unknown virus causing fake system messages

McAfee Communities Security Awareness Malware Discussion Discussions

Up to Discussions in Malware Discussion

4240 Views 5 Replies Latest reply: May 3, 2008 1:58 PM by paullotion

Apr 30, 2008 12:18 PM

Unknown Virus causing fakesystem messagesWindows XP Pro service pak 1Using McAfee Personal firewall plus

A few days ago is when this all started. When I start up the system a WindowsSecurity Center menu pops up on the desktop. It does not say there is any problem.

It has a subtitle 'Security essentials' and under it are three third party listings fordownload and install. 1. UltimateFixer. 2. SystemDefender 3. SysCleaner.I of course had no reason to download any of them not knowing anything about whatthey are.

Then there are several messages that separately pop up at random, whether I amworking on the computer or it is just sitting idle. Here is what they are...

Download Manager - An error encoutered trying to open the file caused the downloadto fail.

SysFader: IE7EXPLORER.EXE - Application Fatal Error- The instruction at 0x01cf34739 referenced memory at 0x02dfe50. The memorycould not be read.

Your system is unstable- A problem has been detected and Windows has been shutdown buggy applicationto prevent damage to your computer. Kernel32x.SYS - Address 0xA73C20AE base,error code C03200, DateStamp 56b836A3, Kernel Debugger on port: COM3

System Shutdown-This system is shutting down. Please save all work in progress and log off. Anyunsaved chages will be lost. This shutdown by MyName/Administrator . Time beforeshutdown: 00:23Message -Critical system error. Process Isass.exec, module: kernel321.dll at address0x78221981.

-----------------------------------------------------My system seems to work fine except for these wierd messages and it does shutdown the system when it says it will and restarts. Something, somehow got past myMcAfee protection. A virus scan does not seem to find anything nor does a spywaresearch.

Can someone please tell me what invasion has caused this and how to safely removeit?

Like (0)

1. Apr 30, 2008 12:56 PM (in response to DTX)RE: Unknown Virus causing fake system messages

XP SP1 is inherently unstable and unsafe as Microsoft no longer support nor patch itfor security....see HERE.

I suggest that you apply SP3 as soon as Windows Update offers it to you - thatincludes all past updates.

Try scanning with the free versions of this anti-spyware tool:

http://www.superantispyware.com/superantispywarefreevspro.html

ActionsView print preview

More Like This

Need help with a virus!

mcafee causing bsod,helpplease?

Re: SecurityCenter not working

Blue screen shutdown

Re: After restart, system crashes(BSOD) whenever attempting toconnect to the Internet

View:

Bookmarked By (0)

No public bookmarks exist for thiscontent.

DTX3 posts sinceMay 30, 2005

Ex_Brit60,420 posts since

May 6, 2004

Welcome, Guest Log in Register

McAfee Communities McAfee Support Useful Links

Home & Home Office Business Security Awareness Help Log in

McAfee Communities: Unknown Virus causing fake system... https://community.mcafee.com/thread/5790

1 of 4 8/27/2013 10:22 PM

If that doesn't help then try Hijackthis and post its log on one of the following forumsfor expert help:

Do not post the log here, we can't help!

DOWNLOAD HIJACKTHIS

Post the logs at a specialist Forum:

AUMHA FORUM

BLEEPING COMPUTER FORUM

GEEKS TO GO FORUM

MAJOR GEEKS FORUM

MALWARE REMOVAL FORUM

SPYWARE INFO FORUM

TECH SUPPORT GUY FORUM

WHAT THE TECH FORUM (Formerly Tom Coyote)

Be sure to read all the sticky announcements/instructions at the top of eachmalware forum!

Toronto CanadaVolunteer ModeratorI can't help you privately - please post in the ForumsUse Advanced Forum Search To Find AnswersHow to Uninstall/Reinstall McAfee Home Products (Except Anti-Theft)How To Submit A False Detection To McAfeeBeta Test McAfee Products For PC & MACAnti-Spyware/Malware & Hijacker Tools

Report Abuse Like (0)

2. May 2, 2008 4:43 PM (in response to Ex_Brit)RE: Unknown Virus causing fake system messages

I already had run those scans before seeking asistance. Neither theSuperAntiSpyware scan log, nor the hijackthis scan log revealed the virus. I also didthe long downloads of McAfee VirusScan 12.0 and latest update 12.0.177. I have tosay I was quite disapointed that the McAfee scan was unable to detect the virus.

