KenC Posted September 21, 2010 I was reading my email and on a newsletter from 50-Plus.com, I clicked a 'Read more...' link and received this pop-up for the first time today...looked like a valid 'Windows Security Center' dialogue box that said I was infected with this trojan and to install System Security Antivirus. (apparently, this is a scam) I could not close the pop-up, so I shut down the computer manually and updated and ran SAS Pro. Will this have illiminated the problem, or do I have the virus in my computer? I also deleted the email and unsubscribed from the newsletter and am hoping all will be OK. Anyone have info on this, other than what I can google, where I get told to download a removal tool, which of course, I am very apprehensive to do, as I don't want the scam to continue. Share this post Link to post Share on other sites
SUPERAntiSpy Posted September 21, 2010 I was reading my email and on a newsletter from 50-Plus.com, I clicked a 'Read more...' link and received this pop-up for the first time today...looked like a valid 'Windows Security Center' dialogue box that said I was infected with this trojan and to install System Security Antivirus. (apparently, this is a scam) I could not close the pop-up, so I shut down the computer manually and updated and ran SAS Pro. Will this have illiminated the problem, or do I have the virus in my computer? I also deleted the email and unsubscribed from the newsletter and am hoping all will be OK. Anyone have info on this, other than what I can google, where I get told to download a removal tool, which of course, I am very apprehensive to do, as I don't want the scam to continue. Please post your latest scan log for review - it should have been detected and removed. Share this post Link to post Share on other sites
KenC Posted September 21, 2010 Sorry for sounding dumb, but how do I do that? I've tried, but can't figure it out!! Share this post Link to post Share on other sites
siliconman01 Posted September 22, 2010 Sorry for sounding dumb, but how do I do that? I've tried, but can't figure it out!! Go to the main window of SAS, then Preferences and then the Statistics/Log tab. Double click on the latest scan log to open/display it. Then just copy it and paste it back here in your post. (To copy it, select all of it and then simultaneously hit Ctrl and the C key on your keyboard. This will copy it to your clipboard. When you are ready to paste it into your next forum post, just simultaneously hit Ctrl and the V key on your keyboard.) Share this post Link to post Share on other sites
KenC Posted September 22, 2010 OK...I thought I was supposed to get the file, as it says 'Attach File' below. Copy & Paste...no problem...here it is: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 09/21/2010 at 08:38 AM Application Version : 4.43.1000 Core Rules Database Version : 5548 Trace Rules Database Version: 3360 Scan type : Complete Scan Total Scan Time : 00:42:06 Memory items scanned : 612 Memory threats detected : 0 Registry items scanned : 8600 Registry threats detected : 0 File items scanned : 32677 File threats detected : 83 Adware.Tracking Cookie C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@atdmt[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@ads.pointroll[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@bs.serving-sys[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@content.yieldmanager[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@serving-sys[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@microsoftwindows.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@doubleclick[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@pointroll[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@ad.yieldmanager[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@advertising[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@2o7[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@content.yieldmanager[3].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@ad.wsod[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@questionmarket[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@media6degrees[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\daddy@kontera[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@canadapost.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@questionmarket[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@casalemedia[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@server.iad.liveperson[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@stats1.clicktracks[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@overture[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@serving-sys[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@tribalfusion[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@adserver.adtechus[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@fastclick[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@realmedia[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ad.yieldmanager[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@media6degrees[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@kontera[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@microsoftinternetexplorer.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@analytics.rogersmedia[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@mediaplex[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@microsoftoffice.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@stats.paypal[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@doubleclick[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[5].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[4].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@liveperson[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@interclick[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@atdmt[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@pointroll[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@adcentriconline[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@content.yieldmanager[3].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@content.yieldmanager[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ads.pointroll[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@microsoftwindows.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@collective-media[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ads.tdcanadatrust[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@statcounter[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@statse.webtrendslive[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@zedo[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@tacoda[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@canoe.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@airmilesrewardprogram.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@revsci[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@adbrite[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@2o7[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@steelhousemedia[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@ads.undertone[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@invitemedia[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@bs.serving-sys[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@torstardigital.122.