Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


mse, security centre & defender disabled after trojans

  • Please log in to reply
1 reply to this topic

#1 Wiilm


  • Members
  • 3 posts
  • Local time:11:14 AM

Posted 17 May 2011 - 03:38 PM

EDIT ***SOLVED*** (see post following)

windows 7 64-bit

I downloaded some trojans that mse detected and cleaned
Then I ran malwarebytes and it discovered some more and cleaned them

On next reboot there was message to turn on security centre
I couldn't - in services it was disabled and I set it to auto & clicked start but it wouldn't error 1058 popped up.
Microsoft Security Essentials wouldn't open

spybot shows that security centre has been disabled in registry but cannot fix it.

I've tried scanning again with malwarebytes and SAS, hijack this, eset & housecall online scanners but they show nothing.

I scanned in normal and safe mode using Rkill.exe first but problem persists.

I also noticed that system restore points had all been knocked out and system restore had been turned off - restore seems to working o'k now.

mse trojans


Memory Processes Infected:
c:\Users\****\AppData\Local\Temp\Sdl.exe (Trojan.Downloader) -> 3100 -> Unloaded process successfully.
c:\Users\****\AppData\Local\Temp\Sdj.exe (Trojan.Downloader) -> 3728 -> Unloaded process successfully.
c:\Windows\Sfacaa.exe (Trojan.Downloader) -> 2608 -> Unloaded process successfully.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Downloader) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.

Files Infected:
c:\Users\****\AppData\Local\Temp\Sdl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\Sdj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Sfacaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\Sdk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Edited by Wiilm, 17 May 2011 - 06:43 PM.

BC AdBot (Login to Remove)


#2 Wiilm

  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:14 AM

Posted 17 May 2011 - 06:42 PM

Fixed it! .....another 4 hours gone :busy:

I uninstalled MSE and installed Avira free in it's stead.
(Avira is usually my av but I was giving MSE a go)

Scanned with Avira and it found
tr/vundogen in syswow64\vssapil.dll

java agent/jg.java virus in sun java cache

Edited by Wiilm, 17 May 2011 - 09:13 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users