I came here to the McAfee forum because I felt that someone associated with McAfeewould be knowledgable enough to tell me what virus or viruses would be causing thepopups that I have posted. From what I could tell, it is a sasser type of virus, I triedlooking at the library of virus listings that McAfee has but was not familiar enough withthat system to find it.


3. May 2, 2008 5:52 PM (in response to DTX)RE: Unknown Virus causing fake system messages

This is a public forum manned by unpaid volunteers. I can flag this for one of myco-moderators who maybe has more knowledge on the subject if you wish.

Professional McAfee help for clearing infections is available for a fee, at least thisforum is free and had you posted the HJT log on one of those forums they wouldhave probably given you much more information as they specialise ininfections...again for free.

There isn't an application on Earth that will catch every kind of infection out there. It'sup to the user to be careful and operate a safe machine. Much of keeping a machinesafe is in making sure that your operating system is up to date. Using XP SP1 meansyou are missing hundreds of security updates dating from October 10, 2006 which iswhen support for that service pack ended.

As I said, I'll flag this if you wish, but he'll just tell you the same thing. I can't evenguess what the problem is myself, sorry.

DTX3 posts sinceMay 30, 2005

Ex_Brit60,420 posts since

May 6, 2004


2 of 4 8/27/2013 10:22 PM

Toronto CanadaVolunteer ModeratorI can't help you privately - please post in the ForumsUse Advanced Forum Search To Find AnswersHow to Uninstall/Reinstall McAfee Home Products (Except Anti-Theft)How To Submit A False Detection To McAfeeBeta Test McAfee Products For PC & MACAnti-Spyware/Malware & Hijacker Tools


4. May 2, 2008 11:10 PM (in response to Ex_Brit)hmmm

The shutdown sequence can be aborted by pressing start and using the Runcommand to enter shutdown -a. This aborts the system shutdown so the user maycontinue what he or she was doing.

If you feel its sasser try this

http://vil.nai.com/vil/content/v_125007.htm

Also try the STINGER

UltimateFixer is a corupt anti-spyware parasite that uses false advertising to infiltrateuser systems and trick unsuspecting users into buying its full version. Not only isUltimateFixer a scam tool, it may also install additional malware into your computer.DO NOT trust, download or buy UltimateFixer: it is just another scam roaming theinternet!

RUN HijackThis and then Post the Log to specialist forums for that!If the ultimate Fixer has got installed try these

Kill the processes:UltimateFixer.exe

Delete registry values:HKEY_ALL_USERS\Software\Ultimate FixerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ultimate FixerHKEY_LOCAL_MACHINE\SOFTWARE\Ultimate FixerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Ultimate Fixer" = ""%ProgramFiles%\Ultimate Fixer\UltimateFixer.exe" hide"

Delete files:UltimateFixer.exe UltimateFixer.db ufixer.pkg program.info

Delete directories:%ProgramFiles%\Ultimate Fixer\


5. May 3, 2008 1:58 PM (in response to vinod_r2)RE: hmmm

This is caused by the fact you only have SP1 installed, i would not be surprised if youalso have bots and rootkit infections present, no vendor could protect you with avunerable operating system such as you have. SP1 has not been supported sinceOctober 2006, which means you have had no updates from Microsoft, leaving yoursystem wide open, nothing Mcafee or any other vendor can do to stop you frombecoming infected due to this, its that simple.

The Black Bear

*Important News for BT/TalkTalk customers*

BT/TalkTalk dump Phorm spyware, for more information see this article Here , alsovisit the NODPI website for much more information relating to DPI.


vinod_r23,130 posts since

Feb 15, 2008

paullotion8,078 posts since

Apr 13, 2006


3 of 4 8/27/2013 10:22 PM

Go to original post

Contact Us Careers Legal Notices 2003-2013 McAfee, Inc.


4 of 4 8/27/2013 10:22 PM

unknown virus causing fake system messages

Documents