Sign in to follow this  
Hondel

Threatwork Alliance with "**--**^^**--**" all over

Recommended Posts

Started a scan today with avast! Free and in the middle of it a window popped up from Threatwork Alliance which I've never seen or heard of before and everything on it is just **--**^^**--**. I don't know why and I'm not sure what it could mean, I just came here hoping someone would be able to help or clarify why this window has popped up with gibberish. Thank you to anyone.

Share this post


Link to post
Share on other sites
Hi Hondel,

This issue has been reported to Lavasoft and I await a reponse for you.

Share this post


Link to post
Share on other sites
By the time I was aware of this, Ad Aware had stopped scanning. But it may have been a result of Ad Aware as well. But still, it showed up suddenly and I've kept it open just in case pressing something or exiting it may do something bad. Thanks SpySentinel, I await a response.

Share this post


Link to post
Share on other sites
I am having this problem. I have run numerous spyware and antivirus programs to no avail. I see that it has been 9 days and Lavasoft or SpySentinnel has not responded to this thread. I suspect that this is a virus that is targeting Lavasoft's AdAware program itself. What would be really helpful, would be if someone could post a screen shot of the ThreatWork Alliance dialog box in a working state so that we know which button to click.
Because the buttons are encrypted the virus has made it impossible for a person to remove the virus or adware or to report it by use of this dialog box.

SpySentinel? Can you follow up on your cotact with Lavasoft and find out why THEY are not responding?

Just an f.y.i and some info about my system so that GOogle has something to crawl and index ON this issue: ThreatWork Alliance is a reporting system that Lavasoft has created to send files back to the company database in order to track malware. Since malware has deactivated ThreatWork Alliance, that is most likely why Lavasoft has no information. I think this problem needs to be escalated. I am going to see if there is a contact phone number for Lavasoft.

My Specs:
Winxp (running beautifully for 3 years now until this)
Firefox, Chrome and Safari browsers (current versions)

OTHER ISSUES:

* My start menu is not responding. In order to register for this forum and receive the activation email, I had to create a shortcut on my desktop (right click) to Outlook in order to gain access to the program.
* Before this crash, Adaware found 6 critical and suspicious files at the time I went to bed and left the app running over night in full scan mode. (It was taking hours) In the morning, the app had disappeared and been replaced with the Threatwork Alliance dialog box. I decided to run Adaware again but no suspicious files were found this time. I do not know if Adaware automatically removed them or whether the virus shut the program down. I am now reran Adaware in quick scan mode but no malware was found. Possibly the malware has now rendered itself invisible to Adaware.


WHAT I WAS DOING WHEN MY SYSTEM BEGAN EXPERIENCING PROBLEMS: Installing fresh copies of virus and malware programs

* Installing alternative browsers (Safari)
* Adaware
* AVG Antivirus
* Win Patrol (Scotty)
* IOBit Security 360


Error Message on ThreatWork Alliance Dialog box: **--**^^**--**

Share this post


Link to post
Share on other sites
[quote name='FollowThatTrail' post='115108' date='Jan 8 2010, 11:39 AM']What would be really helpful, would be if someone could post a screen shot of the ThreatWork Alliance dialog box in a working state so that we know which button to click. Because the buttons are encrypted the virus has made it impossible for a person to remove the virus or adware or to report it by use of this dialog box.[/quote]
You should be able to look at screenshots in the manual, found in Ad-Aware help or here:

[url="http://lavasoft.com/support/supportcenter/manuals/ad_aware/ad_aware_manual.pdf"]http://lavasoft.com/support/supportcenter/...ware_manual.pdf[/url]

I also thought this may be a virus affecting Ad-Aware's Threatwork due to the jibberish characters. The alternate way to report this to Lavasoft is to follow the instructions in my signature, posting in the HijackThis forum. Someone there can help you diagnose/remove malware found, and files can be uploaded to Lavasoft (link also in my signature).

I'm sure the holidays play a part in Lavasoft's lack of response. There were no definition updates between Dec 31 - Jan 3, so that's 4 days they were off work. We post messages to them here, but I think they get more feedback from paid users throught their customer support center.

Share this post


Link to post
Share on other sites
I have encountered this same pop-up. Didn't click any of the buttons, rather closed the window using the x.

Would be nice if Lavasoft could tell us if they've found a fix. Unfortunately, I don't have an "active" screen print, as I cleared the pop-up. The popup came up when I was running Ad-Aware's scan after inital installation of the Ad-Aware software.

I do have problems on my machine with tracking cookies I've been unable to get rid of. Possibly a virus (trojan)? but my virus scan softwares cannot find it.

Leslie

Share this post


Link to post
Share on other sites
It has now been one month since this problem was first reported and 16 days since the most recent post. But the problem appeared today for the first time on my computer. Is Lavasoft actually doing anything about this?

