Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help, my computer is infected, can't do anything!


  • Please log in to reply
35 replies to this topic

#1 needhelpcomp

needhelpcomp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 May 2009 - 02:33 PM

okay first of all. on the background of my computer reads : Warning! you're in danger! you are infected with spyware! secure yourself now, remove all spyware from your pc! all of this in a black ground on my computer.
And in the task bar., for one of the icons it reads: Warning: your computer is infected. Windows has dected spyware infection! click this message to install the last update os windows security software.
Also i noticed an icon of a program i never installed called system security version 4.51.

Now with that showing, I tried to install maleware removers and spypot search and destory but the computer will not let me run any programs ! all I can open is internet explorer.
I get a warning like this : application cannot be executed! the file "whatever program it is.exe" is infected. please activite your anti-virus software.
But i can't even run my anti virus software that I downloaded!!!

Am I doomed? what can I do to resolve this? please help any help is appreciated. thank you!

BC AdBot (Login to Remove)

 


#2 Supreme Edgeboy Max

Supreme Edgeboy Max

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krym, Ukraine
  • Local time:04:21 PM

Posted 25 May 2009 - 03:05 PM

It's a rouge anti-spyware. I found some screenshots on a page, and the same page has some information on what to remove. To get rid of this.
DO NOT REMOVE. I'm just posting this in case it helps the others give you a quicker cure.
Wait for a trusted user to come and verify and tell you what to do.

Search and kill the following processes    1632575944.exe Remove System Security files & dlls files    C:\Documents and Settings\All Users\Application Data\538654387    C:\Documents and Settings\All Users\Application Data\538654387\Languages    C:\Documents and Settings\All Users\Application Data\538654387\1632575944.exe    C:\Documents and Settings\All Users\Application Data\538654387\config.udb    C:\Documents and Settings\All Users\Application Data\538654387\init.udb    C:\Documents and Settings\All Users\Application Data\538654387\Languages\English.lng    C:\Documents and Settings\All Users\Application Data\538654387\Languages\German.lng    C:\Documents and Settings\All Users\Application Data\538654387\Languages\Spanish.lng    %UserProfile%\Desktop\System Security.lnk    %UserProfile%\Start Menu\Programs\System Security    %UserProfile%\Start Menu\Programs\System Security\System Security.lnk Remove/Modify corrupt Registry Entries    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "1632575944"

Posted Image


#3 possumbarnes

possumbarnes

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:05:21 AM

Posted 25 May 2009 - 03:54 PM

Now with that showing, I tried to install maleware removers and spypot search and destory but the computer will not let me run any programs ! all I can open is internet explorer.
I get a warning like this : application cannot be executed! the file "whatever program it is.exe" is infected. please activite your anti-virus software.


You are most likely not doomed. What you have is a rogue program. Most of them are simple to remove. This one is of the type that likes to prevent executable programs from running, which explains why you cannot install any new programs or run your antivirus. Please follow these steps precisely.

Please download Malwarebytes Anti-Malware and save it to your desktop from here.

Go to where you downloaded the MBAM installer and right click it. Rename the file by simply adding a different extension to the end of it. I usually add a ".scr" or a ".prt" to the end of the file name. Once it is renamed, double-click on mbam-setup.scr (or whatever you named it) to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When the installation has finished, leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click the Finish button.

MBAM should start. If it doesn't start, you will need to navigate to where you installed it (usually C:\Program Files\Malwarebytes' Anti-malware) and you have to change the name of MBAM.exe to MBAM.scr (or .prt or whatever you want). Once MBAM.exe is renamed with a different extension, double click that file and MBAM should start now.

Go to the UPDATE tab and click the CHECK FOR UPDATES button to update it.

From the SCANNER tab, select a QUICK SCAN and click the Scan button.

After the scan finishes, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. This log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire contents of that report in your next post.

MBAM may tell you to reboot your computer to complete the process. If so, then reboot and post the contents of the log afterwards.

Edited by possumbarnes, 25 May 2009 - 03:57 PM.

What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#4 needhelpcomp

needhelpcomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 May 2009 - 05:08 PM

it won't let me change the extension type to .scr. because I have all my files hidden extension type. so no matter what i do to change the name. it will always be mbam-setup.scr.exe. the exe will always stay there. i tried to go to my system to unclick the hide file extension types but it won't let me access it just like the programs.
what do I do now?

#5 needhelpcomp

needhelpcomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 May 2009 - 09:48 PM

possum if you are still out there. help! anyone else??

#6 possumbarnes

possumbarnes

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:05:21 AM

Posted 25 May 2009 - 10:41 PM

Go to this link and see if it helps.
Link for disabling hidden file extensions

If this doesn't help, give a very specific description of what it is not allowing you to do (ie. at what step does it error out or just doesn't respond).

Do you have access to another computer? If so, you may need to put MBAM on that computer and hook your hard drive up as a secondary drive to scan it.

Post back when you can
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#7 needhelpcomp

needhelpcomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 26 May 2009 - 09:30 AM

the spyware completely removed my folder options. under tools tab there is no longer an "folder options". instead there are map network drive, disconnnect network drive and synchronize, which i have not seen before. Is there a way to bring back "folder options" to my tools tab?
I do have another computer but how do I connect it? i don't have any chords.

