Windows Security Alert

  • Thread starter Thread starter wrcandrews
  • Start date Start date
W

wrcandrews

I have been getting two pop ups constantly and I don't know if they are
Windows generated or from a spyware. One of the messages is as follows:
Windows Security Alert Warning! Potential Spyware Operation! Your computer
is making unauthorized copies of your system & Internet files. Run full scan
now to pervent any unathorised access to your files. Click YES to download
spywear. (Notice the misspelled words pervent & unathorised) Another
message wants to direct me to another web site. How do I find and delete
this stuff? I have run Norton and Windows Defender. They both have found a
Trojin and I instructed them to remove but, it still pops up.
--
WRA
 
It's most likely that the machine's already compromised. This alert is a
sign of the infection, not a way to remove it.

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin DTS-L.org


wrcandrews wrote:
> I have been getting two pop ups constantly and I don't know if they are
> Windows generated or from a spyware. One of the messages is as follows:
> Windows Security Alert Warning! Potential Spyware Operation! Your
> computer
> is making unauthorized copies of your system & Internet files. Run full
> scan now to pervent any unathorised access to your files. Click YES to
> download spywear. (Notice the misspelled words pervent & unathorised)
> Another message wants to direct me to another web site. How do I find and
> delete this stuff? I have run Norton and Windows Defender. They both
> have
> found a Trojin and I instructed them to remove but, it still pops up.
 
wrcandrews wrote:
> I have been getting two pop ups constantly and I don't know if they are
> Windows generated or from a spyware. One of the messages is as follows:
> Windows Security Alert Warning! Potential Spyware Operation! Your computer
> is making unauthorized copies of your system & Internet files. Run full scan
> now to pervent any unathorised access to your files. Click YES to download
> spywear. (Notice the misspelled words pervent & unathorised) Another
> message wants to direct me to another web site. How do I find and delete
> this stuff? I have run Norton and Windows Defender. They both have found a
> Trojin and I instructed them to remove but, it still pops up.

The messages are from the malware so your computer is already infected.

Do the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Then do the specific removal steps here:
http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan -
Smitfraud, Spyaxe, Spyfalcon

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Not all tools used will work in Vista and you will need to run them
elevated. Since Vista is so new, it will be a while before removal
techniques and tools are developed. If you are unable to remove the
infection by following the general steps, register at one of the
HijackThis forums as suggested.

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 
Back
Top