Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Live Protect: I Need Help


  • Please log in to reply
6 replies to this topic

#1 andre2345

andre2345

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 28 August 2007 - 05:46 PM

I followed the advice of this article in the forums: http://www.bleepingcomputer.com/forums/t/95984/how-to-remove-system-live-protect-removal-instructions/

With it, I removed the actual program System Live Protect (Which is a rogue anti-spyware that is installed without permission through Trojans and other malware). However, I still have this annoying pop-up that tells me I must install System Live protect because I have a Virus. (Not true, I just have that pop-up). So How do I get rid of the pop-up that tells me I am infected when i am not?

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:20 PM

Posted 28 August 2007 - 06:34 PM

Super Antispyware should remove the malware. The Smitfraud malware reinvents itself almost daily so sometimes one tool will work when others want. You most likely have other malware that accompanies the smitfraud malware so be sure and use both programs. Please let us know the results.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 andre2345

andre2345
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 28 August 2007 - 08:07 PM

Those two programs did do some good, I found a few infected files that were then quarentined or disinfected. Unfortunately, it found but COULDNT disinfect or quarentine the file that is causing the problem.

It is located in C:\WINDOWS\system32/pipmon PIPMON, whatever that is, is the bad file. It bears the System Live Protect Logo and must be related to the problem. Unforturnately, when I try to delete it, I get a message that says,"Cannot delete Pipmon. Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.

I think (maybe) that it considers the file in use because i see an icon (Not deleteable) on my lower bar (that has the volume and other icons). Therefore, I cannot delete it because it is in use.

BUT ITS ALWAYS IN USE

lol can you help?

thanks BTW

#4 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:20 PM

Posted 28 August 2007 - 09:16 PM

You have another infection
Look in Add/Remove and see if you have any of the programs in the list below. If you do remove them.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
--------------------------------------------------------------------------------
If any of the programs above were found in add/ remove also run the Oin uninstaller
download and run this uninstaller.
http://www.outerinfo.com/OiUninstaller.exe
http://www.outerinfo.com/howto.html
--------------------------------------------------------------------------------

Use the Vundofix tool in the link below.
http://www.atribune.org/content/view/24/2/
--------------------------------------------------------------------------------

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 andre2345

andre2345
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 28 August 2007 - 09:26 PM

I looked and did not find anything related to the programs listed above.

I know it is part of the live protect virus. It is the part that says "your comp is at risk" and asks you to download live protect.

My problem is deleting the file (which i found) C:\WINDOWS\system32

it is not deleteable

thanks

#6 Reem

Reem

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 29 August 2007 - 01:13 AM

I looked and did not find anything related to the programs listed above.

I know it is part of the live protect virus. It is the part that says "your comp is at risk" and asks you to download live protect.

My problem is deleting the file (which i found) C:\WINDOWS\system32

it is not deleteable

thanks


Hey there. I recently had the same problem. I opened windows in Safe Mode and was able to delete it from them. Trying doing that then run a program to clean out viruses, malware, etc.. just so it doesn' come back.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:20 PM

Posted 29 August 2007 - 09:45 AM

If you cannot delete the follow in safe mode, download FileASSASSIN.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP/Vista only).
  • Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
  • Open the folder and double-click on FileASSASSIN.exe.
  • Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
    • pipmon.exe <-- C:\Windows\system32\ folder
  • Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
  • Click delete and the removal process will begin.
  • If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users