Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Security Center, AVCare, Error Popup, CANNOT RUN TASK MANAGER or APPLICATIONS


  • Please log in to reply
87 replies to this topic

#1 EvanTheMagician

EvanTheMagician

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 17 August 2009 - 05:28 PM

Hi,

I am having problems with my other computer. It seemed to be infected with a fake virus warning a few days ago and I rad a few virus scans and removed everything that was found. Since then, I have had numerous "Your computer is infected" popups in my System Tray that lead to AVCare opening up and beginning to run on its own. I cannot open Task Manager or some applications as an error pops up reading "Application cannot be executed. The file is infected. Please activate your antivirus software." This happens in Safe Mode too. When in Normal Mode the AVCare runs in about 5 different windows and I usually get around 10-15 System Tray Icons of the fake security center.

I am unsure what to do now, as I can only run some things and in Normal mode I get so many popups and AVCare windows that it becomes filled with the windows and system tray icons.

Please help me, anything is appreciated. Also, I am typing this on my other computer as I had trouble getting online with the infected computer, but that computer is accessible once I need to do something to start the process of healing it.

Thank you.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 17 August 2009 - 08:12 PM

You could try this scan:

http://www.freedrweb.com/livecd
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 18 August 2009 - 02:16 PM

I cannot get that scan to run correctly on the infected computer.

Can someone please help me? I need to get this computer up and running again.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 18 August 2009 - 04:29 PM

See if you can run this scan from "Safe Mode with Command Prompt":

http://live.sunbeltsoftware.com/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 18 August 2009 - 06:20 PM

I was able to run that off of a flash drive. It said that it found and cleaned the infections. But back in normal mode, the fake secuirty center is still there, AVCare is still there, and my background is gone and it says "Your computer is infected".

It is even worse and not a single program on the computer will open. Every program I click leads to an error message saying it cannot be opened. I cannot even get to the task manager.

PLEASE help me.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 18 August 2009 - 06:30 PM

Go Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll to Non-plug and Play Drivers and expand that.
Post back what you find there. Especially look for something called TDSSserv.sys.

Edited by Budapest, 18 August 2009 - 06:31 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 18 August 2009 - 06:39 PM

When I click on "System" a message pops-up saying "C:\WINDOWS\system32\rundll32.exe This application failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem."

Should I try this in Safe Mode?

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 18 August 2009 - 06:41 PM

Yeah - try in Safe Mode.

Look for the following:

tdss(other random characters)
uac(other random characters)
SKYNET(other random characters)
ab56sy26 (or similar 8 character random name)
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 18 August 2009 - 06:48 PM

I just tried in Safe Mode, got the same error message.

Edited by EvanTheMagician, 18 August 2009 - 06:48 PM.


#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 18 August 2009 - 06:51 PM

Try to open the Device Manager this way:

Right-click on My Computer > Manage > Device Manager.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 18 August 2009 - 07:00 PM

OK, still in Safe Mode, I was able to do that.

I do not see any of the 4 you listed and I do not see TDSSserv.sys.

I see:
1394 ARP Client Protocol, AFD, ASCTRM, ASPI32, Bepp, dmboot, dmload, EABFiltr, Fips, Generic Packet Classifier, HTTP, IP Netowrk Address Translator, IPSEC driver, ksecdd, MBAMSwissArmy, mdmxsdk, mnmdd, mountmgr, NDIS Sytem Driver, NDIS Usermode I/O Protocol, NDProxy, NetBios over TCIP, Null, Parport, PartMgr, ParVdm, RDPCDD, Remote Access Auto Conntection Driver, Remote Access IP ARP Driver, Remote Access NDIS TAPI Driver, SBRE,Secdrv, Serial, sptd, Symantec Eraser Control Driver, TCIP/IP Protocol Driver, VgaSave, VolSnao, Windows Driver Foundation, Windows Socket 2.0


Those are all listed under Non-Plug and Play Drivers.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 18 August 2009 - 07:04 PM

I don't see anything bad there.

What exact problem did you have with the first scan I recommended?

Edited by Budapest, 18 August 2009 - 07:05 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 18 August 2009 - 07:07 PM

When I burned it to the CD and tried to run it, the window was too magnified to be able to view any of the scanner controls and the scanner would start but then stop.

I still have trouble with all applications, even in Safe mode.

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 18 August 2009 - 07:10 PM

Here's a different one you can try:

http://www.free-av.com/en/products/12/avir...cue_system.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 18 August 2009 - 07:28 PM

I burned that to a CD, put it in, and restarted the computer. It restarts normally and does not boot from the CD.

Should I manually have it boot from the CD or is it supposed to do it automatically?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users