Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake Update Message Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Fake Update Message Virus

Unread postby 15burgja » February 20th, 2015, 7:45 pm

Here is Search.txt:

Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Jack at 2015-02-20 17:43:17
Running from C:\Users\Jack\Downloads
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;vxmclient" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
""="IUccUserSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
""="_IUccUserSearchQueryEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-909053488-847819577-1169221515-1000\Software\Trolltech]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

====== End Of Search ======
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm
Advertisement
Register to Remove

Re: Fake Update Message Virus

Unread postby Gary R » February 20th, 2015, 8:33 pm

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
[-HKEY_USERS\S-1-5-21-909053488-847819577-1169221515-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby 15burgja » February 21st, 2015, 12:04 am

Here is fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Jack at 2015-02-20 22:02:59 Run:2
Running from C:\Users\Jack\Downloads
Loaded Profiles: Jack (Available profiles: Jack)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
[-HKEY_USERS\S-1-5-21-909053488-847819577-1169221515-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
*****************

HKEY_USERS\S-1-5-21-909053488-847819577-1169221515-1000\Software\Trolltech => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-909053488-847819577-1169221515-1000\Software\Trolltech => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.

==== End of Fixlog 22:02:59 ====
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby Gary R » February 21st, 2015, 1:16 am

How is your computer behaving now ? Have you been getting any of the update messages recently ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby 15burgja » February 21st, 2015, 4:41 am

Yes, I just got a message to update flash. Do programs like flash and Microsoft silverlight bring up messages asking to update? Maybe they are legit and I am just being too cautious. I know the messages I was getting to update chrome were fake, but I have not gotten one of those in a while.
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby Gary R » February 21st, 2015, 2:19 pm

Some programs will just update automatically, some will prompt you when a new update is available, it depends on how you have them set up.

The default setting for Flash is that it auto updates, but there is a check box which if ticked will cause it to prompt you. I don't use Silverlight, so I can't say if the same applies, but I suspect it probably does.

If you are in doubt, then what I suggest you do is manually download and install the latest versions of Flash and Silverlight from ....

https://get.adobe.com/flashplayer/
http://www.microsoft.com/getsilverlight ... fault.aspx

.... and see if the prompts to update those programs stop.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby 15burgja » February 22nd, 2015, 12:52 am

I just updated both programs. The thing that got me concerned was whenever I would get one of these messages, I would go into the task manager and see what the messages were called. The name was vxmclient and I looked that up on the internet and it said it was a virus.
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby Gary R » February 22nd, 2015, 3:13 am

Vxmclient is part of Windows Network Client and developed by MicroStudio.

http://www.freefixer.com/library/file/v ... xe-154867/

http://www.herdprotect.com/vxmclient.ex ... 2ba31.aspx
https://www.virustotal.com/en/file/bbdd ... /analysis/

You have a program on your computer by Micro Studio called Windows Network Accelerater, I didn't find anything about it that definitely determines it as malware, but if you did not install this program yourself let me know, and we can remove it.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby Gary R » February 25th, 2015, 2:07 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware