Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with Browser-security.microsoft.com

  • This topic is locked This topic is locked
1 reply to this topic

#1 openfaced


  • Members
  • 52 posts
  • Local time:03:29 AM

Posted 27 June 2009 - 05:49 PM

I have posted this in the other forums, but have not had luck. I have posted the conversation from the other forum so you will know the back-story and what was attempted. If anyone could instruct me on how to remove this, that would be great.

Thanks in advance,

(please read below)

In the past I was infected with Virtumonde as well as Spyware Protect scam. I used hijack this and your combofix and things seemed to be working fine for the last few months.

However, now my internet has been slow, sometimes downloads don't move past 0% or crawl at less than 50 bytes per second (I obviously unplugged and restarted my modem). Also some programs have failed to open, spyware/malware updates won't download, and right click functions are sluggish.

I ran the following and here is what they found:

AVG antivirus and it found nothing
Malwarebytes found nothing
Spybot Search & Destroy found nothing
Registry Booster found its usual problems but fixed them all
Adaware 2008 found the following Critical Object: Redirected Host File Entry: IP Address Host Name: Browser-security.microsoft.com

Adaware was unable to remove or quarantine the object.

So I looked how to manually remove it but couldn't find any of the files they say to remove on my computer. Could you please help me find out what I am infected with and how to go about removing it?

Thank you so much for your help.


There's an older tool which is not used anymore, but it might remove this particular entry for you. Let's give it a try:

Download CWShredder here to its own folder.
Open CWShredder.exe and click the Check For Update button.
After downloading any necessary updated, please close the program.

Now reboot into Safe Mode. (Copy or note the instructions before you go into Safe Mode).
This can be done tapping the F8 key repeatedly (gently) as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.

Now run CWShredder again, by doubling clicking on the program.
Click "Fix" and then "Next", let it fix everything it asks about.
After the tool has finished, reboot your computer into normal windows.

Then please do the following:

Please download ATF Cleaner by Atribune & save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Let me know how this went?


Thank you for replying and helping with my issue.

I downloaded and ran both scans, following your instructions. The CWShredder found nothing, and the ATF Cleaner cleaned up several things. However, I ran Adaware again and still found the same error.

Any other suggestions?

I appreciate your help

BC AdBot (Login to Remove)


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests

Posted 27 June 2009 - 05:58 PM

Please wait for a reply from Zllio in your post here openfaced. :thumbup2:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users