Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows AntivirusPro


  • Please log in to reply
3 replies to this topic

#1 jaymaj

jaymaj

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 21 August 2009 - 08:27 PM

New popup with every explorer page change tries to redirect to Windows AntivirusPro with a silver shiel;d at the bottom of desktop toolbar.

Popup also created and redirects to a new page that shows up as
findquest.net join2684.billmeplease.biz

New explorer pages also redirect to a page that shows as bright red with the verbiage
"website requested is unsafe. Please activate web software

If it's clicked on, it opens a new page that says ...

TOTAL SECURITY
Maliscious behavior detected

It appears to have infected andwill not allow me to run or download software. I was using the free "antivir pe classic" software and also tried to run (my existing) and or download new versions of malwarebytes and SuperantiSpyware softwares, but nothing will run or download. Popup says "application will not run due to infection. Please activate virus software"

Please help ASAP

BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:22 PM

Posted 21 August 2009 - 10:33 PM

Hello Jay,

Please note: Do this to close any rogue window. Repeat as needed.
Use ALT+F4 keys to close those rogue pop-up windows. Press and hold the ALT key & then press F4 key.

Read and try to do as much as possible in the following article
How to remove Total Security (Uninstall Guide)
http://www.bleepingcomputer.com/virus-remo...-total-security

Disconnect this pc from internet connection. Try restarting your system in Safe mode. (restart pc and right away tap & repeat tap F8 to get Advanced Bootup Options. Then select Safe mode.
Then do a full scan with Avira and let it quarantine what it tags.

If at all possible, make use of another system to get and download and save tools to removable media like CD, DVD, or a known clean USB-thumb-flash drive.
Try getting then running MBAM.

If you can manage to get the reports required below
See the "Preparation Guide"
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Do all the steps listed and afterwards post the required reports as a NEW Topic in the HijackThis/Malware Removal sub-forum , and not here.

Lesson learned too late, but you shouldn't have clicked on the Total Security rogue.
It -has- infected this system.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 jaymaj

jaymaj
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 23 August 2009 - 12:10 PM

It wants me to run process explorer to disable "total security" as a 1st step, but I am unable.

The process explorer window automatically changes to a page labeled .... windows32/desot.exe and just sits there blank without doing anything.

I also tried running files in safe mode, but the antivira, mbam and sas files just get a page the opens for a second or 2 and then shuts itself downn without running.


Please advise

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:22 PM

Posted 23 August 2009 - 01:44 PM

Desot.exe is a malware as well. Try to kill or end that process, if possible.

See the "Preparation Guide"
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Do all the steps listed and afterwards post the required reports as a NEW Topic in the HijackThis/Malware Removal sub-forum , and not here.
Someone will reply to your post there. Please have plenty of patience as the Malware Removal sub-forum is very busy.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users