AVG Support Forums

[honesty911]

I clicked on a link in an email that I thought was from a friend and it prompted me to install and update like an idiot I clicked it at the same time that little voice said not to... my avg went off, trojan detected and blocked the site. Problem is it was to late I now keep getting a pop up of a fake anti virus telling me I am infected and starts to scan, I close that out and every few minutes a differ window will open up and trys to take me to another site 94.102.49.148/index.html but avg blocks it, and the last one is a window opens up and these differ ladies are on the screen stripping naked trying to get me to click on the friend finder in the advertisement. These three things keep happening over and over in that order.

I have been to the avg board and read and did what it suggested disconnecting from the internet, ran a full scan of AVG 9.0 the latest and it found a file and I deleted it, then booted into safe mode and did another full scan that way, it found another file and needed to restart to finish. I then installed Spybot S.D. ran the full scan on that it found around 20 infections, it healed or removed all of them, I scanned again it found 1 again. I then ran this Malwarebytes Anti-Malware v 1.44 an ran a full system scan it found 5 total and removed them, but needed to restart to finish. I restarted and scanned again it still finding the same one over and over. This is the results of the Malware scan below.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/8/2010 3:40:40 AM
mbam-log-2010-03-08 (03-40-40).txt

Scan type: Quick Scan
Objects scanned: 93381
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.

The Spybot results I could not find, but it keeps finding this Win32.fraudload.edt it says it removes it, but scan again it's right back again.

Time I connect back to the internet it starts over in a matter of minutes....

I don't know what to do or try now.

I am running windows vista premium 64 bit version. I don't know what else you need to help me with this I hope I have given you enough info.

[andrew]

Boot into Safe Mode with Networking into a profile with Administrative rights to your machine. Check your settings on Internet explorer and make sure your connection is not set to go through proxy. Update to all the latest versions of Malwarebytes, Spybot S&D, and Ad-Aware. Run them all for they each find something different. Run CCleaner.exe. Defrag your hard drive and then defrag your computer with tools from auslogics. It will take hours but it will get you back to normal.

[sc123]

You might also want to try Superantispyware.

[honesty911]

Is that a free program? What is confusing to me is that after all the scans the win32.fraudload.edt is still showing in the scans but yet all pop ups have stopped. I don't know if it is just one of the programs that is blocking it or what. I would still like to get rid of it totally without questio

Thanks for the help

[sc123]

It's free, and sometimes you need to scan in Safe Mode to completely remove threats.

[honesty911]

Boot into Safe Mode with Networking into a profile with Administrative rights to your machine. Check your settings on Internet explorer and make sure your connection is not set to go through proxy. Update to all the latest versions of Malwarebytes, Spybot S&D, and Ad-Aware. Run them all for they each find something different. Run CCleaner.exe. Defrag your hard drive and then defrag your computer with tools from auslogics. It will take hours but it will get you back to normal.

I want to thank you for the advice... I am still going through the process, but wanted to post one thing just in case someone else reads your post here. If your going to suggest a program you might suggest a link also... cause you just gave me the name of the programs, and one called the Ad-ware I did a search on it, and the first one it came up with I assumed was it by name, but it turned out that there was a trojan in the downloaded file that was caught. This is the link to the site that I actually used to download it.. Same name but differ programs I guess.. This is V 8.1.2 http://www.snapfiles.com/get/adaware.html. The CCleaner.exe this I searched for and the site redirects me to another site and no download there either so I can't find that one.

After doing all this i am still at square one. I am not getting popups of any kind, no naked ladies stripping on my screen, but I can still scan and finds the win32.fraudloader.edt, and the same story it says it deletes it, but every scan finds the same thing this is only in Spybot S.D everything else scans free nothing found.

[andrew]

ccleaner.com and lavasoft.com

When you are finished scanning in safe mode with networking, do the same thing under your account login. It is quite possible that win32.fraudloader is specific to your profile.