Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird messages keep popping up


  • Please log in to reply
10 replies to this topic

#1 tjdavis

tjdavis

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 02 December 2009 - 12:26 AM

Hello,

A few days ago I noticed that my computer was slow so I decided to reset it to a previous configuration. After this was done, it was suddenly flooded by rogue "antivirus" spyware that had installed themselves on my computer. I managed to seemingly get rid of these but now a McAfee SecurityCente and McAfee VirusScan messages are popping up saying components are missing or not properly installed. Also, it won't let me update MBAM and Super Antispyware, though they will still run. I've visited this site before and you guys have helped me out more than you'll ever know. Thanks for your support and help in advance. Don't know what I'd do without you guys!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 02 December 2009 - 09:32 AM

If you cannot update Malwarebytes Anti-Malware through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, be aware that mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Then rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tjdavis

tjdavis
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 03 December 2009 - 09:57 PM

Well, I tried to update it manually from the website and it seemed that that worked. I did a quick scan and it showed nothing. I was going to download the rules onto a clean computer but now it won't even startup. The first windows screen is really dark and faint. It won't load in safe mode either or in the last working configuration.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 03 December 2009 - 10:25 PM

Please download TDSSKiller.zip and save it to your Desktop.
Be sure to print out and follow the instructions provided on that same page for performing a scan.
-- If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.

Please download the Kaspersky Virus Removal Tool save to your Desktop.
Be sure to print out and read the instructions provided in How to use Kaspersky virus removal tool.
  • Double-click the setup file (i.e. setup_7.0.0.290_24.06.2009_12-58.exe) to install the utility.
  • If using Vista, right-click on it and Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
    .
  • Click Next to continue.
  • It will install by default to your desktop folder. Click Next.
  • Click Ok at the prompt for scanning in Safe Mode if you booted into safe mode.
  • A box will open with a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • System Memory
  • Startup Objects
  • Disk Boot Sectors
  • My Computer
  • Any other drives (except CD-ROM drives)
  • Click on the Scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, name the report AVPT.txt and select Save to file.
  • This tool should uninstall when you close it so please save the report log before closing.
  • When done, close the Kaspersky Virus Removal Tool.
  • You will be prompted if you want to uninstall the program. Click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste only the first part of the report (Detected) in your next reply. Do not include the longer list marked Events.
-- If you cannot run the Kaspersky AVP Removal Tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 tjdavis

tjdavis
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 04 December 2009 - 12:39 PM

Dp you mean that I should download these onto a clean computer and put them on a zip file and then onto the infected computer? If not how would I do this since I can't get past that really faint windows startup screen.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 04 December 2009 - 01:07 PM

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 tjdavis

tjdavis
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 04 December 2009 - 02:56 PM

For some reason, the clean computer I put my flashdrive into wouldn't even recognize it. I can't even open it up. I'm not sure it would have worked since I can't get it past the windows start up screen and access any of the accounts on the computer.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 04 December 2009 - 04:52 PM

In your first posting you indicated McAfee was providing alerts so I thought you were able to login normally. I missed the part in your next reply advising the computer would not startup.

If you cannot bootup or logon in normal or safe mode, then your options are limited.If you choose Hiren's, please be aware:

While this collection of tools can be very useful, potential users should note that many of the tools are commercial applications that have not been legally licensed for redistribution, and so download/use/sharing of Hiren's BootCD may be illegal (depending on your legal jurisdiction).

http://en.wikipedia.org/wiki/Hiren%27s_BootCD

Another option is to create a Bootable CD:These are links to Anti-virus vendors that offer free LiveCD or Rescue CD utilities that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Note: In order to use a rescue disk, the boot order must be set to start from the CD-ROM drive. If the CD is not first in the boot order, the computer will attempt to start normally by booting from the hard drive. The boot order is a setting found in the computerís BIOS which runs when it is first powered on. This setting controls the order that the BIOS uses to look for a boot device from which to load the operating system. The default will normally be A:, C:, CD-ROM. Different computers have different ways to enter the BIOS. If you're not sure how to do this, refer to:If at some point, you are able to boot up but have difficulty running programs, you can try using VIPRE PC Rescue. This is a utility designed to scan and clean a computer which is so badly infected that most programs cannot run. Virus definitions are included and the program is self-running once executed. All scans include Rootkit Detection. Be sure to print out and follow the instructions provided on the same page for running under Windows or with the Command Line option.

Important Note: Since the inability to boot properly was most likely caused by malware or attempts to remove it, you should know that some infections can result in a system so badly damaged that a Repair Install may NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition/format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Using System Restore may return your system to a more stable state so it can boot up if provided that feature was not disabled and you have usable restore points but there is no guarantee the malware will not still be present afterwards. You confront the same possibility when using a Boot or Rescue CD.

Starting over by wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk/Recovery Partition removes everything and is the safest action. Please read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 tjdavis

tjdavis
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 04 December 2009 - 05:47 PM

Well, I have a lot of data on my computer that is not backed up right now, so I really don't want to wipe it clean. If I were to use one of the rescue cd options would those erase all of my data?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 PM

Posted 04 December 2009 - 06:29 PM

They shouldn't. That's why they are called "Rescue". However, they are alternatives to use if System Restore Rollback using ERD Commander found in DaRT or System Restore from Recovery Console fail. I recommend you try those options first...then if you have to use the Rescue CDs make sure you read the documentation provided before using.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 tjdavis

tjdavis
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 05 December 2009 - 01:18 PM

My computer came with Windows XP already installed. Can I create a boot disc for it from a computer Windows Vista?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users