NNNOOOOOO 0 Report post Posted August 2, 2010 I believe it is fake anti-virus called "antivir something". It wont let me do anything and disabled internet in windows. I'm running Linux on live CD right now. Microsoft Security Essentials can't detect the fake program. Does anyone know where the EXE is located so I can delete it manually? Share this post Link to post Share on other sites
rpgsearcherz 5 Report post Posted August 2, 2010 I believe it is fake anti-virus called "antivir something". It wont let me do anything and disabled internet in windows. I'm running Linux on live CD right now. Microsoft Security Essentials can't detect the fake program. Does anyone know where the EXE is located so I can delete it manually? Seems to me like it may have things in your auto run on startup, as well as your registry.I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go. Share this post Link to post Share on other sites
NNNOOOOOO 0 Report post Posted August 2, 2010 Seems to me like it may have things in your auto run on startup, as well as your registry.I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go.Done tried that. Wasn't in startup folder. I did finally manage to find it and deleted it and stopped it in the processes. The file was called "dhktunmtssd.exe". How do I report it as a malicious file? Share this post Link to post Share on other sites
NNNOOOOOO 0 Report post Posted August 2, 2010 (edited) Nvm. I reported it to Microsoft.I fixed the internet. Only Firefox was working. I managed to get the others to work because that fake antivirus enabled proxy. I had to disable it. now it works fine. Edited August 3, 2010 by NNNOOOOOO (see edit history) Share this post Link to post Share on other sites
NNNOOOOOO 0 Report post Posted August 3, 2010 Email from Microsoft: The Microsoft Malware Protection Center (MMPC) strives to keep you informed about the status of your submission.Analysis of the file(s) in Submission ID MMPC10080238706584 is now complete.This is the final email that you will receive regarding this submission.You can view your submission online at the following link:You can view your submission online at https://www.microsoft.com/security/portal/submission/submissionhistory.aspx?SubmissionId=D5AD2B90-5275-4804-88F8-A83682650290 The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 8/2/2010 1:56:29 PM Pacific Time.Below is the determination for your submission.========Submission ID MMPC10080238706584 Submitted Files ============================================= dhktunmtssd.exe [Trojan:Win32/FakeSpypro]The following links contain more information regarding the detections listed above:http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fFakeSpypro Your submission was scanned using antimalware definition version 1.87.1119.0.========Detections listed above are included in the latest pre-release signatures and made available in the following formats:For Microsoft Antimalware products including; Microsoft Forefront products, Microsoft Security Essentials or Windows Live OneCare:* 32 bit operating systems:http://forums.xisto.com/no_longer_exists/ * 64 bit operating systems:http://forums.xisto.com/no_longer_exists/ For Microsoft Antispyware products including; Windows Defender:* 32 bit operating systems:http://forums.xisto.com/no_longer_exists/ * 64 bit operating systems:http://forums.xisto.com/no_longer_exists/ The following link explains how to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system:https://support.microsoft.com/en-us/kb/827218 Alternatively, detections listed above are included as an update and made available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.The latest antimalware definition update is always available for download at the following location:http://www.microsoft.com/security/portal/definitions/adl.aspx If you have questions relating to this submission please contact mailto:mmpcres@microsoft.com and reference your submission ID.========Additional HelpFor more information about updating definitions and answers to other questions, visit the following link:http://www.microsoft.com/security/portal/mmpc/help/malwareFAQs.aspx Protection updates are also be available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.The Microsoft Malware Protection Center (MMPC) Portal is continuously updated with detailed information about threats and definitions for Microsoft's Security related products.You can visit the MMPC Portal at: http://www.microsoft.com/security/portal/mmpc/default.aspx If you believe that any file that you submitted is being incorrectly detected or you have questions relating to this submission, please contact mailto:mmpcres@microsoft.com and reference your submission ID.If you need immediate assistance and information on best practices for removing malware in your environment, additional support options are available at the following websites:For IT Professionals -https://support.microsoft.com/ph/1173 For Home Users -https://support.microsoft.com/en-us Thank you,Microsoft Malware Protection Center Share this post Link to post Share on other sites
rob86 2 Report post Posted August 3, 2010 Good job getting rid of the virus. Make sure you check this also for the virus if you haven't already:Click Start button --> RUN --> Type in "msconfig" This will open a window, look for both a "Start-up" tab and "Services" tab. In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious. Share this post Link to post Share on other sites
NNNOOOOOO 0 Report post Posted August 3, 2010 Good job getting rid of the virus. Make sure you check this also for the virus if you haven't already:Click Start button --> RUN --> Type in "msconfig" This will open a window, look for both a "Start-up" tab and "Services" tab. In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.What's the "qilfugcd" item? Share this post Link to post Share on other sites
rob86 2 Report post Posted August 3, 2010 What's the "qilfugcd" item? gilfugcd was one of the things that run on startup? No idea what it is, but there's no match on Google for it so could be a bunch of random letters used by a virus. Any more information on it? Is it under services or the other tab? What is the path to it on your harddrive if it has one? Does it show a "Manufacturer" ? Share this post Link to post Share on other sites
NNNOOOOOO 0 Report post Posted August 3, 2010 gilfugcd was one of the things that run on startup? No idea what it is, but there's no match on Google for it so could be a bunch of random letters used by a virus. Any more information on it? Is it under services or the other tab? What is the path to it on your harddrive if it has one? Does it show a "Manufacturer" ? Startup item: qilfugcdManufacturer: UnknownCommand: C:\Users\John\AppData\Local\plwwththi\dhktunmtssd.exe (I now realise that that was the virus file I deleted)Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunDate disabled: I'll go delete the registry for it now. Share this post Link to post Share on other sites
rob86 2 Report post Posted August 5, 2010 Yeah good thing you found it. Share this post Link to post Share on other sites
Nik 0 Report post Posted August 20, 2010 Yes it is very good thing that your found the virus and finally you deleted the virus. Mostly when I face this problem and directly reinstall my window so it was totally hectic process for me. Now I have got very ideas about the deletion of such types of the viruses. For windows XP I removed the recently installed softwares so that I can get rid of the viruses. Share this post Link to post Share on other sites
deadmad7 4 Report post Posted August 20, 2010 Well, thats why should scan something with your Anti-Virus before opening it, especially if its illegal when you download music or movies from torrent sites. 5 minutes for scanning mean nothing to the hours spent trying to contain the virus Share this post Link to post Share on other sites
The Simpleton 2 Report post Posted August 21, 2010 Good job getting rid of it soon. But have you made sure that it hasn't infected any of your other files? Once I had a similar worm which disabled my internet connection. I was able to get rid of it and just to be safe I re-formatted my XP installation. But when I scanned with an AV Program, it detected over 1000 infections! The original worm was deleted but it left behind so many infections running silently So use a good anti-virus program to run a complete system scan and make sure there aren't any traces of the virus left. Share this post Link to post Share on other sites
NNNOOOOOO 0 Report post Posted August 21, 2010 Good job getting rid of it soon. But have you made sure that it hasn't infected any of your other files? Once I had a similar worm which disabled my internet connection. I was able to get rid of it and just to be safe I re-formatted my XP installation. But when I scanned with an AV Program, it detected over 1000 infections! The original worm was deleted but it left behind so many infections running silently So use a good anti-virus program to run a complete system scan and make sure there aren't any traces of the virus left.It enabled proxy so I couldn't surf the net (until I tried firefox). I had to disable proxy. The real antivirus found ~16 more viruses. Share this post Link to post Share on other sites
