since maybe a few weeks ago, on the odd occasion I’ve had a pop-up in my browser (IE7), so usually when I open a link with a new tab (not a specific link or website), that says “Windows Security has found critical process activity on your PC and will perform fast scan of system files”, at the web address ‘anti-virus-avira.cz.cc/fast-scan’.
Screenshot:
So far I’ve just ended the iexplore.exe process to close it, and I don’t think my girlfriend’s encountered it.
Despite multiple scans with Malwarebytes’ Anti-Malware, ESET NOD32 Antivirus, Spybot - Search & Destroy and Lavasoft Ad-aware SE Personal, I apparently have no infections (bar S&D and Ad-aware finding the usual temp files and that).
I even did a Malwarebytes scan in Safe Mode. No infections.
Assuming I get the same result with the other scanners in Safe Mode, what can I do? Live with it? >_>
Super Antispyware gave me a load of adware and one false positive (I figure it’s a false positive anyway - it’s in a game’s ‘bin/release’ folder, and called ‘loader.exe’).
Hitman gave me 4 ‘suspicious’ results (all in C:\WINDOWS\system32) and 4 tracking cookies. The suspicious results are called ‘FLACDX.ax’, ‘MPCDx.ax’, ‘RLAPEDec.ax’ and ‘RLMPCDec.ax’.
Google says the suspicious results might be from ‘Super’ (a video converter).
I didn’t know moving to a newer IE could stop it. I’m on IE7 because IE8 was buggy (as with all new things). There wasn’t any indication that any other browsers were more safe than the rest, so I stuck with IE7.
But I assume IE8 has improved and can even play videos now. >_>
IE8 is stable (it’s been around for some time) and is safer than IE7.
My idea is: if your browser is compromised (if) installing IE8 (wich will delete IE7 during installation) may solve the issue.
Doesn’t hurt trying.
Correct! and it will not if you have what is suspected
Sure, running IE7 is unacceptable nowadays, but as far as I can see it - the browser (any) issue is irrelevant at this point
You have to investigate whether you are infected / fix it if that is a case/ … and then … either upgrade IE or just forget about it and never use it
=======
‘FLACDX.ax’, ‘MPCDx.ax’, ‘RLAPEDec.ax’ and ‘RLMPCDec.ax’ do belong to Super, which I’m using 4 ages
& I have all of them in \system32\ (XP Pro, SP3)
Those were flagged by some security in the past & were FPs indeed, so HitmanPro most likely is wrong
Sure, do not ever worry about any Tracking cookies - they are not representing threats… better to disable scanning for tracking cookies
The “loader.exe” though may need some attention and closer investigation
Please try scanning with Emsisoft Emergency Kit (EEK) download EEK
or
you may straight away go into this section of the forum and attach all required log files as in “START HERE”
killswitch is a process monitor that is bundled with comodo cleaning essentials
i see that you have cis installed i would recommend go to defense + and click active process list and find the rogue process right click it and terminate and block it. this will prevent it from running until you can get it removed
Perhaps this is in fact not on my computer, but has instead spread to many websites on the net? Google is telling me it gets on the website’s servers, and how widespread this is.
Have you upgraded to IE8? Did it make a difference?
Have you tried Emsisoft’s kit?
In the meantime have a go with GMER http://www.gmer.net/ just for peace of mind.
I had figured that site was bad considering it redirected my browser to it with some badly typed pop-up saying it’s going to ‘scan’ me whether I like it or not.
Too early to tell if going on IE8 has made a difference yet. Other than IE8 is a bit slower than IE7 when opening new tabs sometimes. Improvement, eh? -_-
It only showed up once every week or few days, so have to wait and see.
I haven’t tried the emsisoft thing, is the ‘loader.exe’ result a risk even though it’s in a game’s folder?
I’ll look at gmer, but I’m weary about downloading and installing even more things, especially if I don’t know what I’m doing and if I get a false positive.
I’m not sure why you were a bit sarcastic in this particular response?
Nobody asked how the game was obtained or whether it has special “game protection”; etc. Definitely we do not rely on file names and if that is a legit “loader.exe”- so be it. If that is just a Riskware - it can be whitelisted (… depends)
Have you submitted the file to the vendor who flagged it?
As for other things - sure you have to stop loading different security.
Eventually you will overdo and/or remove whatever is not suppose to be removed … and so on…
After all, when you will eventually ask the expert to help either the damage will be unrecoverable or you will be asked to disable / uninstall unneeded security
Anyway, if you still wanna scan with Gmer - please do not ever act on any “red” flaggings produced
Ask certified malware fighter
Well it has links to download and says files will be copied onto the system. I’m not that bothered about that anyway, just all the extra effort to constantly scan and download things, only to find there’s nothing on my system, or finding potential false positives theat involve a load of Googling.
Especially as it seems nothing seems to stop nasty things getting on a computer, no matter what the firewalls and antiviruses. We live in a world where anyone can get anyone’s info if they put a little effort into it, and hackers can do anything. It’s pretty tiring.
Whenever I suspect there’s something wrong with my machine I just reinstall the OS.
Why? Well… to look for an issue may take… (how long has this thread been going on?).
To get things from scratch will take one afternoon.
check here , go to IE setting, at the top go to connection settings, click lan settings. Maje sure thing is entered in any of the boxes, especially the proxy settings.
