Fake Trojan help please

[stufarq]

Hope someone can shed some light on this.

Since last night I've been getting messages - supposedly from something called "Protection Centre" and made up to look like Microsoft without actually using the name - warning me that I need to be protected against Trojan.Zlob.G and giving me a link to click.

Scans show that I don't have this or any other threat, although there is a real threat with that name. However, the message exaggerates what the Trojan does, claiming that it records keystrokes and takes screen shots in order to pass on financial information, when the real Trojan.Zlob.G apparently only changes your homepage.

It looks like I have some sort of Misleading Application but I can't work out what it is or how to get rid of it.

Has anyone else seen this message or does anyone know the real name of whatever I've got?

I'd be grateful for any help.

Thanks.

[eotunun]

Sounds familiar from something I had years ago, even before I had internet.. I got such a problem (On a system without viris scanner as it worked all offline)
Clear the temporary file folders, I'd suggest.
And don't use the Internet Explorer.

[EvilBastard]

Are you running anything like AVG Anti-Virus? Ad-Aware? They should be able to clean up whatever is causing mischief.

[stufarq]

I use Norton but it's not detecting anything.

I do use IE but also Firefox and it's affecting them both. The one thing I forgot to mention is that, whenever I open either browser, I first get a full page message warning me that browsing is insecure and asking if I want to continue. if I do, I get to my homepage. But it's noticeable that, even in Firefox, the message is designed to look like MS.

After that, the message I mentioned before appears periodically as a pop-up. As far as I can tell it's not doing anything else and presumably its job is to make me click an unsafe link or buy dodgy software. It's just annoying.

I'll try cleaning my temp files but they're set to delete everything automtically so it shouldn't be there. If I just knew what it was really called I'd be able to deal with it.

[psichonaut]

spyware doctor or ad-aware will solve your problms Stu, i had the same trouble, but try to remember what you downloaded when the issue came the first time, i once solved the problem uninstalling and deleting some emoticon my wife downloaded

[stufarq]

Don't know what I downloaded unfortunately.

I found some information on it on a few techie forums and the program they most commonly recommended was something called Malwarebytes. So I tried it and scanned in safe mode. It detected and removed 39 items that Norton didn't pick up! But then I couldn't restart normally - the PC would only start in safe mode!

So I had to use system restore and am back to square one. I'll try some of the programs suggested here and let you know.

[robertzombie]

Malwarebytes is a tip top programme. I'd recommend running it again in normal mode.

Also try this: http://wiki.castlecops.com/

[stufarq]

Well, it's taken all day but it's finally gone.

I tried almost everything suggested here. Ad-aware found 23 threats that Norton didn't - but not the one that started this off.

Spyware Doctor found about 300(!) but then refused to remove them until I paid up. Sure, they've got to make a living, but holding people hostage like that is no better than the malware I was trying to remove and is basically a protection racket. Either do the whole job or don't do any of it but don't do half and then state your terms before you've finished. Needless to say I uninstalled it.

I then went to castlecops, which put me through loads of different programs. Between them they discovered over 500 threats! The one that finally did the job was ESET. And there was still a stage to go - Trojan scanning. I reluctantly (after my Safe Mode fiasco) reused Malawarebytes because AVG required Safe Mode and I wasn't going there again. Still a couple left even at that stage.

I now feel that I'll never actually do anything on my PC because I'll constantly be runing scans of one sort of another.

I'm also forced to wonder if it's worth paying the money for my Norton subscription when it fails to find somewhere in the region of 600 threats. It's supposed to be one of the best!

Anyway, job finally done and thanks to everyone for your help. It was all much appreciated and all of it turned out to be useful.

[Nic]

[Work mode]

What Norton product are you currently using stufarq?

[/work mode]

[CellThree]

Malwarebytes is a tip top programme. I'd recommend running it again in normal mode.

Also try this: http://wiki.castlecops.com/

\
Malwarebytes is the best program to use, followed by SuperAntiSpyware as a mop up.

