Hey Guys

I have no idea where to post this, so I'm probably in entirely the wrong place, but the people here have always been so helpful in the past that I'm hoping you will be able to point me in the right direction.

A few days ago, my pc starting throwing up a security message when I try going to the Amazon.co.uk website. I don't know what it is that is throwing the secuirty message up, but it appears smack in the middle of my screen.

I get a pop-up box with 'Security Warning' as the header, and the following message in it:

The Current web page is trying to open a site in your Trusted Sites list. Do you want to allow this?

Current site http://www.amazon.co.uk
Trusted site res://ieframe.dll

I am clicking 'No' each time as obviously I don't understand what it is all about and I don't want to compromise my security.

This message started happening a few days ago - Spyware Doctor said it needed to restart my pc to remove something, then my McAfee wouldn't work properly after restart, so I had to fix that, and that's when the message started.

I also get a similar message on going into my yahoo e-mail account, but it's a different site it's asking me to allow to open.

Now, I do have Spybot Search and Destroy on my pc, although I deleted it several months ago, the icon still appears on my toolbar so obviously it hasn't completely gone.

Anybody able to offer me any advice here please? I'm using IE7 if that helps at all - should I switch to Firefox, or have I got an infection that isn't being detected? I should add that I am a complete idiot with all this pc stuff, so I need taking through it with baby-steps - hopefully somebody on here can help me or point me in the right direction. Thanks in advance!

Hi
Please download Malwarebyte's anty malware and please do a full scan and post the log here om the forum
www.malwarebytes.org

Hope this helps

Hi
Please download Malwarebyte's anty malware and please do a full scan and post the log here om the forum
www.malwarebytes.org

Hope this helps

Ok, when I tried to download and install the above, my Spyware Doctor flagged it up as suspicious activity and gave me a message about it trying to install itself in my Start Programs Menu - can I assume that it's ok to allow the program? Sorry to be asking what is probably a totally stupid question, but I scare easily lol!

mbam is a free tool and i am sure you can use it without fear
Just let me advise you dont run mbam real time protection and SD realtime protection together.Please use mbam with real time protection module disabled
hope this helps

mbam is a free tool and i am sure you can use it without fear
Just let me advise you dont run mbam real time protection and SD realtime protection together.Please use mbam with real time protection module disabled
hope this helps

Ty - How do I disable the SD realtime, do I just shut the entire program down?

First, add the MBAM to the Global Action List. It is a safe program.

Second, I do not believe that the free version of MBAM has real time protection (Superantispyware does). However, to disable Spyware Doctor, right click the SD information icon, click disable.

Do your scans and when finished re-enable Spyware Doctor by double clicking the desktop icon.

Hi Guys

Thanks for the help, have now run a scan and it's found some Trojan downloaders. I thought Spyware Doctor would pick all this stuff up, I obviously have a lot to learn!

Here is a copy of my log (I've deleted my name where all the ****** are):

Malwarebytes' Anti-Malware 1.34
Database version: 1846
Windows 5.1.2600 Service Pack 3

14/03/2009 00:14:57
mbam-log-2009-03-14 (00-14-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138275
Time elapsed: 32 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.

Files Infected:
C:\Documents and Settings\*******\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\*******\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\*******\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\*******\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\*******\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\*******\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\*******\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\*******\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.


I am presuming that I should use the 'Removed Selected' option to get rid of these things?

Please just kill it

Absolutely.

Today the malware mutates very fast and one needs more than one tool to get rid of it.

I keep Avira Antivirus, Malwarebytes Antimalware and Superantispyware as backup standalone scanners.

Please note for Avira and Superantispyware you need to disable the online portion so as not to conflict with SD.

Argh, well after doing all of that, I am still getting the security warning on the Amazon.co.uk site. I also get it on the Amazon.com site and when logging into my yahoo e-mail account. Any ideas at all on what could be causing this? I need to order some stuff from Amazon, but I daren't use it with this security warning - I have to click 'no' three times for it to eventually disappear.

@2 Alternatives
Please scan again with mbam in order to kill remaining infections
Please make al the verification options enabled
u also can try sas here
www.superantispyware.com