Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp home security 2012 has blocked a program from running


  • Please log in to reply
8 replies to this topic

#1 lenore1991

lenore1991

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:58 PM

Posted 15 January 2012 - 03:55 PM

Help!

My computer has got a virus, and i can't remove it.
I've tried following some steps here, but it wont seem to work. I've tried to run TDSSKiller program but it wont remove the detections.
The funny thing is, about a week ago my computer got the fake xp security messages, I didn't bother to do anything about it and just
used my old computer instead. But now that one is infected too! Can it have something to do with my internet connection?

I can't use any programs, it will only tell me that it is detected a spyware in the program i try running, and wants me to buy a protection
to get rid of the program..

I'm not very good at this so if someone could please tell me step by step what I could do.. :blink:

BC AdBot (Login to Remove)

 


#2 lenore1991

lenore1991
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:58 PM

Posted 15 January 2012 - 04:54 PM

btw I also tried rkill, but that didn't work either..

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 AM

Posted 15 January 2012 - 05:45 PM

Hi lenore1991 and welcome to the forums!! :thumbsup:

My name is bloopie. Let's see if I can give you a hand with your problems.

Could you please check this page, and tell me if your popups match the images on the link I provided?

If so, you should first try to rename Rkill so that it doesn't have the .exe extension and can run. Follow these steps:

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck: the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now find the Rkill file you downloaded earlier, right-click it and choose rename. Rename it to lenore1991.com.

Then try to rerun the renamed file. If it completes it's run, do NOT reboot!! Immediately download MBAM and run a full scan as per the instructions in the link I provided earlier.

Let me know if you have any trouble with the above steps.

bloopie

Edited by bloopie reborn, 15 January 2012 - 05:48 PM.


#4 lenore1991

lenore1991
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:58 PM

Posted 15 January 2012 - 06:02 PM

Hey! thank you!

When i've run the rkill, a log file appears and it says; "process terminated by rkill or while it was running: C:\WINDOWS\system332\taskmgr.exe"

did it work or not?

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 AM

Posted 15 January 2012 - 06:08 PM

Hi again,

Yes, it's working...do not reboot after Rkill runs!

:step1:
Now, please download Malwarebytes' Anti-Malwareand save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Once MBAM scan is complete you can reboot to remove infections. Please post that log in your next reply.

:step2:
Next, please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

:step3:
Please post both logs in your next reply.

bloopie

Edited by bloopie reborn, 15 January 2012 - 06:12 PM.


#6 lenore1991

lenore1991
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:58 PM

Posted 15 January 2012 - 06:22 PM

It's scanning as hell here x) but to answer your question, yes its exatly those messages that pops up all the time.
but i'm wondering how this could happen at both my computers? Is it something Ive done wrong, or can do to prevent the problem
from accuring again? thank you very much for being patient =) heh..

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 AM

Posted 15 January 2012 - 07:32 PM

No problem, it's my pleasure to help! :thumbup2:

These things do take time, so please be patient. :wink:

If this infection has been spread to another computer, it could have been caused by a USB device. I'll need to see the MBAM logfile for a better look, though.

One thing you can do to prevent your USB device spreading an infection is to use the Flash Disinfector:

Please do this after the MBAM scan and reboot to remove infections!

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

After running Flash Disinfector on your USB, you should be able to transfer files between computers without propagating the infection. You can then follow the same steps on the other infected machine as you did here...if all goes well.

Don't forget to post the logs here for review. :thumbsup:


bloopie

#8 lenore1991

lenore1991
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:58 PM

Posted 15 January 2012 - 07:49 PM

gmer scan sure takes its time, yes -_-
My computers haven't been connected in any way, other than using the same internet cable..
but after i scanned my computer it told me to reboot immediately, so i could'nt get the log.. =/
should i scan it again, and then post?

I'm also currently using my laptop to talk to you, cause the stationary computers wont work other than in safe mode...
If I start it normal mode, only the warning window comes up... not start menu, or desktop icons or anything but those damn
virus warning windows.... :wacko:

I'm really really green at this, and really really thankful, cause i can't afford new computer right now.. :thumbup2:

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 AM

Posted 15 January 2012 - 08:57 PM

Hi again,

If you've already scanned with MBAM you can find the result log by opening Mbam again, then clicking the "Logs" tab, and open the log that corresponds to the date of the scan. Please copy and paste that log here for review.

Also, it's important we get the Gmer log as well. Without those logs it would be hard for me to know how dangerous the infection is and the proper steps to take to remove it. :thumbup2:

When you ran Rkill, did it seem the computer ran more smoothly without any popups?

Mbam should have removed most of the infectious material on the machine, so post the MBAM and GMER logs please.

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users