Fake Trojans

R

Ron E

Just Want To Have Fun!
Joined
Nov 23, 2006
Messages
773
Location
Lillian, AL, USA
I've been using the paid version of Registry Mechanic software by PC Tools on my computers for a couple of years now, so I decided to try their free edition of Spyware Doctor software on my main work computer, a HP laptop with Windows XP Home Edition on it.

After downloading it from the PC Tools web site, installing it, updating it and running a full scan for "malware", it reported that I had 17 separate infections of a "trojan", a particularly bad thing to have that steals your passwords, records your keystrokes, etc., all being things that can generally wreck your life if not dealt with pronto.

But this software indicated it did not have the "anti-virus engine" installed, so it could not remove this malicious trojan from my computer. The software suggested I "upgrade" to the version that had this antivirus engine integrated into it, for a fee. I didn't bite.

Instead I downloaded and installed their separate free version of antivirus software. I updated it with the latest virus info and ran it. It didn't find a single bad thing on my computer!!

Then I unleashed my paid version of the fully updated Norton antivirus software. It also found nothing. I then ran Ad-Aware by Lavasoft and Spybot Search & Destroy by Safer Networking Ltd., all being fully updated and capable of finding and dealing with a trojan. They found nothing !!

So, it appears to me that this particular free software by PC Tools is written to fake an "infection" on your computer just to scare you into buying their software. I now wonder how many other software publishers may use this tactic to sell their software. It is purely a scam !!

My computer has been running fine with no problems, other than the general problems of Windows itself, so I have no reason to doubt the results of the other antivirus/anti-malware software I use on a regular basis.

Has anyone else on the forum made any similar observations?

.
 
There seem to be several of this around and they also seem to be the primary ones that come up searching for software.

I also bite with one and downloaded it. Seem it took forever to get rid of it. Funny part of it is Windows Media player 9 will display videos but has no audio since this encounter. Winamp work fine.

Don't know if Media Player 11 would work or not. I am still 98SE.
 
Went through nearly the same thing. Kids machine had seemed slow with Norton and a few months ago Norton expired. I puchased system mechanic and PcTools. PcTools in the 80s was one heck of a company and the reason I purchased the software.

I have had no problems with Kaspersky (which is also the engine for many firewall programs such as zone alarm).
http://www.kaspersky.com/

Backup..Backup..Backup before changing firewall & antivirus software!

I would not recomend any PcTools software. It reroutes your network card, buries itself deep in your system, and slows your computer. Their help desk is by email, with about a 36 hour response. I did have a rootkit virus that was heck to remove, required several hack tools, install over top, and service pack updates.

Norton uninstall does not remove the software. You have to download a special uninstall. PcTools says norton is a virus. This probably what PcTools is calling a virus. PcTools will not remove the old Norton and finally you may have to uninstall PcTools in real mode (f8).
 
I'm very suspicious of a red circle with a white "X" on it in the Taskbar tray (lower right of screen. It keeps popping up saying

"Your computer is infected! Windows has detected spyware infection! It is recomended to use special antispyware tools to pervent data loss. Windows wil now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!"

(the spelling errors are in the message itself ("pervent" and "recomend"), not my typing mistakes).

I seriously doubt this is being generated from Windows itself (running XP), but I can't get rid of it! Right-clicking does no good, trying to run it does no good..... don't trust ANYTHING on your computer unless you are absolutely sure where it came from or what's generating it.
 
I used to have more problems with anti-virus programs than viruses. Both Norton and PC-Tools are a joke....they slow the computer down and can't find half of the Trojans and viruses out there. I uninstalled them and cleaned all the junk they leave behind in the registry. Then I installed AVG Free (by Grisoft) and have not had a problem since. Several of my friends had the same problems and were running Norton that came with their computer. They removed it, installed AVG and also have not had any more problems....and their computers run so must faster. AVG also sends automatic updates about once a week. Be sure to run a complete check of the hard drive after installing and updating AVG.

