From my looking this up this is very recent. I would follow the following
Update your dat files and scan your PC with Virusscan in Safe Mode.
To do this, tap F8 repeatedly while booting up. You'll get a boot screen with choices. Pick Safe Mode. Your PC will boot in a low resolution state as most processes won't be running. Go to "My Computer" (XP) or "Computer" (Vista), right-click the hard drive and select "Scan" from the drop-down menu. You'll see an extra taskbar icon which will show a progress report if you hover over it.
If you think you have a virus infection on your PC do one or both of the following :
- Run the free Mcafee Stinger program from http://vil.nai.com/vil/stinger/ -
set it to Report Mode and very high sensitivity (in Preferences) and post the logs of anything it detects.
- Join the McAfee Getsusp group at https://community.mcafee.com/groups/getsusp30-beta-feedback
You will have to ask there for Getsusp, which is a Beta program and not yet on general release.
Before you use Getsusp, you should go to this document
and download the PDF file explaining what Getsusp is and how it works, and this document
which downloads the installation guide PDF document.
If you want a second opinion, or to be on the safe side, then you can do a scan with the free versions of these tools :
If you already have Malwarebytes installed, the virus could be protecting itself against it. In that case, in order to get Malwarebytes running you'll need to rename the executable. Open the C:\Program Files\Malwarebytes Antimalware folder, then rename the "mbam.exe" file and double-click directly on the file to open the program. After updating the program, run a full system scan using Malwarebytes.
Make sure both programs are updated to the latest versions before running them and let them clean anything they find. If they quarantine a file or fail to remove a file try to get a copy of it and send it to Mcafee using the virus submission path described here :
Send the file to mcafee labs at http://vil.nai.com/vil/submit-sample.aspx
Zip the file and password it with password infected.
You will probably get an autoreply back saying it is infected; reply asking for it to be manually tested.
Include in your first submission :-
Please provide the following information along with your sample. It will help us speed the sample review process:
· A list of all files contained in the sample submission, including a brief description of where or how you found them
· What symptoms cause you to suspect that the sample is malicious
· Whether any security products find a virus (tell us the security vendor, its product name, the version number, and the virus name assigned to the sample)
· Your McAfee product information (product name, engine, and DAT version
· Any system details that may be relevant (operating system, service packs, etc.)
As I mentioned it appears to be new so might take a bit to get it removed
Thank you for your reply! I did as directed, and still working on it first thing this morning. After running the "Stinger" program, posted in the (results?) field "...svchost.exe is infected with the FakeAlert!FakeXPA virus!!!" I joined the group for GetSusp, downloaded and ran this program. The results from this scan identified 3 Suspicious files and 4 Unkown files. "Suspicious samples have been successfully delivered to McAfee Labs"
I am trying to find out how to post the results (log?) in the forum for GetSusp, but I don't know how. I was able to find the report on my computer.. I see "XML Document, XSL Stylesheet, Text Document"
Where do I go from here? Thank you!
Tony, I have this virus as posted in another thread. Im quite certain that it happened after a Myspace visit, and I've heard this from others that say the same and others from a Facebook visit. Maybe they are targeting social network sites?
I can run Malwarebytes and also McAfee with both uptdated and they turn up nothing.
Since Malwarebytes does run the scan ....should I still change the name of the exe file then run it.........or is that only if MB does not run at all?
Thanks I'm ok but not all that tech savvy.
Also there is some sort of phantom voice thing (audio pop up) happening....sort of like a radio broadcast even when I shut the browser down. I use Firefox. This is only happening on one user ID out of three in Vista 32.
Post the second zip file in new thread ie teh small 1.
Dani try getsusp as well. Only rename MWB if it will not update or run
I believe it came from Facebook as well, but I am not certain. I know yesterday when it all began to happen I was on Facebook, Hotmail, and Youtube.
When you say post the results in a new thread, are you talking copy and paste.... or as an attachment. Just don't want to attach anything that will cause virus to spread when they open attachement or click on its link. I am not computer savvy so please.. step by step. Thank you for all of your help. As for the Malwarebytes: I have anything that turned up in its results quarintined. I have a couple options at the bottom of the program, "delete, delete all, restore, restore all". I know for sure I don't want to restore! After running the GetSusp, it says "Suspicious samples have been successfully delivered to McAfee Labs". What else can I do in steps to get this virus off my computer?
Danii, I had the same thing happen with the "phantom voice". I ended up completely closing my laptop while it was still running to shut it down quickly. I knew right thing that something was horribly wrong! I scanned with McAfee as well, but it turned up clean with only a tracking cookie. Malwarebytes, GetSusp, and Stinger however are telling a different story..
sinkingwaterbug.................I just ran stinger after disabling system restore, I set in on very high and report and it found nothing. I think I did it correctly..although when I went back to preferences on stinger (just to check it after the scan) it said very low when I opened up the preference tab the second time after the scan. also bootlogs was not checked....so mabe I have to run it again
What number update of Malwarebytes found your problem because mine did not find anything earlier today (Monday).
I really hope McAfee gets on this thing in the next day.
Is your laptop now clean?
Thanks for response
I am at a total loss as to what Getsusp is. I read the pdf on it and its very confusing to me.
Does it remove the problem if found? Can someone explain how it works?