[robertzombie]

The problem with Norton and other popular Anti Virus software is virus makers (for want of a better term) program their bugs to get round that software first, because it's the stuff the majority of people have. Unfortunately AVG is going the same way.

Always scan anything you download with at least 2 AV programs.

[nodubmanshouts]

You might find those 500-odd warnings aren't really worth worrying about; I found many of these programs tend to warn about pretty unimportant things, like cookies.

[stufarq]

What Norton product are you currently using stufarq?

Um, whatever the most up to date one is. I can't find the specifics but I have a three year subscription so that it's always upgraded to the latest version in addition to the live updates.

You might find those 500-odd warnings aren't really worth worrying about; I found many of these programs tend to warn about pretty unimportant things, like cookies.

Good point now that I think about it - a lot of them were cookies. When I went through the castlecops procedures, for most of the scanners it said to ignore cookies but for (I think) the last one, which would have been the second time I ran Malwarebytes, it specifically said to scan cookies too. I thought twice but decided to do it anyway and, surprise surprise, have had to re-enter most of my passwords and am still moving things like bookmarks back to the order I had them in.

Malwarebytes is the best program to use, followed by SuperAntiSpyware as a mop up.

I now have both of these installed as well as Ad-aware. There may be something else too, I lost track. Annoyingly, at least one of them is dialling up my Internet without my permission. I'm not too worried as I know it'll be one of them but I prefer to do it myself so that I know it's not some pesky dialler. I'll have to find the settings and see if I can configure them only to update when I dial up myself.

Incidentally, I was joking about feeling I'd never get anything done again. But I always thought I was reasonably savvy about this sort of thing and have discovered that I've come up a bit short. That'll teach me.

[psichonaut]

having a redirection just after this thread started and i followed the suggestion to download Malwarebytes 'cause Ad-aware found anything to remome...well launched malware bytes and it worked the same, still redirecting....binned some download i did....Emoticons for MSN were the trouble

[Karst]

[nodubmanshouts]

oh don't even go there....

...but you did, so....

... my pocket calculator doesn't get viruses either...

[Nic]

What Norton product are you currently using stufarq?

Um, whatever the most up to date one is. I can't find the specifics but I have a three year subscription so that it's always upgraded to the latest version in addition to the live updates.

Does it look like this?




It's the Norton Internet Security 2009. I've used it since it was released and I can really recommend it. It's much better of finding Trojans and such compared to the previous versions.

You can download a trialware version here, just install it and use your current product key and you will be up and running.

There's localized versions as well if you don't want to use this english one.

[Pista]

What other symptoms do you have?
I had something similar a while back & foolishly (as it looked like an official windows warning) I clicked the bugger

All hell broke loose & my browser was hijacked at random, taking me to all sorts of weird & wonderful sites.
I tried a lot of "fixes" on top of all the spyware scans, but nothing would shift it.

On this forum the banners all showed as anti spyware adverts.

Eventually the only thing to do was to wipe & re-install everything.

[markfiend]

Macs can get viruses too now. Try:

[Karst]

Li-la-li-la-linux. Fookin' hippies!

http://www.youtube.com/watch?v=9sJUDx7iEJw

[markfiend]

[stufarq]

Does it look like this?

No. Just found out that it's version 15.0.0.60. For some reason it doesn't have a year on it but maybe it doesn't update the interface until the next subscription or something.

[Quiff Boy]

yeah, its probably only updating the virus def libraries.

that's Norton Internet Security 2008 you've got there

[Nic]

Does it look like this?

No. Just found out that it's version 15.0.0.60. For some reason it doesn't have a year on it but maybe it doesn't update the interface until the next subscription or something.

You have to upgrade to get the latest version/interface, otherwise you just prolong your subscription.
As long as you got a product key from 2006-2008 you can download and install the 2009 version which I recommend you to do.

[Karst]