Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Windows Security Alerts [Moved]


  • Please log in to reply
4 replies to this topic

#1 rickmonrickmon

rickmonrickmon

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Smith, AR
  • Local time:11:14 PM

Posted 10 September 2009 - 03:17 PM

HELP!

Somehow I inherited a virus yesterday. which initially appeared to be the Windows Police Pro. My AVG didn't catch it and wouldn't run when I attempted to manually start it. I downloaded MBAM and ran it initially... but somehow it appeared to be "intercepted" and crashed. With MBAM, however, I was able to identify and remove some elements of WPP... but now it has "become" Windows Security Center and is showing all sorts of errors (which I realize are not accurate). I have tried numerous things since then, including the instructions to run Combofix, DDS and RootRepeal... all to no avail. None of them would run. I don't think that I will be able to post a HijackThis log, either.

I'm fairly familiar with computers, but I am running out of ideas on this one. Can anyone help? Thanks in advance... and I promise, I'm patient!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:14 AM

Posted 10 September 2009 - 03:46 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 rickmonrickmon

rickmonrickmon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Smith, AR
  • Local time:11:14 PM

Posted 11 September 2009 - 08:42 AM

OK, some more detail.

1. When I start up the computer, it gets to the "Press Ctrl-Alt-Delete to begin" screen. Just prior to that being displayed, a "GoogleUpdate.exe - Application Error" screen pops up. It states that "the exception Breakpoint. A breakpoint has been reached. (0x800000003) occurred in the application loader at location 0x00406eef. Click on OK to terminate the program. Click on Cancel to debug the program." I click on OK (but I don't have to), then sign in. NOTE: That pc is NOT connected to the internet while all of this is going on.

2, As it is signing me on to the pc, I get a "Google Installer" message that says "Google Installer has encountered a problem and needs to close. We are sorry for the inconvenience." It gives me the option to tell Microsoft about this problem. Then, all of a sudden that screen goes away.

3. Several balloon screens then pop up warning me of infected files, applications that cannot be executed, etc.

4. A screen by Total Security then pops up, listing numerous trojans, adware, worms, etc. and runs a scan

5. The "Work Offline" screen pops up stating I have no internet connection and asking me if I want to work offline or try again.

If anyone has any suggestions, please let me know. Thanks!

#4 rickmonrickmon

rickmonrickmon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Smith, AR
  • Local time:11:14 PM

Posted 11 September 2009 - 08:58 AM

At the suggestion of someone in the BleepingComputer chat room, from a flash drive, I'm renaming the MBAM-Setup file to something else (Elvis.exe) and restarting my pc in safe mode to see if it will install at that point and work.

As I clicked "Restart" from normal XP mode, as it was shutting down, a blue splash screen saying something along the lines of "You have spyware that needs to be removed...." shows up. It did restart and I'm booting up in Safe Mode.

So far in Safe Mode (no network), as it boots up, nothing crazy is popping up. A box that says "Desktop" that tells me that "Windows is running in safe mode", then giving me options to work in safe mode or use system restore (I've actually tried going the System Restore route, but it won't let me change anything".

I have copied the newly named Elvis.exe file to the desktop and clicked on it. It seems to be installing. I did ask it to name the program Elvis, just for consistency's sake. Unfortunately, the installer began working, but it got to where it is Extracting Files, and is not progressing any further.

#5 rickmonrickmon

rickmonrickmon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Smith, AR
  • Local time:11:14 PM

Posted 11 September 2009 - 10:52 AM

Posted Win32KDiag.txt log here

http://www.bleepingcomputer.com/forums/t/256862/windows-police-pro-win32kdiagtxt/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users