Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows found activity on this computer and will do a quick scan


  • Please log in to reply
13 replies to this topic

#1 silver threads

silver threads

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 17 February 2011 - 08:15 PM

Copied and pasted from Windows 7 forum
While browsing the internet last night the above message appeared on screen. I was unsure whether this was a genuine Microsoft alert or a fraud and shut down my computer when the scan started. I have now run a scan with McAfee Internet security which reported no issues detected. My concern now is not knowing whether this was a genuine part of the Windows 7 security or not and would appreciate advice on this. I am 3 days into a 30 day shareware trial of FastStone Capture and wonder if this might have been the cause of the "alert"

Since posting this I have been told that this was a scare tactic. I have uninstalled FastStone Capture in case that was the source of the "activity" and now when I turn on my computer I see an "Open With" screen on my desktop offering several choices to open programs for photos. I had been working a slide show adjusting photos when the warning of "activity" appeared on screen last night. I cannot remove this now and wonder if my security has been bypassed. I have McAfee Internet Security 2011 installed and running, have all the MS and Adobe updates.

Is there any way I can check if I have been attacked?

O.S Windows 7 Home Premium 64bit

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 17 February 2011 - 09:37 PM

Hello, that is a scarware. I want to run this and see what it shows.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 silver threads

silver threads
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 18 February 2011 - 07:31 PM

Thank you for that very helpful advice. I have run Malwarebytes and was relieved to see that the result was clear as shown.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5805

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/02/2011 00:06:26
mbam-log-2011-02-19 (00-06-26).txt

Scan type: Quick scan
Objects scanned: 162686
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Many thanks for taking the trouble to guide me through this, I will keep MBAM as another useful tool in the armoury. Unfortunately the "Open With" screen, now stuck on my desktop, is still there and couldn't have been caused by malware, probably by something I have done, but I do not know what and now I cannot remove it. In the real scheme of things it is nothing other than an irritation, but suggestions for its removal would be gratefully received.

D.W.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 18 February 2011 - 07:59 PM

You're welcome.

Try
Right clicking an empty spot on the dexktop and click Refresh.

use Ctrl + Shift + Esc to open Task Manager
see if there is someting running under Applications you can END
or under Applications is there something usinf a lot of the CPU column
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 silver threads

silver threads
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 19 February 2011 - 04:32 PM

I have looked in Task Manager and found the "Open with" "Choose the program you want to open this file" followed by 0 for the file and 14 choices in the main box listed in 2 colums. Skype and IE are also shown on Task Manager of course. I tried clicking on End Task to get rid of the desktop interloper and it seemed to work, however, on restarting my computer the same message is back again.

#6 silver threads

silver threads
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 19 February 2011 - 04:43 PM

sorry forgot, the Refresh (on the desktop) didn't appear to do anything - the message remained. The CPU does not appear to be racing, 0% spiking up to 15% but mostly 1%,2%,4%,5% do not know if this is usual.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 19 February 2011 - 08:08 PM

Let's use SFC them.
In Win 7 you will need to Open in an Elevated Command Prompt .


Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 silver threads

silver threads
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 20 February 2011 - 07:43 PM

Sorry for the delay, my reply seems to have gone astray.

I have followed your instructions (I think) but after 45 minutes of watching the c> curser flashing and nothing much happening I exited out and rebooted the computer but the Open With screen was still stuck on the desktop.. Have I been a bit impatient? I have no idea how long the scan should take and only wish I could remember how I managed to get the message on my desktop in the first place. Many of the choices offered refer to photo work, eg. Irfanview, Serif, Paint etc after I had been working on photos. Should I try the SFC again and let the process run for longer? I made 3 recovery discs and 1 Drivers and Applications disc on purchasing this new computer a few months ago but did not get any prompt to use them.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 20 February 2011 - 07:47 PM

Hmm, this should also work for W7
Go to File association fixes for Windows Vista

Click the exe box
Instructions:
To fix the association for a particular file type, download the corresponding fix from the above links table (Use Right-click - Save as option in your browser to download the fixes). Unzip the fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge. Note that you need to be an administrator to apply these fixes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 silver threads

silver threads
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 21 February 2011 - 06:20 PM

Thank you for that. Will it work for Windows 7? I don't have Vista on my computer. One other odd thing is happening, I cannot open emailed PPS files. I have the PowerPoint Reader and can download the pps file but I cannot see the content. I have tried the "open" option, the "save" option and the "open file" option and wonder if that is also adding to the problem.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 21 February 2011 - 08:26 PM

Hmm, this should also work for W7 ... I see i missed a couple letters.. Win7
The other issue may or may nt be malware related

If SFC still won't run after this,you may need to start this over in Win7 as you may have corruptions on the registry.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 silver threads

silver threads
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 22 February 2011 - 07:34 PM

I think a repair of Win7 is really the only solution as you suggest if the SFC won't cure it. I didn't mention the PowerPoint problem previously as I thought that was something that I had done wrong, I had been able to open them before and hoped it would come right. I would prefer to do a non destructive repair but I do not know if the Win7 disks I copied when the computer was brand new will allow this. Will have to back up everything now I suppose and make sure I am more aware in future.

Many thanks for all your help and guidance, it is much appreciated

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 22 February 2011 - 10:18 PM

Hello and you're welcome. sometimes this is the best solution.
This may be of help.. How to use the Windows 7 Recovery Environment Command Prompt

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

If you have any quetions on restoring ,ask i the WIN7 forum,they will be happy to assist.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 silver threads

silver threads
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester U.K
  • Local time:08:00 AM

Posted 23 February 2011 - 03:30 PM

Thank you for that suggestion. I assume this will repair my system from within the Win7 info on a part of my hard drive as there does not seem to be any need for a cd/dvd. I will choose the startup option as I did not set a recovery point - that would have made life easier - but there you are, I won't make that mistake again. I must say however, the black command/repair screen reminds me of the old DOS screens I used to key data into many years ago and then try to compile the results. A comma or a space in the wrong place and my efforts were for nothing and I would have to start all over again, user friendly it wasn't.

Will back up only the type of files you suggest and try this restore/repair option.

Many thanks for all your help. Will report back later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users