Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Windows firewall popup, scans being killed


  • Please log in to reply
1 reply to this topic

#1 jlonecke

jlonecke

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 06 September 2011 - 10:26 AM

Guys- I hope someone can offer up some assistance here, we're beating our heads against a wall over this one.

We've got a client running Windows XP SP3, and all of a sudden he's getting a "Windows Security Alert" popup that talks about windows firewall blocking access to programs such as AV and malware scanners. If you select 'unblock' the programs will open and your scans will start up with no problem....then simply shut off.

This happens with:

SuperAntiSpyware
Malwarebytes
Spybot
Kaspersky virus removal tool
Hijack This
...et al.

The browser is being subject to a hijacker too, so there's no searches to be done on this machine, from IE or Firefox.

I've searched the boards here for a solution, but the closest I can find is a report on "False Microsoft Security Essentials" or something along those lines that suggest running Rkill to eliminate nasty processes that stop these scanners from running.

Well, we tried that. RKill comes up with NO malicious processes.

Anyone ever seen this one before?

As a side note: We've seen this one once before and decided to do an external scan on it- hook the drive to a bridge and scan it with a healthy machine. It got rid of the infection alright, but it also screwed up something badly enough that there was an error message on startup IN GERMAN! And we weren't able to mount the drive back to a PC to back up data from it...we needed to use a Mac to see anything that was still on the drive.

We're at a loss here. If anyone's got anything we can try- aside from 'wipe the drive and start over' please let me know.

Thank you.

-Jason

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:54 PM

Posted 06 September 2011 - 11:36 AM

Hello, We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users