For a product that seeks to make things secure, a month is a very long time to allow such a threat to exist.

It would at least be helpful to let us know whether this is benign or whether something has really seated itself on our computers that is making them vulnerable.

But doing nothing, not even acknowledging and addressing the problem, makes Lavasoft look impotent.

As for the HijackThis forum, I found nothing there about this problem. This thread on the General Support forum is the only thread on the Lavasoft forums that is addressing this issue.

If Lavasoft is not doing what it is supposed to be doing, then there is no point in having it. In fact, if Lavasoft is actually adding to the vulnerability of my computer, then there is a significant point for removing Lavasoft.

I see no choice under the circumstances but to uninstall Lavasoft and seek other threat protection software. Lavasoft clearly has failed to address this vulnerability, and I feel less safe in having Lavasoft on my computer than I do in removing it.

Share this post


Link to post
Share on other sites
Nope we've had no response.

Our suggestion here is to go ahead and post a new topic with your HJT log in the HJT forum. That way a malware specialist will be able to determine and remove any threats.

Casey

Share this post


Link to post
Share on other sites
[quote name='casey_boy' post='115858' date='Jan 28 2010, 02:45 AM']Nope we've had no response.

Our suggestion here is to go ahead and post a new topic with your HJT log in the HJT forum. That way a malware specialist will be able to determine and remove any threats.

Casey[/quote]

Sorry, but as I said, if this thing is beyond the control of AdAware, then I do not want AdAware creating a vulnerability hole in my system. I have uninstalled AdAware and cannot provide any logs.

Share this post


Link to post
Share on other sites
No problem about uninstalling, but I think you've misunderstood the concept.

[quote]...AdAware creating a vulnerability hole...[/quote]

Ad-Aware hasn't created a hole - all it has done is highlight the fact that you are infected (we think). Whilst you should reasonably assume that an anti-malware could repair this 'hole' - it definitely hasn't created it.

Not all malware is detectable through conventional scanners, such as Ad-Aware, and so that is why we ask you to post a HJT log (it has nothing to do with Ad-Aware) as a way for malware removal specialists to try and help clean your computer.

Let me stress, removing Ad-Aware is not going to solve the infection problem.

Casey

Share this post


Link to post
Share on other sites
[quote name='casey_boy' post='115866' date='Jan 28 2010, 06:31 AM']Ad-Aware hasn't created a hole - all it has done is highlight the fact that you are infected (we think). Whilst you should reasonably assume that an anti-malware could repair this 'hole' - it definitely hasn't created it.

Not all malware is detectable through conventional scanners, such as Ad-Aware, and so that is why we ask you to post a HJT log (it has nothing to do with Ad-Aware) as a way for malware removal specialists to try and help clean your computer.

Let me stress, removing Ad-Aware is not going to solve the infection problem.

Casey[/quote]

My concern is not that AdAware created the hole but that the integrity of AsAware has been compromised by something that is capable of using AdAware as a vehicle -- which exists on many PCs since AdAware is trusted worldwide. So uninstalling AdAware was my way of removing that vehicle.

This attack appears to be directly at AdAware, since it is popping up an apparently-penetrated Threatwork Alliance window. And LavaSoft has thus far not even acknowledged that anything is happening. This does not encourage me to believe that LavaSoft can prevent something more malicious from using AdAware as a vehicle. And the complete absence of any response from AdAware does not encourage me that anything is being done to prevent that.

In spite of all that, I am taking a leap of faith, and I have reinstalled AdAware. I am running a full scan. Prior posters to this thread have said that subsequent scans did not pop up the window again, possibly because it was AdAware-smart and had somehow made itself invisible to AdAware. Perhaps by uninstalling and resintalling, I will find it again.

If and when I do encounter it again, please give me specific detailed and easily understandable instructions on what it is you want me to capture and how and where to send it. I want this thing eliminated, and I will do what I can to help. But I don't want a half-day learning experience on some obscure logging process that I will never use again.

Share this post


Link to post
Share on other sites
[quote name='myadaware' post='115892' date='Jan 28 2010, 05:45 PM']If and when I do encounter it again, please give me specific detailed and easily understandable instructions on what it is you want me to capture and how and where to send it. I want this thing eliminated, and I will do what I can to help.[/quote]
There are links in my signature for both where to send suspicious files for analysis and also instructions for posting in the HijackThis forum where a Volunteer Security Advisor can help you diagnose/remove malware.

Share this post


Link to post
Share on other sites
Like visitor said,

Please post in the HJT Log Forum so me or another malware analyst can help clean up your computer if you are infected.

Share this post


Link to post
Share on other sites
[quote name='mnw' post='115904' date='Jan 29 2010, 05:14 AM']I'm running full scan now but quick didn't find anything so I suspect full may not either[/quote]

Please also post a HJT log in the HJT forum for analysis.