You can download AVG Free Edition 7.5 here: http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff
 
I have the paid, updated Norton. I got infected by an adware thing that copies whatever I am looking for using Explorer, and automatically links you to their own site parallel to your own search. I notified Norton, so they could update the antivirus and firewall protection and prevent future attacks of their other subscribers. All they were concerned with was selling me a $100.00 live repair. F them. I downloaded Foxfire, and use it in place of Windows Explorer. I will never buy sNorton again. The updated Norton to this day still can't find the worm or trojan or spyware or whatever the heck it is. Probably Norton generates it themselves, that's why they can't find it...until you dish out an additional $100.0 to have their live geek extract it for you.
 
lanichol said:
Went through nearly the same thing. Kids machine had seemed slow with Norton and a few months ago Norton expired. I puchased system mechanic and PcTools. PcTools in the 80s was one heck of a company and the reason I purchased the software.

I have had no problems with Kaspersky (which is also the engine for many firewall programs such as zone alarm).
http://www.kaspersky.com/

Backup..Backup..Backup before changing firewall & antivirus software!

I would not recomend any PcTools software. It reroutes your network card, buries itself deep in your system, and slows your computer. Their help desk is by email, with about a 36 hour response. I did have a rootkit virus that was heck to remove, required several hack tools, install over top, and service pack updates.
Norton uninstall does not remove the software. You have to download a special uninstall. PcTools says norton is a virus. This probably what PcTools is calling a virus. PcTools will not remove the old Norton and finally you may have to uninstall PcTools in real mode (f8).
Click to expand...

Larry,

After reading about your trouble with a rootkit embedded in your registry, I thought I should do further checks on my computer.

I downloaded a free software tool from the publishers of Spybot Search and Destroy called RootAlyzer. Get it here: http://www.spybot.info/en/index.html . This is a great place for viruses to hide, says the software publisher, because they are invisible from most of the antivirus/antimalware software.

I ran the program and it found this:
----------------------
Comment:
File created using RootAlyzer to help your get rid of a rootkit.

Files to delete: none

Folders to delete: none

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\???\

COMBOFIX SCRIPT:

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\???\]


RootAlyzer Results:
RegyKey:"Hidden registry key","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\???\",""
--------------------------
It was hidden and had no legitimate purpose on my computer. I used Windows "regedit" command to go to it and delete it from the registry. I created a restore point before doing all this, of course.

Now, Widows XP runs noticeably faster!! Hope this is helpful.

I tried the online virus scan from the Kaspersky site before I did anything set out above. It took about 2 hours total. It found 4 "infections" of a "trojan", but the files it identified were actually Norton antivirus files, not real viruses. I guess these files look like viruses to other antivirus software. At least it shows you the file names so you can find the file and isolate the virus if it's real.

.
 
Malicious Software Removal Tool

Malicious Software Removal Tool

Spyware is not the same as a virus.
Usually Spyware doesn't let on it's on you PC.
A Virus will usually render your computer uncontrollable or crash it.

Windows posts a free malware removal program.

Windows Malicious Software Removal Tool
http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.


Just navigate to to the Microsoft Download Center web site.
It is run every time there is a security update to Windows before updates are downloaded to your computer.

Any one should be able to come back on the second Tuesday and run it over again.
 
I bought a spyware program and ran it. After that I can no longer log onto the Forum. It kicks me off when I try to login. I can only get on by clicking the links on my email. I think I will try some of these downloads you are talking about.
I agree with you about Norton , it will slow your computer down to where it times out trying to open a web page.
 
Go to www.download.com they have free versions of spybot,adaware,and AVG. They all work great. AVG is much better than McAfee or Norton. It found several things on my PC that neither one of them found. There are also paid versions of these programs on there that probably are much more in depth. The free versions however, work fine for me.
 
This is the tool some of the hardcore guys use for malware.
It let's them peak into the register.
http://www.malwarebytes.org/

Spybot, Lavasoft, ect, all good spyware & malware programs since 2000.

I used AVG for my email antivirus and let Outlook & my ISP filter the junk.

Malware, Spyware, Firewall. I found the new kaspersky Internet Security Software with no problems and pickups items Norton misses. Norton is often the target of malware, spyware, and viruses. Kaspersky was the engine provided to many of the firewall programs such as zonealarm.

At one time many of the IT guys at GE used zonealarm on their own PCs. Zonealarm came out with their own version that now seems to have lots of overhead like Norton. Kaspersky kicked out on their own and you will see good reviews. Does not slow your system, simple, and clean. Normally I would stay aware from a new product, but I had used zonealarm for nearly 5 years (Kaspersky engine) on one of my old machines with limited memory.

