Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System security virus


  • This topic is locked This topic is locked
57 replies to this topic

#1 beth819

beth819

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 05:11 AM

Hi, I'm not sure if I'm posting in the right form, but I have the "System Security 2012" virus. When I got it, avira and windows defender warned me and blocked the trojan and avira put it in quarantine. But, there were still messages popping up all over my screen from the "system security " saying that I'm infected, so I shut my computer off because it was filling up the entire screen. I started again in safe mode and did another avira scan and it didnt detect anything, but the "TR/ATRAPS.Gen2 trojan" is still in quarantine.

I read the section on here about the system security uninstall guide and to download the tdds killer, but because I'm in safe mode I don't have Internet access and I'm afraid to start windows normally if I'm going to get those warnings all over my screen. And since it's in quarantine in avira, I figured I'd post here first and ask what to do before uninstalling anything,

Thanks in advance for your help,
Beth

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 PM

Posted 05 November 2011 - 11:02 AM

Do you have access to another computer?
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 11:24 AM

Hi Orange Blossom,

Yes I have access to another computer, a desktop.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 PM

Posted 05 November 2011 - 11:35 AM

Hello,

I'm moving this topic to the Am I Infected forum.

Use that other computer then, to download TDSS killer and the other required programs to a flash drive or disc, then transfer to the sick computer.

Please let me know how this works out.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#5 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 11:54 AM

Ok, I do this in safe mode though, right?

#6 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 12:23 PM

I ran the TDSSKiller from my flash drive in safe mode and it says no threats found. Do I need to do the scan again not in safe mode? Or do I need to do something else? Thanks.

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 PM

Posted 05 November 2011 - 12:38 PM

Please provide the link to the removal guide you are following.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 PM

Posted 05 November 2011 - 12:42 PM

This is the guide I'm looking at: http://www.bleepingcomputer.com/virus-removal/remove-security-guard-2012

Scroll down about a third, and you'll see the following header:

Automated Removal Instructions for System Security 2012 using Malwarebytes' Anti-Malware:

Edited by Orange Blossom, 05 November 2011 - 12:44 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#9 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 12:46 PM

Oh ok, I was looking at this link: http://www.bleepingcomputer.com/virus-removal/

The second one that says, remove system security 2011. But now I see you have a different link, so I will try the malwarebytes now. Thanks.

#10 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 03:00 PM

Hi, I was able to run malware bytes and it found 6 detections I think. I removed them and it restarted my computer. The system security 2012 is still a folder in Start/All Programs, and the shortcut is still in the recycle bin from when I deleted it yesterday. I'm also getting a message in the windows taskbar saying that windows has blocked programs from starting, but I don't want to click anything yet. Please let me know what to do next. Thank you.

#11 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 03:05 PM

Also, I just noticed that link you gave me is for "system guard 2012" but the virus that I have is "system security 2012" which is the link that I posted before. Not sure if that makes a difference since the instructions seem to be the same, but just wanted to let you know in case.

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 PM

Posted 05 November 2011 - 05:40 PM

Gah, search got mangled. I don't see any links in this topic other than what I provided.

So, here's the one for System Security 2011: http://www.bleepingcomputer.com/virus-removal/remove-system-security-2011 There does not appear to be one for System Security 2012

When it rebooted, did it reboot into normal mode?

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#13 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 05:41 PM

Yes

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 PM

Posted 05 November 2011 - 05:49 PM

Okay, update MBAM and run it again, this time in Normal Mode. If you have problems running it, run RKILL as it instructs in the removal guide then run MBAM.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#15 beth819

beth819
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 11:38 PM

I was able to run it in normal mode and it found no detections, but the system security is still there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users