Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus/spyware - Security Shield


  • Please log in to reply
5 replies to this topic

#1 calvis

calvis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 18 January 2011 - 08:01 PM

Hello,

Recently, my computer started receiving popups from my antivirus software (AntiVir). I apologize, I don't remember the exact viruses that were popping up with it. I told the program to move all to quarantine. Then, I noticed that there was a program that popped up on my screen that I didn't download called WhiteSmoke. Then, anytime I would try to click into anything a program called Security Shield would pop up. My computer is also running pretty slow.

I tried going through the basic steps and I'm tried to post my logs below, but the Security Shield program keeps popping up. So I've attached the logs. I hope that's ok. Also, I couldn't run the GMER program because the Security Shield program kept popping up. Talk about annoying!!

I would appreciate any assistance you can give!

Thank you.

Attached File  DDS01182011.txt   15.9KB   4 downloads
Attached File  Attach01182011.txt   13.91KB   1 downloads

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 18 January 2011 - 10:40 PM

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 calvis

calvis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 19 January 2011 - 08:14 AM

Hello,

I can't seem to post the contents of the log directly to this post, but it is attached.

Thank you.

Attached File  mbr.log   563bytes   2 downloads

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 19 January 2011 - 08:30 AM

Ok.. copy/paste (not cut and paste) the mbr.exe that you saved on the Desktop to C:\WINDOWS folder..

Then, go to Start >> Run >> copy/paste below >> Press Enter

mbr -f

Then a logfile (mbr.log) will be created on your screen (find it at C:\Windows\mbr.log)



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 calvis

calvis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 21 January 2011 - 10:31 AM

I apologize in the delay with my reply. I've been stuck at work all week.

I hope to be able to reply back this weekend.

I appreciate your assistance!

Thank you.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 January 2011 - 09:49 PM

ok :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users