Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New version of Total Security [Moved]


  • Please log in to reply
2 replies to this topic

#1 mlucas

mlucas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 01 September 2009 - 06:08 PM

Hello,

My cousin asked me to take a look at his laptop as a new anti-virus he installed is locking up his computer. It turns out he has a new version of the Total Security spy-ware/virus. This one has a different logo, but acts mostly the same way as a previous version of Total Security that I removed off of a co-workers computer. In my searching for an answer, I saw how detailed your security team was, and was wondering if you could help me out. I read through the prep guide, but was unable to complete all of the steps.

Description:
There are three icons in the task bar that I think are working together. One is the red shield with a white 'X' symbol Windows XP Security Center uses when there is a problem. Another is a red circle with a white 'X'. The last symbol looks like a combination lock with a globe in the center where the dial should be. I do not see the normal shield symbol of the old version.

The desktop was replaced with a message stating that the user is in danger and needs to use the software.


What I've done.

I ran DDS, but it did not create the logs. The command window is on for long enough to read a line or two before it closes. No text files are created. Rerunning gives me the normal warning from Total Security that the file is infected and will not open.

I started running the RootRepeal scan, but the program closed before it finished running. When I tried to open the program again, I get the normal warning from Total Security that the file is infected and will not open.

I was able to get Process Explorer from sysinternals to run when I renamed it to iexplore.exe. I saw several find.exe files were running at the time. When I killed them, the icons mentioned above went away from the system tray, but I was unable to run DDS and RootRepeal.

HijackThis was able to be installed, but it suffered the same fate as the other programs. I think that these programs are being logged in the registry or somewhere in Total Security.

I tried all of this in safe mode, but I get the same results of no returned logs. Any ideas on what I can do in order to run the programs you requested?

Thank you for your time and help. I will check my email for updates as often as I can.

Michael

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:50 PM

Posted 01 September 2009 - 09:15 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 mlucas

mlucas
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 03 September 2009 - 08:52 PM

I wanted to pass on that I was able to get ComboFix to run, and it successfully removed one of the annoying dlls hesudobu.dll, but did not get rid of mowoledo.dll. I think these two are part of my problem. I was also able to run DDS, but HijackThis, RootRepeal, and Malwarebytes will still not run.
I will not post the log unless asked.

Thanks,
Michael

Edited by mlucas, 03 September 2009 - 08:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users