:38 PM, on 11/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil So...


Antivirus 2009 Fake Anti-Virus Trojan Virus

Regardless if prompted to restart the computer or not, please do so immediately. C:\WINDOWS\system32\efcBsPGa.dll Trojan horse Vundo.DM Object was moved to Virus Vault. C:\WINDOWS\system32\ssqPgEtu.dll Trojan horse Generic12.AWPU Object was moved to Virus Vault. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

C:\WINDOWS\system32\config\software Locked file. Not tested. C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.

Not tested. Not tested. Not tested. The scan will begin and "Scan in progress" will show at the top.

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. C:\WINDOWS\system32\ezodsp.dll Trojan horse Vundo.DO Object was moved to Virus Vault. Please disable such programs until disinfection is complete or permit them to allow the changes. C:\WINDOWS\system32\config\SECURITY Locked file.

Not tested. Not tested. Not tested. Not tested.

C:\WINDOWS\system32\config\SAM.LOG Locked file. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. Not tested.

C:\System Volume Informatio...


Fake Anti-virus Ad Pop-up

Please note that your topic was not intentionally overlooked. I have done that and the malware continues to appear. Closing the waning box always opens an Internet Explorer window which simulates a scan. If not please perform the following steps below so we can have a look at the current condition of your machine.

No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. I have run Ad Aware (2008) which submitted a suspicious file, C:\Windows\pp09.exe, and SpyBot S&D which found nothing. This window is always followed by a notice from Norton AV 2008 referring to Trojan.Malscript!html.

Please perform the following scan:Download DDS by sUBs from one of the following links. The window purports to be from secure-components.com. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. Norton's advice is to stop System Restore, Run Liveupdate, Run a full scan, and restart System Restore.

Please help me remove it.HighJackThis log attached. Run the scan, enable your A/V and reconnect to the internet. After downloadi...


Fake Anti-Virus

Everytime I scan my computer it comes back with 20 or more cookies and viruses. I used Rkill, FixNCR and Malwarebytes to remove most of the virus. I can use my computer now but I get alerts that IP adresses are trying to make changes to my computer (they are blocked by Webroot).
My computer had 2 viruses back to back, Windows Total Security and Vista Anti Virus 2011.

Any help would be greatly appreciated.




Also when I use google I get directed to the wrong pages and sometimes my computer adds a tab and takes me to websites that I have never seen or searched for. I don't know what to do next.


Fake Anti-Virus pop-up

Remember that although your symptoms may vanish, this does NOT mean that your system is clean. Please ensure that you follow the instructions in the order I have them listed. Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

When finished it will produce a log at C:\ComboFix.txt for you
Please include the log in your next reply.

My name is Iain and I will be helping you clean your system. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. I have not installed the software intentionally, but in attempting to exit the pop up I beleive some malware may have been loaded. Any advice would be much appreciated. Note that the fix may take several posts.

Also please copy and paste logs into the thread, rather than add them as attachments. The computer is becoming increasingly slow, and in my firewall logs I have noticed hundreds of individual IP's trying to connect to my pc on port (TCP) 18610. I have ran a scan with mcaffee, spybot S&D and Malwarebytes, but to no avail. Double click on the renamed ComboFix.exe & follow the prompts.

These pop ups claim t...


HJT LOG. pop ups, ads, fake anti virus. help ;__;

This site keeps loading as we speak. ( loaded 20 times in tabs now)

[ http://url.cpvfeed.com/cpv.jsp?p=11...electedKeyword=ron&selectedListingId=6388540]


Logfile of HijackThis v1.99.1
Scan saved at 2:24:00 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\winupdate\winupdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Alcohol Sof...


Fake anti-virus HJT log

here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:48 AM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Kevin\Kevin.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Craps\Internet Download Manager\IDMan.exe
C:\Program Files\Craps\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection...


Fake Anti-Virus Pop Ups

Have means of backing up your data available.____________________________________________________Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program. I would appreciate it if you would do the same.

I need you to be patient while I analyze any logs you post. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. Don't worry, this only happens in severe cases, but it sadly does happen. Please remember, I a...



LATEST TIP: You should click here to fix Windows errors and optimize system speed.



Recommended Links:

(1) Download (How blackhat SEO and Fake Anti-Virus work) repair utility.

(2) How blackhat SEO and Fake Anti-Virus work

(3) Looking for code work? Write fake anti-virus scripts

(4) Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

(5) Various Shortcuts Created On Desktop + Fake Anti-virus Warnings + Fake Error Screens & More.

 
Note: Manual troubleshooting of How blackhat SEO and Fake Anti-Virus work is only recommended for advanced computer users.Download this automatic repair tool instead.