Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP security 2012Alert


  • Please log in to reply
4 replies to this topic

#1 bradders1

bradders1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 26 June 2011 - 09:22 AM

hi

I have a laptop that has a virus on it. Comes complete with constant popups from XP security center 2012.

After doing a search i found your guide of how to remove the problem, but i have had no joy. The problem persists and i cannot open any exe files because of it. I did get as far as running the Malwarebytes program, but it froze and came back as 'not responding'. I have no other ideas.. can anyone help?

Thanks
Bradders1

BC AdBot (Login to Remove)

 


#2 bradders1

bradders1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 26 June 2011 - 09:52 AM

Just to give a little more detail, the Malwarebytes scan usually runs for about 24, 25 minutes before freezing. It finds 2 infected objects, but then stops and i can do anything else.

#3 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:06 PM

Posted 26 June 2011 - 09:54 AM

have you tried scanning in safemode?
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#4 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:06 PM

Posted 26 June 2011 - 10:25 AM

if it works then please post the log by using notepad to copy the text
and paste it here
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#5 bradders1

bradders1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 26 June 2011 - 11:29 AM

It appears to have worked. ran the whole way through and found 6 infected files. The log is below:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6954

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

26/06/2011 17:15:56
mbam-log-2011-06-26 (17-15-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 445016
Time elapsed: 1 hour(s), 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1467311115 (Trojan.ExeShell.Gen) -> Value: 1467311115 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4089812355 (Trojan.FakeAlert) -> Value: 4089812355 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Rachel\local settings\application data\ccr.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users