Casey

Share this post


Link to post
Share on other sites
[quote name='visitor' post='115901' date='Jan 28 2010, 08:44 PM']There are links in my signature for both where to send suspicious files for analysis and also instructions for posting in the HijackThis forum where a Volunteer Security Advisor can help you diagnose/remove malware.[/quote]

OK, I followed the instructions in your signature at [url="http://www.lavasoftsupport.com/index.php?showtopic=13639"]http://www.lavasoftsupport.com/index.php?showtopic=13639[/url] and posted the results to the Hijack This forum.

For anyone who is thinking about doing this, I do recommend it. The instructions are very clear. Since there are multiple scans involved, it will take a bit of time, but with the instructions it is a simple matter of doing what is indicated and then waiting for the scan to finish and then going on to the next step.

Share this post


Link to post
Share on other sites
Posts in the HJT forum for this problem:

myadaware's: [url="http://www.lavasoftsupport.com/index.php?showtopic=28408"]http://www.lavasoftsupport.com/index.php?showtopic=28408[/url] - logs are clean

Marigold55's: [url="http://www.lavasoftsupport.com/index.php?showtopic=28411"]http://www.lavasoftsupport.com/index.php?showtopic=28411[/url] - logs are clean

Bob Terwilliger's : [url="http://www.lavasoftsupport.com/index.php?showtopic=28424"]http://www.lavasoftsupport.com/index.php?showtopic=28424[/url]


Note: this is for reference only, each user should start their own HJT topic since each system is different - i.e. do not follow the instructions given for another user. Edited by visitor

Share this post


Link to post
Share on other sites
I'm not sure what is supposed to happen nor when, but my post on the Hijack forum has been out there for about 10 hours with 41 people viewing it but no one responding to it.

There is one anomaly that I have discovered in my system since this all started. When I now attempt to start AOL, I receive the error message that MSVCR71.dll is missing. This has never happened before. So the timing of these two very unusual events (the spurious Threatware Alliance window, followed by this missing DLL) seems to indicate a possible connection.

Share this post


Link to post
Share on other sites
[quote name='myadaware' post='115943' date='Jan 29 2010, 07:31 PM']There is one anomaly that I have discovered in my system since this all started. When I now attempt to start AOL, I receive the error message that MSVCR71.dll is missing. This has never happened before. So the timing of these two very unusual events (the spurious Threatware Alliance window, followed by this missing DLL) seems to indicate a possible connection.[/quote]

I ran System Restore using the restore point created during the instructional steps for scanning, logging and reporting the logs. And the MSVCR71.dll missing message no longer is a problem, and AOL starts fine.

Share this post


Link to post
Share on other sites
[quote name='myadaware' post='115943' date='Jan 29 2010, 07:31 PM']I'm not sure what is supposed to happen nor when, but my post on the Hijack forum has been out there for about 10 hours with 41 people viewing it but no one responding to it.[/quote]
You have to wait until a Volunteer Security Advisor replies with instructions. Length of time/number of views are irrelevant - it can take a while since they're swamped with requests.

Share this post


Link to post
Share on other sites
[quote name='myadaware' post='115944' date='Jan 29 2010, 08:18 PM']I ran System Restore . . . And the MSVCR71.dll missing message no longer is a problem.[/quote]
Let us know if the problem returns - another user has reported the .dll goes missing during Web Update, so it might be related to the new 8.1.4 bug.

[url="http://www.lavasoftsupport.com/index.php?showtopic=28423"]http://www.lavasoftsupport.com/index.php?showtopic=28423[/url]

Share this post


Link to post
Share on other sites
Hi folks
i have have the same problem.

firstly, i have had the error below when trying to listen to a radio station:

chrome.exe - System Error
The program can't start because MSCVR71.dll is missing from your
computer. Try reinstalling the program to fix this problem.


I reinstalled Real Player and i was able to listen to the radio station, although the system error has reappeared when trying the radio station again just there now.


I also have been trying to access www.vistaprint.co.uk and i get the following error:


[url="http://www.vistaprint.co.uk/vp/ns/upgrade_browser.aspx?rd=3"]http://www.vistaprint.co.uk/vp/ns/upgrade_browser.aspx?rd=3[/url]
To be able to create one-of-a-kind printed products quickly and easily on our website, we recommend that you use the latest version of a modern web browser. Continuing to use your existing browser may not allow you to take advantage of our web-top design studio or choose from our extensive selection of customisable design templates.


Of course i have up to date browsers. I have a new windows 7 samsung laptop with the latest chrome and IE, I even followed their link and downloaded FireFox. and i still got the same error.

Then today i received the "**__^^**__**" ThreatWork Alliance pop up.



Seems like something quite sinister is happening.
Any advice help would be greatly appreciated.

Cheers









I have

Share this post


Link to post
Share on other sites
Sign in to follow this