+ Post New Thread
Results 1 to 4 of 4
General Chat Thread, Internet Protection Firewall Alert Fake alert I can not get rid of in General; ...
  1. #1

    Join Date
    May 2008
    Location
    York
    Posts
    515
    Thank Post
    22
    Thanked 49 Times in 46 Posts
    Rep Power
    24

    Internet Protection Firewall Alert Fake alert I can not get rid of

    Ok so done all the normal stuff

    booted to safe mode
    ran malwarebytes it find nothing at all.
    used these online instuctions and deleted the below but every time i reboot it still comes back

    •%Documents and Settings%\[User Name]\Desktop\Internet Protection 2011.lnk
    •%Documents and Settings%\[User Name]\Start Menu\Programs\Internet Protection 2011
    •%Documents and Settings%\[User Name]\Start Menu\Programs\Internet Protection 2011\Internet Protection 2011.lnk
    •%Documents and Settings%\[User Name]\Start Menu\Programs\Internet Protection 2011\Uninstall Internet Protection 2011.lnk

    to make it worse its my mothers pc and she is 350 miles away so doing it remotely.

    any ideas welcome right now.

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,694
    Thank Post
    335
    Thanked 515 Times in 483 Posts
    Rep Power
    179
    Quote Originally Posted by imiddleton25 View Post
    •%Documents and Settings%\[User Name]\Desktop\Internet Protection 2011.lnk
    •%Documents and Settings%\[User Name]\Start Menu\Programs\Internet Protection 2011
    •%Documents and Settings%\[User Name]\Start Menu\Programs\Internet Protection 2011\Internet Protection 2011.lnk
    •%Documents and Settings%\[User Name]\Start Menu\Programs\Internet Protection 2011\Uninstall Internet Protection 2011.lnk
    Is that all you deleted? Bearing in mind .lnk is just shortcuts. Malware bytes updated before scanning? Have you sorted the dll files, and registry keys it changes? Did you disable system restore before killing it? etc etc If not, I'll post some areas to check.

    1) Stop any exes running from it (SmartIP2011.exe etc)

    2) Regedit, and delete:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "Smart Internet Protection 2011"
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
    HKEY_CLASSES_ROOT\SmartIP2011.DocHostUIHandler
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:25401"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings "UID" = "7"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\5.0User Agent\Post Platform "88780570603"

    3) Unhook services
    regsrv32 /u mozcrt19.dll
    regsrv32 /u sqlite3.dll

    4) Delete
    %UserProfile%\Application Data\Smart Internet Protection 2011\
    %UserProfile%\Application Data\Personal Internet Security 2011\cookies.sqlite
    %UserProfile%\Application Data\Personal Internet Security 2011\Instructions.ini
    c:\Documents and Settings\All Users\Application Data\e659\
    c:\Documents and Settings\All Users\Application Data\e659\7377.mof
    c:\Documents and Settings\All Users\Application Data\e659\80e9877130a15854a99bf6dd8d368239.ocx
    c:\Documents and Settings\All Users\Application Data\e659\mozcrt19.dll
    c:\Documents and Settings\All Users\Application Data\e659\SmartIP2011.exe
    c:\Documents and Settings\All Users\Application Data\e659\PIS.ico
    c:\Documents and Settings\All Users\Application Data\e659\sqlite3.dll
    c:\Documents and Settings\All Users\Application Data\e659\unins000.dat
    c:\Documents and Settings\All Users\Application Data\e659\PISSys\
    c:\Documents and Settings\All Users\Application Data\e659\Quarantine Items\
    c:\Documents and Settings\All Users\Application Data\PIKKS\
    c:\Documents and Settings\All Users\Application Data\PIKKS\PIQBS.cfg
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Internet Protection 2011.lnk
    %UserProfile%\Application Data\Smart Internet Protection 2011\
    %UserProfile%\Application Data\Smart Internet Protection 2011\cookies.sqlite
    %UserProfile%\Desktop\Smart Internet Protection 2011.lnk
    %UserProfile%\Start Menu\Smart Internet Protection 2011.lnk
    %UserProfile%\Start Menu\Programs\Smart Internet Protection 2011.lnk
    Steve
    Last edited by Steve21; 12th April 2011 at 08:23 PM.

  3. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by imiddleton25 View Post
    %Documents and Settings%\[User Name]
    I removed a similar fake-antivirus application from a laptop a week or so ago - the actual thing being run was simply a randomly-named executable in the user's Documents and Settings folder, I just removed that and rebooted and that seemed to fix it. Check Documents and Settings for executables, probably via a boot CD (I used SystemRescueCD) - the application might be able to hide references to its own executable file.
    Last edited by dhicks; 13th April 2011 at 09:08 AM.

  4. #4
    eddyc's Avatar
    Join Date
    Aug 2008
    Location
    Bristol
    Posts
    434
    Thank Post
    98
    Thanked 47 Times in 43 Posts
    Rep Power
    22
    I find that if you use a good machine to download combofix and stick it on a memory stick then boot the bad machine into safe mode it generally works well at removing fake viruses - it sounds simular to one that I have removed this weekend.

    Ed

SHARE:
+ Post New Thread

Similar Threads

  1. Alert notification
    By theeldergeek in forum How do you do....it?
    Replies: 9
    Last Post: 3rd December 2010, 10:23 AM
  2. Internet Explorer security alert
    By penfold in forum General Chat
    Replies: 26
    Last Post: 17th December 2008, 08:19 PM
  3. IE 7 alert is it really that bad??
    By mikeymike in forum Windows
    Replies: 2
    Last Post: 16th December 2008, 11:48 AM
  4. Pupil alert!
    By Gatt in forum Comments and Suggestions
    Replies: 56
    Last Post: 8th February 2007, 08:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •