it is a virus asking permission to infect your comp which it did when you down loaded it you need to run antivirus to get it off your computer the faster the better

Hi,



Windows never says ''You are infected''. It always expresses it self in numbers (000000x2). DO NOT CLICK ON download antispyware because that will give the virus permission to start.

If you have antivirus or any other trusted programs to remove threats use it to scan your computer.

This is a scam. Do not buy any software, and do not click on the advert. Go to these websites and download the software there.

http://free.grisoft.com/doc/download-free-anti-spyware/

http://www.spywareterminator.com/

http://www.free-av.com/ (if you do not already have anti-virus, if you do, uninstall avira immediately after solving the problem)

http://www.safer-networking.org/ (spybot)

Install it, update it and scan your computer. Remove what they find and the problem should be fixed.

Your computer has a Smitfraud infection. Click on the link that says "How to remove MalwareBell" here:

http://msmvps.com/blogs/hostsnews/archive/2008/04/16/1591440.aspx

To get rid this



download NOD32 from DOWNLOAD.COM For anti-virus



download spybot search and destroy from SAFER-NETWORKING.ORG to delete spyware



And download ad-aware from WWW.LAVASOFT.COM for Adware



these are all free softwares and they stand's as best among all other.For a better usage of Ur system Download updates regularly from their appropriate websites and scan your system atleast once a week.

1. Download and run firefox to protect your from future spyware attacks and pop ups which are coming in through Internet Explorer IE!! (Trojan downloaders, win32 ).

http://securitynewsfromthenet.blogspot.com/2007/05/spyware-fighter-essentials.html see what java script can do http://blog.trendmicro.com/bhutto-assassination-javascripted/



2. Run the vundo and combo fix http://securitynewsfromthenet.blogspot.com/2007/05/vundofix-and-combo-fix.html



3. Run Malwarebytes Anti-Malware

http://securitynewsfromthenet.blogspot.com/2008/03/malwarebytes-anti-malware-105.html



4. Run the anti spyware remove programs spybot http://securitynewsfromthenet.blogspot.com/2007/03/spybot-search-and-destroy-spyware-and.html and superantispyware http://securitynewsfromthenet.blogspot.com/2007/04/superantispyware-home-edition-free.html to get rid of the nasties



5. Run a complete scan with free curing utility Dr.Web CureIt!

http://www.freedrweb.com/

Hi, Brad! I suggest you download AVG 7.5 (from the AVG website), install it, and set it scanning ALL your hard drives. While you do that, download Windows Defender, install it and have it scan ALL your hard drives. Both these programs are free and they WILL get rid of most viruses. They are easy to setup, update their programs and virus lists and you can run them anytime.



PS Stay away from Adaware. It puts more crap on your drive than it removes.

I agree with getting an anti-virus program and run it, but I would also get adaware and spybot and run those.

More importantly, if something pops up wanting you to download something, don't. More than likely you are only downloading a virus and infecting yourself willingly. Then, you are giving someone a back door to your computer and they can control your computer, get whatever information they want, and you won't know any different.

Until you get an Anti Virus program running, I wouldn't put any private information onto your computer, including ordering anything with a credit card, or using any other personal information.

It's Trojan.Vundo. Details below:







Discovered: November 20, 2004

Updated: May 9, 2006 5:50:26 AM

Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000



Trojan.Vundo is a component of an adware program that downloads and displays popup advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.



Trojan.Vundo consists of the following components:

HTML code that exploits the Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515)

A downloader component

Adware

A DLL module that is installed by the adware



The HTML code exploits the Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515) and attempts to download and execute the file C:\bla.exe, from the domain http://83.149.86.132/minst.exe. This is the downloader component of the Trojan.



Virtual memory may be degraded when the Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515) is being exploited.



Once executed, the Trojan creates a .exe file with a file name that it is constructed from the following strings:

abr

av

anti

ac

acc

ad

ap

as

bin

bas

bak

cab

cat

cmd

com

cr

c

drv

db

disk

dll

dns

dos

doc

dvd

eula

exp

fax

font

ftp

hard

iis

img

inet

info

ip

java

kb

key

lib

log

main

ms

mc

mfc

mp3

msvc

net

nut

odbc

ole

pc

ps

play

ras

reg

run

sys

srv

svr

svc

s

tapi

tcp

task

un

url

util

vb

vga

vss

xml

wave

web

w

win

wms



The Trojan then saves and executes the above file in any of the following directories:

%Windir%\addins%

Windir%\AppPatch

%Windir%\assembly

%Windir%\Config

%Windir%\Cursors

%Windir%\Driver Cache

%Windir%\Drivers

%Windir%\Fonts

%Windir%\Help

%Windir%\inf

%Windir%\java

%Windir%\Microsoft.NET

%Windir%\msagent

%Windir%\Registration

%Windir%\repair

%Windir%\security

%Windir%\ServicePackFiles

%Windir%\Speech

%Windir%\system

%Windir%\system32

%Windir%\Tasks

%Windir%\Web

%Windir%\Windows Update Setup Files

%Windir%\Microsoft



The Trojan then deletes the following registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce\"*MS Setup"



The Trojan then creates the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce\"*WinLogon" = "[TROJAN FULL PATH FILE NAME] ren time:[RANDOM NUMBER]"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents\CLSID\"[DEFAULT VALUE]" = "{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents.1\CLSID\"[DEFAULT VALUE]" = "{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"*[TROJAN FILE NAME]" = "[TROJAN FULL PATH FILE NAME] rerun"



The Trojan then creates the following registry subkeys:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22E85F2A-4A67-4835-B2C3-C575FE4EC322}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADOUsefulNet.ADOUsefulNet

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADOUsefulNet.ADOUsefulNet.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E85F2A-4A67-4835-B2C3-C575FE4EC322}

HKEY_CLASSES_ROOT\CLSID\{DE8BDE42-16D9-4CCC-9F4F-1C3167B82F60}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPCUpdater.DPCUpdater

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPCUpdater.DPCUpdater.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE8BDE42-16D9-4CCC-9F4F-1C3167B82F60}



The Trojan creates the following registry entries only if it is executed with "rerun" parameters and the system was started in Normal mode. If the system was started in Safe mode, the Trojan will terminate itself and then restart itself without any parameters.



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"*[TROJAN FILE NAME]" = "[TROJAN FULL PATH FILE NAME]"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEpl.IEpl

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEpl.IEPl.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\service

HKEY_USERS\S-1-5-21-1328679652-1783376204-1452689933-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}



The Trojan then attempts to download and execute a file from the domain http://62.4.84.41/mmdom.exe. This file is an adware module with an embedded DLL component.



Next, the Trojan drops the embedded DLL as %Temp%\[REVERSED TROJAN FILE NAME].dat



The Trojan injects the embedded DLL into the address space of several running processes.



The Trojan also creates the following temporary files:

[REVERSED TROJAN FILE NAME].bak1

[REVERSED TROJAN FILE NAME].bak2

[REVERSED TROJAN FILE NAME].ini



The Trojan displays advertisements on the compromised computer.



The Trojan will restart the adware component if it detects that the adware has stopped running.



The Trojan will recreate the original file with system and hidden attributes, if the Trojan file name is changed.



The Trojan appears to store the URL list and may attempt to send HTTP request to one of the following IP addresses:

62.4.84.53

62.4.84.56



The Trojan may also drop the following file:

%ProgramFiles%\system32\vundo.dll



Removal Instructions:



Go to this link and download VundoFix by Atribune : http://vundofix.atribune.org