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@at.atwola[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@richmedia.yahoo[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@apmebf[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@lfstmedia[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@advertising[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@in.getclicky[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@cmedia.com[3].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@atwola[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@oasc12.247realmedia[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@paypal.112.2o7[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@rogersmedia[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@rotator.adjuggler[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@sales.liveperson[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[1].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[2].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[3].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[4].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[5].txt C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Cookies\Low\daddy@www.googleadservices[6].txt Share this post Link to post Share on other sites
Seth Posted September 22, 2010 Hi Ken. Your log doesn't show any relevant infections, so I think you dodged a bullet. Does the computer show any indication that it might be infected? Share this post Link to post Share on other sites
SAS Customer Service Posted September 24, 2010 Ken, Just so you know what was detected; they are cookies, and here is some information about them. Cookies are NOT harmful to your computer. We do not block them in real-time as it is a waste of system resources. Cookies are simply text files stored on your hard drive and cannot themselves harm your computer in any way. Typically cookies are used to remember logins and keep track of user settings on web-sites. Cookies can be used to track your movement on the Internet ONLY if a site is aware of the cookies and is designed to use the specific cookies. Because of their use in tracking, many feel that this constitutes spyware. We do not consider cookies to be threats of anywhere near the same level of severity as actual malware threats that can steal real personal information, serve ads, or render a computer unusable. SUPERAntiSpyware will detect tracking cookies as "Adware.Tracking Cookies" and you can choose to remove them or leave them on your system. You may turn off this feature in the Preferences -> Scanning Control tab of SUPERAntiSpyware should you not wish cookies to be scanned, detected and removed. SUPERAntiSpyware.com Customer Service Share this post Link to post Share on other sites
KenC Posted September 24, 2010 Hi Ken. Your log doesn't show any relevant infections, so I think you dodged a bullet. Does the computer show any indication that it might be infected? Thanks Seth...no, there are no indications that I'm infected. Should this type of problem be caught by my antivirus or SAS, before it comes up. In other words, should this one have been blocked? If SAS should have, it may be because I didn't have the preferences set properly...hopefully I do now and won't see this again. Share this post Link to post Share on other sites
KenC Posted September 24, 2010 Ken, Just so you know what was detected; they are cookies, and here is some information about them. Cookies are NOT harmful to your computer. We do not block them in real-time as it is a waste of system resources. Cookies are simply text files stored on your hard drive and cannot themselves harm your computer in any way. Typically cookies are used to remember logins and keep track of user settings on web-sites. Cookies can be used to track your movement on the Internet ONLY if a site is aware of the cookies and is designed to use the specific cookies. Because of their use in tracking, many feel that this constitutes spyware. We do not consider cookies to be threats of anywhere near the same level of severity as actual malware threats that can steal real personal information, serve ads, or render a computer unusable. SUPERAntiSpyware will detect tracking cookies as "Adware.Tracking Cookies" and you can choose to remove them or leave them on your system. You may turn off this feature in the Preferences -> Scanning Control tab of SUPERAntiSpyware should you not wish cookies to be scanned, detected and removed. SUPERAntiSpyware.com Customer Service Thanks Sean...I think I'd prefer to have the cookies flagged and removed...feels safer that way. Share this post Link to post Share on other sites
SAS Customer Service Posted September 24, 2010 Sure, If that makes you feel safer,then by all means. Share this post Link to post Share on other sites
TechGeek2 Posted September 24, 2010 I was reading my email and on a newsletter from 50-Plus.com, I clicked a 'Read more...' link and received this pop-up for the first time today...looked like a valid 'Windows Security Center' dialogue box that said I was infected with this trojan and to install System Security Antivirus. (apparently, this is a scam) I could not close the pop-up, so I shut down the computer manually and updated and ran SAS Pro. Will this have illiminated the problem, or do I have the virus in my computer? I also deleted the email and unsubscribed from the newsletter and am hoping all will be OK. Anyone have info on this, other than what I can google, where I get told to download a removal tool, which of course, I am very apprehensive to do, as I don't want the scam to continue. FWIW.. First, while you may already know this, Windows Security Center will never tell you your computer is infected. Second, when receiving a pop-up, such as that you refer to, beware that many times clicking on the red x to close the window actually activates the malware. This design is of course in response to the habit of windows users to exit by clicking the x. If, in the future, you encounter such a thing, click on a free space within the pop-up then press alt + F4. This will close the window without executing the malware. Share this post Link to post Share on other sites
KenC Posted September 24, 2010 FWIW.. First, while you may already know this, Windows Security Center will never tell you your computer is infected. Second, when receiving a pop-up, such as that you refer to, beware that many times clicking on the red x to close the window actually activates the malware. This design is of course in response to the habit of windows users to exit by clicking the x. If, in the future, you encounter such a thing, click on a free space within the pop-up then press alt + F4. This will close the window without executing the malware. Thanks for the tip...I just switched over to a computer with Vista Business, from XP Pro and wasn't sure if that was a normal warning for Vista or not. Share this post Link to post Share on other sites