Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible PC Protection Center 2008 Infection?


  • Please log in to reply
3 replies to this topic

#1 StandardsDT

StandardsDT

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 25 November 2008 - 09:55 AM

Hello,

Yesterday I was trying to repair a friends computer that had a possible infection of PC Protection Center 2008. Let me list the basic details of what I see occuring.

Wallpaper on desktop was hijacked and set to a active desktop wallpaper displaying a blue and yellow advertisement that says the following, "Your computer has several fatal errors due to spyware activity". Along with "Update your anti-spyware protection".

Then there are the traditional balloons in the lower right hand corner saying there's an infection with the exclamation point warning sign. Then with a about 3 minutes it opens a Window asking to install PC Protection Center 2008.

I tried booting into Safe Mode and the infection prevents me from doing so. It just sits at the black screen with the Safe Mode text border. I tried the Diagnostics boot and the infection didn't like that either. The virus/malware still loaded and it messed with Windows Genuine Advantage. Windows now thinks that the hardware drastically change and we now have 3 days to verify the copy Windows. Trying to Verify it again just results in it saying there's an Active X issue and that it can't.

I also tried accessing TaskManager to see if the process was running but it disabled my ability to access TaskManager saying the Administrator disabled it even though I was on a Administrator account. So instead I tried Proc Explorer but I couldn't find anything in there that was suspicious.

I tried running Spybot and it wont load at all. Tried installing Malware Anti-Malware Bytes and SuperAntiSypware and the installers wouldn't run. I also tried HiJackThis and that would not load as well. And I also tried the SmitFraud Fix, I almost got some where with that but when it tried to delete the infected files it couldn't. It then went into disk clean up shortly after and the computer just froze up after the disk clean up wizard disappeared which resulted in having to press the reset button on the tower.

I made a backup of the registry, would this file be of use to anyone who can help me?

Should I try pulling out the hard drive, connect it to another computer as a external drive and scan it from that PC?

At this point I'm lost on what else I should try to do. Any suggestions?

Edited by StandardsDT, 25 November 2008 - 11:04 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:09 AM

Posted 25 November 2008 - 12:46 PM

You could try renaming the .exe files for SAS and MBytes. Right click on the files, choose rename and name them something like lastchanceone and lastchancetwo. Then double click on the .exes to run the install.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 25 November 2008 - 04:35 PM

Should I try pulling out the hard drive, connect it to another computer as a external drive and scan it from that PC?


Are you happy and feel OK to do that as it is one way to get the thing scanned ?

#4 StandardsDT

StandardsDT
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 25 November 2008 - 05:47 PM

You could try renaming the .exe files for SAS and MBytes. Right click on the files, choose rename and name them something like lastchanceone and lastchancetwo. Then double click on the .exes to run the install.


I'll give this a try tomorrow and see if that works.

Should I try pulling out the hard drive, connect it to another computer as a external drive and scan it from that PC?


Are you happy and feel OK to do that as it is one way to get the thing scanned ?


Yeah I'm perfectly fine with it. I've had to pull hard drives out at my current job to gain access to the drive so I could back up files since Windows wouldn't boot. I just need to remember to bring the Hard Drive Enclosure home so I can do the scan.

Edited by StandardsDT, 25 November 2008 - 05:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users