Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Persisting problems after the fake MS Security Essentials Alert

  • Please log in to reply
No replies to this topic

#1 tixuana


  • Members
  • 1 posts
  • Gender:Female
  • Local time:10:06 AM

Posted 23 September 2010 - 04:05 AM

Hello, this is my first post, but not my first visit. I've gotten help by browsing old topics here on numerous times before, but the problem I have right now is so extensive, that I can't pick out the right info to help me as I'm not too tech-savvy.

So, I've got a 4-year old laptop, and got XP Pro for it the beginning of this year. Have malware protection and all, but I do use P2P, so no wonder that I sometimes run into trouble, which I however usually can handle easily. But about 2 weeks ago I got the fake Microsoft Security Essentials Alert, and after a long time trying all the stuff recommended and having none of it work (incl. rkill), finally SUPERAntiSpyware seemed to do the trick. After I scanned my system with MalwareBytes as well to be sure.

However, even though I was able to access the net etc, weird stuff kept happening:

* taskbar was randomly disappearing and reappearing, or disappearing all together, or changing to a very oldschool look la Win 95
* when shutting down Windows, explorer.exe was almost always unresponsive, and I had to click the "end task" button
* sometimes Windows was unable to even try to find a wifi connection, saying something about configuration etc. Had never seen this before. However, a reboot helped for this.
* and the most suspicious thing - on top of crashing all the time, when browsing, Firefox kept opening random tabs on its own. I haven't noted the names of the sites, since I mostly shut them down before they could load, but they're bound to be fishy and keeping me infected, because..

..a few days ago I got the MS Security Essentials Alert AGAIN. And this time SUPERAntiSpyware did not work. Tried for ages, rkill still did nothing, and finally Hitman PRO helped. The previously mentioned weird stuff still keeps happening, only this time it seems worse, since in addition to everything, sporadically some programs (e.g. XPlay) don't function, and yesterday I got a message of my system needing to shut down twice in 20 minutes. ("This shutdown was initiated by NT AUTHORITY\SYSTEM. Time before shutdown: 20 sec. Message: Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly."). I'd never seen anything like that before.

And because I'm now very wary of the Security Essentials thing coming back, I run scans at least daily with SuperAM, MalwareBytes, Hitman PRO and sometimes AdAware. The latter keeps finding that some system files (e.g. explorer.exe) are infected too. But I can't do anything about that, because I'm abroad and don't have the Windows disk with me to restore the original file. Heck, if I did, I would have formatted the whole thing long ago.

So, has anyone got any idea what's going on here? Is there a way to fix this or do I still need to get a hold of a disk to format?

If I need to give out more info, please tell.

Any help will be much appreciated!

EDIT: Scanning with Hitman PRO atm, and while doing the scan, it (always) displays this alert: "Possible variant of the TDL3 (alias Alureon) rootkit detected. The device stack of the hard disk is referencing a hidden driver. This could affect the detection of malicious files." And it keeps saying that some .sys files on C:/WINDOWS/system32/drivers are malware, as well as explorer.exe as previously mentioned.

EDIT2: Brand new problem now, without any warning I keep getting a momentary glimpse of a blue screen and then my comp reboots itself...

Edited by tixuana, 23 September 2010 - 05:22 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users