 JVB
@verizon.net | Windows Firewall pop up message and throws me out of website There is a pop up message saying "Security Center Alert"
To help protect your computer , Windows Firewall has blocked activity of harmful software.
Then there is a line seperation_______________
Then it says:Do You want to block this suspicious Software?
Name: Sinowal.Trojan
Risk Level: High
Description: Sinowal.Trojan is a Trojan program that records keystrokes and takes screen shots of the computer. Stealing personal financial Information.
Then it gives you three buttons to click on:
"Keep Blocking"(which is grayed out and you can't click on it anyway)
"Unblock" (which is also grayed out and you can't click on it)
"Enable Protection"(which is one you can click on and it takes you to a website called "Safe Soft Reviews" where they try to sell you some security software programs)
Now back to the pop up...underneath the "buttons" it says the following:
Windows Firewall has detected unauthorized activity, but unfortunately it can not help you remove viruses. Keyloggers and other spyware threats that steal your personal information from your computer.
Next is an underlined link, it says:
"Click to download and activate protection" 
I was to scared to do that not knowing what would happen.
Now mind you this comes with the "Windows Logo" and everything (the shield with four different colors on it)
And the next time I sign onto the web by clicking my icon on my desktop...it fills out the whole page saying something like Internet virus threat, do you wish to continue(not recomended)...this acts like the real thing but I'm sure it's not...how do I get it to stop taking over my computer? Throwing me offline...and always with the full window when I sign online instead of my verizon page it hogs the whole page with the warning not to continue. PLEASE HELP!!!???? |
|
| Calm down.....you will be just fine......go to the Clean-up Forum and request help..but first follow all instruction.
»Security Cleanup
this is right here at this forum.
Possibly you have been hijacked. |
|
|
|
 FiOS DanPremium
join:2001-07-06
Redondo Beach, CA | reply to JVB
Sounds like XP Antivirus.
--
Courage is being scared to death but saddling up anyway.
|
|
JVB
@verizon.net | reply to ManOfSnow
Thank you..I got help from windows security using safetylive.com it fixed it right up...thanks again for responding |
|
| reply to JVB
Here's what worked for me.
Go to C:\documents and settings\username\application data\Google
there is a freaking .exe file in there with a security icon. that is it. mine was named something like ggg29293202.exe.
Delete that exe file.
I wasn't able to delete, so I downloaded killbox application and selected delete file upon reboot. it worked! no more annoying security alert center popup with sinowal.trojan on it.
Hope this helps someone. it helped me! |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3
 ·Shaw
| reply to JVB
said by JVB :
Thank you..I got help from windows security using safetylive.com it fixed it right up...thanks again for responding I assume you meant safety.live.com as safetylive.com is one of those shaky squatter ad sites.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
| reply to muaddict
Hello, I just tried this to rid my PC of the same message, followed your advice and it worked! Except I couldn't open Explorer but just loaded McAfee and once I identified the file and clicked it, McAfee deleted it immediately.
Thanks! |
|
| reply to muaddict
Thank you, thank you... this TOTALLY worked. I spent a huge chunk of time this afternoon trying to locate a relevant fix before I finally stumbled on this forum. This seems to be a brand-new bug?-- and Norton Antivirus was completely useless.
My "alien file" was in the same place as muaddict's, but was named "kjzna1562565.exe", and yes, you have to choose "delete file on reboot"-- the standard delete in Killbox won't do it. |
|
| reply to muaddict
I hope this is in the right place; if not, I'm sorry. I am having the same exact problem, and I was going to try finding the C:/documents and settings thing but the problem is that I'm seriously technically challenged and pathetic though it is, I don't actually know how to find that and get rid of the exe file, and I'm really worried about the possibility of the Sinowal.Trojan/Safe Soft thing being a virus. If anyone can help, thank you! Step by step is probably pretty much the only way I'll get it, painful though it is...help? |
|
| reply to JVB
If you're having trouble finding the file, do a Windows search on Google. You'll probably see a few Google Directories in the results. Click on each of the Google directories to go to them until you find the one that has the file in it with the Security Icon. Once you find it, you can click in the address bar to highlight the path to the file and copy it (Ctrl C). Paste it (Ctrl V) into killbox and follow it by typing / and the name of the file. |
|
| reply to Nancila
just tried this and worked a treat..pop up been driving me mad all day, file name also kjzna1562565, cheers everone,x  |
|
| reply to muaddict
Go to C:\documents and settings\username\application data\Google there is a freaking .exe file in there with a security icon. that is it. mine was named something like ggg29293202.exe. Delete that exe file. I wasn't able to delete, so I downloaded killbox application and selected delete file upon reboot.
You nailed it! Thanks TONS! |
|
| reply to JVB
Wow, thank you! My problem began (same one) on December 4, 2008. I believe the infection came through a Facebook mailer with a fake You Tube video...which I stupidly clicked on.
I spent probably 15 hours or more in the past 5 days trying to disinfect a Trojan virus..again..duped.
Let me add a couple of things. Instead of using killbox, I was able to delete the files from Safemode with "Diagnostic Startup" checked under Msconfig (type "msconfig" into the Run box..which may cause a crash..but it's ok. Possibly related to the bug).
I deleted several files that were in the Google folder, which were all created within an hour of the executable file.
Hope this helps. This forum saved my sanity. It's tough to search for help when your internet connection is pretty much blocked. |
|
| This was my problem for a couple days. I was getting crazy...!!
Luckily I found this forum. I didn't erase any XXXXXXXXXXX.exe file located in C:\documents and settings\username\application data\Google
Because, minutes before I found this forum, I was reading other forums and I've downloaded ComBoFix and executed. After that I didn't get any pop up message anymore. I think (combofix) cleaned out.
But Thank you so much for this post, which explain exactly what happened to me. This is very helpful for many others who's getting this annoying pop ups..!! |
|
| reply to JVB
You folks are a Godsend!
I've been a happy Mac user for eight years now. Got this HP Mini netbook three days ago and already an infection--which McAfee didn't pick up.
I followed the instructions, rebooted in safe mode, and deleted the file. I also found a DLL in that Google directory that didn't look like it belonged there, and in a subdirectory three more single.letter files. I apologize--I deleted the contents of the trash while I was still in safe mode, so I cannot post the names of those files. But the system seems to be functioning normally again. No more redirects or crashes.
I have a question: I've been using only Gmail on this computer, and I have not opened any attachments. How did I pick this up? Was it more likely an email attachment, or did I get it from an infected website? And since McAfee isn't getting the job done, how can I best protect myself?
Thanks again to all who posted. |
|
| reply to muaddict
Thank you! I was able to locate this file and delete it. Wierd thing is that no one was using the computer when it just restarted and then loaded this application. After searching for hours, your advice finally worked. Thanks again! |
|