#8 needhelpcomp

needhelpcomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 26 May 2009 - 09:34 AM

okay my mbam-setup was able to be changed to a screen saver type of file. I tried to install it, but there is no response once i click install. When i click run, it doesn't do anything.
it keeps saying warning! application cannot be executed the file wmprvse.exe is infected. please activate your antivirus software.

Edited by needhelpcomp, 26 May 2009 - 09:36 AM.


#9 possumbarnes

possumbarnes

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:05:21 AM

Posted 26 May 2009 - 09:47 AM

the spyware completely removed my folder options. under tools tab there is no longer an "folder options". instead there are map network drive, disconnnect network drive and synchronize, which i have not seen before. Is there a way to bring back "folder options" to my tools tab?
I do have another computer but how do I connect it? i don't have any chords.

OK. Let's get some more information about this computer. What OS is running? (I've been assuming XP). What type of hard drive do you have (IDE or SATA)? If you're not sure about that, how old is the computer? If its over 3 or 4 years old, it probably has IDE drives, but we'll need to be sure.
Assuming that your other computer has the same type of drive in it (specifically, an IDE drive) take the cover off the other computer and see if there is a ribbon cable connecting that hard drive to the motherboard. On that ribbon cable, there is usually 2 connectors so that a second hard drive can be installed. If there is, you connect your hard drive to that cable and boot it up. You'll have to look at the hard drives and set the jumpers on them. The drive in the other computer will need to be jumped as the MASTER. The drive you're having troubles with will be jumped as the SLAVE. The drives should have a label somewhere describing where jumpers should be placed for these settings.
Once you have them jumped as MASTER and SLAVE, boot that other computer up and use MBAM to scan the second hard drive.

As far as the folder options goes, I'll try to get back to you on that.

I just saw you posted again saying you were able to get the extension changed to .scr but that didn't help. So, you may need to put that drive in the other computer after all. I would suggest trying to install this drive into the other computer and scanning it, but if you don't feel comfortable doing that, wait a little while and see if someone that knows more comes along.
You could try this place and see if it helps since you are able to get online:
System Security Removal Tool download

If this gets rid of the System Security program, then try installing MBAM again. Let us know what happens.
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#10 needhelpcomp

needhelpcomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 26 May 2009 - 10:47 AM

i would like to fix this without opening up my computer thats for sure. If there is a way to fix it without opening my computer, that will be great.
Yes i have windows xp on both computers. both computers are over 4 years old.
So how do I fix it by moving my hard drive to my other computer? please if you could elaborate on this?

And if anyone knows how to do this without physically opening up my computer box and moving my hard drive let me know. thank you for your help. possum thank you for your quick responses.

#11 possumbarnes

possumbarnes

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:05:21 AM

Posted 26 May 2009 - 02:19 PM

Did you try the SYSTEM SECURITY REMOVAL TOOL link in my last post to try to remove that program?

Also, did you try to boot into safe mode and double clicking the mbam-setup.scr file to try and install it in safe mode?

Edited by possumbarnes, 26 May 2009 - 02:21 PM.

What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#12 needhelpcomp

needhelpcomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 26 May 2009 - 04:19 PM

should i go to safemode or safemode with networking. Also if it happens to work in safemode, after running the scan. What else should i install to my computer besides malware AM so my computer is safe from everything else.

edited update :: well, i logged in as safemode (no networking one) I guess that means no internet. so I installed and it's running the scan. without the updates. After this, should i go to safemode with networking and update and run it again? or should i just go to regular mode and update and scan?
thank you

Edited by needhelpcomp, 26 May 2009 - 04:25 PM.


#13 possumbarnes

possumbarnes

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:05:21 AM

Posted 26 May 2009 - 04:33 PM

Just try to boot into normal mode and try to run MBAM again. Update it first, of course, then run a scan. Also, don't forget to post the MBAM log in your next reply. Save it as a text file to your desktop, then when you reboot, open it and copy and paste it here.

Another good program to use is SuperantiSpyware also known as SAS. This program runs best from safe mode because it is just designed that way.

Edited by possumbarnes, 26 May 2009 - 04:36 PM.

What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#14 needhelpcomp

needhelpcomp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 26 May 2009 - 04:41 PM

omg it's working computer is fine. i am about to run the scan again with the update. Should I also do the ad-aware free anniversity edition? looks like it's scanning on its own already, should i fix the problems with that program too?
Also, what are some of the free anti-viruses i can download for all my computers. Can you tell me the important programs i should have installed for all my computers?
thank you have been so helpful. i'll post the mbam text after my adware runs first.

#15 possumbarnes

possumbarnes

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:05:21 AM

Posted 26 May 2009 - 04:53 PM

Everybody has their own opinions about free security software. I used to use AdAware myself but found that it didn't detect a lot of the stuff that others did, so I uninstalled it and haven't used it in a couple of years.
Here's a list of all the security programs that I use and I've never had an issue with infections:
Spyware scanners:
Malwarebytes' Anti-Malware
SuperantiSpyware
Spybot: S&D
Spyware Terminator (the only one I've found with realtime protection and the ability to schedule scans in its free version)

Anti-virus:
Avira Antivir (It's got a good scan engine and ranks right up there with Avast and AVG. I like the user interface and the options available in the Scheduler).

Firewall:
Comodo Pro (although now its downloaded as Comodo Internet Security. I just don't install the anti-virus portion of the program. I only use the firewall).

Registry cleaner:
CCleaner (I've used it for years and have never had a single problem with it, plus it has lots of other useful tools that help keep your computer clean of junk).
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users