Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Windows Security Center (quickhealcleaner)


  • Please log in to reply
4 replies to this topic

#1 echappee

echappee

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 07 September 2009 - 04:36 PM

I have a laptop running Windows Vista Business that has Norton Security Center 2009 on it. Last night while surfing the net I tried to run a video that immediately started downloading some type of software. I immediately tried to cancel the download, but could not stop it. Now, I am getting pop-ups (every few minutes) from a new icon in the taskbar that looks like a Windows Security Center icon) telling me that the computer is infected with spyware and to register my copy of Quick Heal Cleaner to remove spyware threats. When you click on the icon, it opens a (bogus) "Windows Security Center" window with a "recommendations" that opens another pop-up telling me to register the Quick Heal Cleaner program. So, here is what I've done.

1. Downloaded Malbytes Anti-Malware and ran the program. MAM found one threat (trojan.downloader) that I removed thinking this was the fix! However, upon re-boot, the bogus icon was still in the sys tray and I am still getting the op-ups. So, next...

2. Downloaded Spybot and ran the program. Spybot found "no immediate threats." So, next...

3. Started Task Manager to see if I could identify what process was doing this. I found an .exe file (v6seo0si.exe) with the description "security center" running and killed the process. This seemd to stop the pop-ups, but does not make the icon go away.) I checked "Add/Remove programs" but this program is not in the list. Using Task Manager, I was able to track this exe file to the system32 folder in Windows and see that the "Date Modified" was the same time as the bad download occured. In addition to the .exe file, there are 58 additional files with the same "date modified" in the system32 folder. So, feeling the need to try something else...

4. Downloaded Ad-Aware and ran the program. Ad-Aware identified 8 threats, including the v6seo0si.exe file. Ad-Aware then proceeded to claim that the items were removed and the threats were eliminated. Not so, the icon is still in the sys tray and I am still getting the pop-ups. So, next ...

5. Started the computer in "Safe Mode" and ran all the spyware programs agin, but NONE see any threats at this time.

6. Also of note: I cannot determine what is loading the "security center" file using System Configuration. There are two programs listed that I do not recognize... One is listed as "Windows Defender" and has a -hide at the end of the command (WIndows Defender is NOT loaded on my computer..., and another program listed as Microsoft Pinyin IME 2007 that I don't recognize.

So, my computer still has the pop-ups asking me to register the QuickHealCleaner program, which appears some sort of spyware. So, what do I do next?

Thanks,
Ed

BC AdBot (Login to Remove)

 


#2 echappee

echappee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 07 September 2009 - 09:34 PM

bump

#3 echappee

echappee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 08 September 2009 - 08:47 AM

Bump - please help!

#4 echappee

echappee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 08 September 2009 - 09:30 PM

bump

#5 echappee

echappee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 11 September 2009 - 09:32 PM

Well, I must say that I am disappointed with this forum, and the fact that no one even replied to my request for assistance. Note that I was able to locate help on another forum and was fully able to remove a nasty malware infection with good guidance. If ANYONE is interested in seeing what it took to remove this malware, you can check out this thread: http://www.malwarecrypt.com/showthread.php?t=293. Hope this helps someone!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users