Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions


MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.


Unread postby marzipanjn » August 2nd, 2010, 9:58 pm


Firstly, I apologize for not being able to supply a HiJackThis Log or Uninstall Log. I cannot go online or utilize my Desktop icons or even my Dock icons. When I click on my HijackThis icon or Dock icons they just flash and go away in split seconds. Now I will procede to tell you precisely what has happened to my computer.

I have a Dell Inspiron XP 6000. I was working this morning on my computer when it became sluggish. I got a pop-up that said, "SECURITY WARNING", with a red circle with a white X inside. It said, "application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your AntiVirus Software now? yes or no."

If you say no it comes back within seconds. If you say yes, a website comes up that is called ANTIVIR SPYWARE and prompts you to purchase. If you do nothing, a few seconds later another pop-up comes up with a red border at the top. It says, "ANTIVIRUS SOFTWARE ALERT". "Infiltration Alert: Your computer is being attacked by an Internet virus. It could be a password-stealing attack, a Trojan-dropper, or similar."
There is a DETAILS section in that pop-up. "Attack from:, port 24421. Attacked Port: 41665. Threat: BFox.A. Do you want block this attack?"

DETAILS changes every few minutes. Here is another one: "Attack from:, port 42972. Attacked Port: 38825. Threat: BFox A. Do you want block this attack?"

Another alternate DETAILS: "Attack from:, port 34696. Attacked port: 19958. Threat: Win32/Nuqel.E

Another alternate DETAILS: "Attack from:, port 21072. Attacked port: 40986. Threat: BankerFox.A. Do you want block this attack?" They just continue on changing at random every few minutes.

The next pop-up window is larger with a bright red top border and shield with an exclamation point inside of it. It says, "Vulnerabilities Found-Your computer is infected by Spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect you computer and activate realtime secure protection against future intrusions." Then there is a blue line (highlighted) that says, "Why do you need realtime spyware protection ?"
"Upgrade to full version of antivirus software to clean your computer and prevent new security and privacy attacks. You will be able to download daily updates and get online protection against Internet attacks."
Then you have choice to click on either "activate your antivirus software or stay unprotected".

If you do not do anything, which I did not, then an online porn site opens: http://www.porno.org. then it follows with another site: http://www.viagra.com and then http://porno.com follows next. I have never seen these sites before.

I did run my free SUPERANTISPYWARE version that was on my desktop (I was able to double click it). Although, it would not let me upgrade before running. I also could load definitions. It took almost four hours to scan and came up with 219 cookies and one Trojan. I clicked for Quarantine and it processed it and listed them and said reboot. It did reboot my computer but it seemed even worse with the constant pop-ups and porn sites.

Thank you so much for your time. Please help.
Active Member
Posts: 2
Joined: August 2nd, 2010, 7:58 pm
Register to Remove


Unread postby NonSuch » August 3rd, 2010, 1:22 am

We understand that you are having difficulty running certain programs, including HijackThis. However, in order for us to help you it is necessary that you provide us with a HijackThis log, and it is possible you may be able to trick the malware into letting you do this. First, download HijackThis to a clean computer, then rename it from HijackThis.exe to any other name you want, using an .exe extension, for example... YourLastName.exe. Once you have done that, burn it to a CD (preferable to using a flash drive that may easily become infected) then transfer the renamed file to the infected computer and run a scan, then start a new topic and include your HijackThis log.

If that does not work, try the following:

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two, or Three

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Next, please follow the guideline at the link below to start a new topic and post your HijackThis log. If you are unable to create and post a HijackThis log, then your only option may be to reformat your computer and reinstall the operating system.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
Posts: 27584
Joined: February 23rd, 2005, 7:08 am
Location: California

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware