Posted 25 August 2011 - 09:45 PM
First of all let me state that I have had the occassional problem in the past that required my perusing of your site. In each prior instance I was successfully able to restore my system state to normal. That said, I've now currently got an issue that my anonymous reading of your forums has been unable to correct, hence the site registration and now first post.
I'm running Windows XP Professional, SP3 on a 2.8GHz Dell with 1MB RAM.
The issue I've got seems to be related to the previous ones in that it involves a sudden popup of a fake security alert. Previously it was MS Removal, which I successfully handled per your forum's instructions.
This one is Zentom System Guard however and is behaving differently.
The fake system scan and it's accompanying plethora of warnings only occured once upon initial infection. Having already had RKill downloaded from previous Malware infections, I immediately tried to run it to stop the processes. It mentioned a missing dll file in the split second between double clicking on it and the DOS command window opening. I didn't see the message long enough to note the exact name before the DOS window covered it up. Then before RKill could finish running, the window was closed evidently by the malware process trying to protect itself.
At that point I tried opening task manager with CTRL ALT DEL and it too was immediately closed before I could make note of any of it's contents.
I did at that point run a MBAM quick scan and had a return of 40+ results infected. After quarantining them and rebooting back into Windows, I immediately tried to open Task Manager again just to see if the problematic process was still 'alive'. Again and again, however, it would either not open at all or only open for a split second and reclose. Clearly the MBAM scan didn't take care of the problem.
At this point I returned to your site and followed the link to download alternate versions of RKill. After having done so I still had no success in running any of them. Each file now, however, gives a series of errors messages, stacking on top of one another (usually 3x) stating "Instalation Failed". Then, depsite the message, I see RKill try to open and run in it's DOS window behind them, only to be reclosed within seconds before actually running.
So I'm assuming the MBAM scan isn't effective because of whatever process running that's preventing RKill and Task Manager from opening is also just replicating itself after my MBAM scans.
And while I had the original Zentom message and fake scan, it has never again returned after the first instance and subsequent MBAM scan. At this point, other than the inability to run RKill, Task Mgr, and additionally RegEdit, the only other popups I'm getting are an occasional series of System Warnings quote boxes in the taskbar that read as follows:
Keep your computer safe from viruses and malicious programs thatcan slow down or break your system
Spyware protection is disabled. Your personal data is at high risk of being stolen and misused.
Additionally I should note the following:
** I HAVE not yet run a full MBAM scan because it takes hours on my system and given the inabililty to kill the process w/ RKill I'm reluctant to devote that much time to what I fear would be a fruitless exercise.
** I HAVE booted to safe mode w/ networking and attempted all of my above steps as well (that being trying to open task manager, regedit and all versions of RKill to no avail.
** I DO HAVE Hijack this and have run a scan and found several obviously fake lines in the "HKLM....Run" section (04) which I then deleted. I have the scan log of this available as well, just didn't want to initally overburden this post with it. The one that keeps reappearing, however, is as follows:
O4 - HKLM\..\Run: [Kwarawopik] rundll32.exe "C:\WINDOWS\ogutuqoleziba.dll",Startup
In closing and summary, unlike the previous fake security malware occurances I've had before that have prevented me from being able to run MBAM or basically anything other other than Internet Explorer, this one is allowing me to run basically anything I want still, with the exception of those I stated (Task, RKill, regedit, DOS windows, etc.)
I understand that I've not yet done all the steps necessary to fully diagnose on my own, but assuming it will hours or days before you're able to help I wanted to at least start this ball rolling and I will update with the results of other scans/findings in the interim.
Thanks so much for your talent and help. This site has been very beneficial to me over the past six months and hopefully even moreso over the next few days!