Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake MS Security Essentials removal fail


  • Please log in to reply
1 reply to this topic

#1 Iliya1

Iliya1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 19 October 2010 - 09:18 PM

Hello. I'm posting this for my daughter who called me from college saying her laptop computer was infected with the fake Microsoft Security Essentials trojan. Using another computer, she followed the instructions on this page: http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert

She did run the rkill.com and the Malwarebytes program. It did not solve the problem, so, using another computer, she then went to this page: http://www.bleepingcomputer.com/forums/topic34773.html

and tried to follow the instructions there. She was able to tranfer the DDS program to her infected computer, but she cannot open anything. When she tries, she gets a message: "file ???.exe is infected with virus ???.exe. This worm is trying to send your credit card detailss using ???.exe."

Then, after the computer has been on for about 5 minutes, she gets the BSOD, and has to re-set.

Can someone help? Thanks!

I forgot to mention she is using Vista 64 bit OS.

Merged posts. ~ OB

Edited by Orange Blossom, 19 October 2010 - 10:22 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:13 AM

Posted 29 October 2010 - 07:24 AM

Hello Iliya1

Welcome to BleepingComputer :)
==========================
Please run the following from Safe mode.
If you do not know how to get into Safe mode then see the following link > http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#vista
Then do the following:
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users