Firewall reviews
http://www.starreviews.com/Internet-Security.aspx?Refer=MIS&Keyword=p-internet-security
Antivirus review
http://anti-virus-software-review.toptenreviews.com/kaspersky-review.html

http://www.kaspersky.com/
http://www.zonealarm.com
 
Send a copy of your findings to the Consumer Protection Bureau, in DC as well as to the Attorney General's office in your own state. You can do it by Email and every little bit helps to get rid of "business"es which engage in that sort of nonsense.

tyc
 
I thought this thread was going to be about those things they were passing out at spring break.
 
Fffftt... Windows itself is a virus.

Try loading Ubuntu linux and get an OS that works the way YOU want to work with no DRM or other instances of the the OS bending over backwards to keep you from doing what YOU want to do on your own machine. Even Mac OS / OS X is just as bad a choice. It also is DRM infested and constantly works against you if you try to do anything they don't want you to do.

I'm not an advocate of piracy, but things I do on my own PC are my own business. Linux lets me do them, such as ripping CD and DVD's to put them on the hard drive so I can watch them without lugging a CD/DVD case around. No software spying on me or phoning home every time I use it. No software activations to treat me like a criminal when I payed good money for it. I can go to the Ubuntu repository and search through almost 25000 high quality software packages for everything from checkbook, to 3D CAD, to movie authoring... Bible software, OCR, scanners, graphics editing, high quality game... anything you can think of all 100% free to use.

If you play a Windows CD backwards, you'll hear satanic messages... but thats not even the bad part. If you play it forwards the darn things install windows. :eek:
 
I ran the RootAlyzer tool on my 2nd laptop with Vista. I had a rootkit wreaking havoc on it as well, as it has been behaving badly for a while. My wife used it without any antivirus software, since I removed the McAfee due to all the alarms and alerts, etc. it was presenting. I installed Norton SystemWorks Basic with antivirus. It could not see the hidden trojan in the win32 layer.

This is what Rootalyzer reported, and it showed me what to delete:
-----------------------

Spybot include file:
Comment:
File created using RootAlyzer to help you get rid of a rootkit.

Files to delete:none

Folders to delete: none

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\???backup 1_1483035893\

Registry values to delete: none
-------------------------------

I deleted this registry key using "regedit" and the computer changed its personality to the better.

Here is a link to the Spybot forum that explains how it works:

http://forums.spybot.info/showthread.php?t=24185

Go here, sign-up and post your questions to solve many computer problems. Talk to computer geeks for free.

.
 
Last edited:
Ron E said:
I ran the RootAlyzer tool on my 2nd laptop with Vista. I had a rootkit wreaking havoc on it as well, as it has been behaving badly for a while. My wife used it without any antivirus software, since I removed the McAfee due to all the alarms and alerts, etc. it was presenting. I installed Norton SystemWorks Basic with antivirus. It could not see the hidden trojan in the win32 layer.

Here is a link to the Spybot forum that explains how it works:

http://forums.spybot.info/showthread.php?t=24185

Go here, sign-up and post your questions to solve many computer problems. Talk to computer geeks for free.

.
Click to expand...

Ron,

Great link and forum. Explains rootkits. I had to grin at the problems people were having getting rid of rootkits. I think some of these rootkits remove and/or alter the windows system files as I had to reinstall on top of XP. It is obvious they change the registry.

It has been a couple of years, but I had used Spybot extensively. There was a problem with Lavasofts Ad-Aware say Spybot was a virus. I liked Ad-Aware (simple & cheap) so stayed away from Spybot and did not realize the Spybot forum had become so extensive.

Thanks.
 
You must log in or register to reply here.

Similar threads

nishanh
Software application I'm working on
Replies
11
Views
596
Abid
Abid
okikuma
U.S. Army Aviation Has New Tools To Help Student Pilots
Replies
3
Views
659
Gyro-nut
Gyro-nut
M
The Analog Engineers Pocket Reference
Replies
1
Views
354
okikuma
okikuma
kolibri282
Computer program user's manual for advanced general aviation propeller study
Replies
5
Views
769
querist
querist
jffili
Mosquito pilot kit
Replies
13
Views
705
jffili
jffili
Top