Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows security alert - can't remove it


  • This topic is locked This topic is locked
3 replies to this topic

#1 rhestand

rhestand

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 25 September 2011 - 12:36 PM

The windows security alert is similar to what Wolfram does. However, it does not try to get me to buy fake antiviruses. Once it directed me to website for "guaranteed loans" and I had to kill explorer through the task manager to get off of it.

I have Malwarebytes Anti-malware professional but it still got through.
Ran RKill.com and seemed to find something. Ran Malwarebytes and removed what it found, then rebooted.
Virus was still there and this time I Ran every form of RKill and it stopped everyone of them. It won't let me run Malwarebytes either. On the computer, it changed the permissions of all those files so it says i can't access them anymore (including Malwarebytes). Used a thumb drive but it killed the process as soon as it started.

Did all of the above from safe mode. Each time I start in safe mode it says I'm in safe mode and asks if I want to do a system restore instead. I tried ignoring that and running RKill directly from the task manager (new task) with the same result.

On a different machine now.

Attached are the dds.txt and attach.zip files.

Please help!

Attached Files



BC AdBot (Login to Remove)

 


#2 rhestand

rhestand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 25 September 2011 - 03:35 PM

More info.

Was able to use TDSSKiller and it found: RootKit.win32.ZAccess.e and Service: Imapi (later one was high threat). Removed both.
Then was able to run RKill from thumbdrive - killed system32\grpconv and system32\verclsid

Ran Mbam but didn't find anything. When I reboot it just comes back. I did notice that the initial window that pops up when I run in safe mode that asks if you want to run in safemode or do a system restore disappeared when I ran RKill. I have not been clicking on any notices, just running tasks from the task manager.

Don't know what else to do.

Help!

#3 rhestand

rhestand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 28 September 2011 - 12:34 PM

I am being helped by Malwarebytes directly. I'm not sure how to close this topic.

Thanks,
Rue

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 28 September 2011 - 04:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users