Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Sphere 2012 - gone or not?


  • Please log in to reply
No replies to this topic

#1 EmmVee

EmmVee

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 21 December 2011 - 09:20 AM

Hello all,

I hope this is the right section for my query.

Yesterday I got hit by "Security Sphere 2012" and found the Remove Security Sphere 2012 (Uninstall Guide) page on BleepingComputer.com. I proceeded through it like so:

TDSSKiller
– No threats found

RKill
– It terminated "KbdStub.exe" (Hewlett-Packard) and "Sf.bin" (Alwil Software)

Malwarebytes' Anti-Malware
– Found "Trojan.FakeAlert" (named "~!#E90.tmp" in the Temp folder)

I then went through all the other steps except for points 23 to 26 (I looked at the Hosts file and it only had "localhost" and a list of "adobe.com" references) and point 27.

---------

After that, everything seemed to be fine, however I've just noticed that System Restore doesn't work how I'd expect it to...

Thing is, I haven't got a clue if it is a result of Security Sphere (or something more innocuous like ZoneAlarm?) because today was actually the first time I've used System Restore since I got my new system several months ago.

This is what happens:

  • I go to the Start menu and select System Restore.
  • I choose that I want to continue with this action.
  • It is nowhere on my screen, however when I go to Task Manger, "rstrui.exe" is running as a process.
  • Minutes later, it finally appears. (seems like an unusually long wait)
  • I then choose the point I'd like to restore to.
  • The sytem restore initialises and seemingly does all the normal stuff before the computer reboots.
  • Once back in Windows, everything appears normal - a program installed today is gone, while a program uninstalled two days ago is back - but then, a number of minutes later, I get an error message saying "System Restore did not complete successfully. Your computer's files and settings were not changed."

---------

What could be the reason for this? Is it likely to be a result of "Security Sphere 2012" still infecting my computer in some way? Or is it probably something else?

I was thinking of attaching a HijackThis log (btw, HijackThis told me that write access to the Hosts file was denied) to help determine if there's still anything amiss with my computer, however I'm not sure if any such logs are allowed to be posted in this subforum.

Thank you in advance for any help!

Kind Regards,
EmmVee

Edited by EmmVee, 21 December 2011 - 09:24 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users