Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Secure Kit 2012-Suspected infection


  • Please log in to reply
No replies to this topic

#1 Ghonasiflaids

Ghonasiflaids

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 05 March 2012 - 10:52 AM

Hello, this is my first post here. My computer (Windows 7, Dell Inspiron)has been running VERY strangely, and has been for a while. Let me start off by saying what it is my computer does. The mouse pointer moves slowly, and awkwardly at times. The sound is slow and slightly distorted at certain pitches. When online, sometimes words (Which are not normally links) are blue highlighted links that are underlined, and when you hover over them with the pointer, a small window appears next to the word with a picture of a random advertisement that typically has nothing to do with the word that is highlighted. This happens on trusted sites, most often yahoo answers and other forum type sites. This behaviour started today, but this is not the first time.

Last time this happened, the problem was slightly worse. It happened a couple weeks ago, and the mouse pointer issue was almost unbearable, with the mouse pointer having a significant delay, and sudden sharp movements. This went on for about 1-2 weeks, with me constantly running antivirus programs (I have SUPERAntiSpyware Professional, Microsoft security essentials, Malewarebytes antimaleware trial, Priform Ccleaner, and mcafee security scan plus trial), and getting no results. Eventually, after a full, 4 hour long scan from Security essentials, I found this:

Program:Win32/PowerRegSchedular

With the following information provided:
Category: Potentially Unwanted Software

Description: This program has potentially unwanted behavior.

Recommended action: Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
containerfile:C:\Program Files (x86)\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\data1.cab
file:C:\Program Files (x86)\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\data1.cab->(ishld#0006)->[RSRCEmb]



After dealing with this apparently medium-level threat my computer went back to normal. However, two days ago, after clicking a google search result for the Civilization V tech tree, I was redirected to a completely different site, which was nothing but a white background, with a false antivirus type application running on the page, probably using flash or Java. According to my google chrome history, this was 'Windows secure Kit 2012'. Having dealt with a number of malicious false antivirus scanners before, I knew what was up, and I immediatly went to exit out of the page, to be prompted by a message saying, "If you leave this page your computer may crash!". This was a risk I was willing to take, lol, and exited my broswer. It should be noted that nothing was shown to be downloaded, and I clicked nothing on the page but the exit button.

Here is the name of that page. It was a page that I was redirected to, I didnt purposefully go to such a blatantly untrusted domain:
onlineusainfo5.com

Enter at your own risk. If you have some sort of windows emulator that does not carry over infections to your primary user, It would be quite helpful if you could check the site out for me. I looked up the site on an AVG site director, and it was labelled an active threat, linked to rogueware. Upon looking up this 'windows secure kit 2012', I got plently of results describing what this program does on your computer, it is your typical rogueware. The problem is, that my computer is showing no direct signs of this virus. I'm not getting any pop-ups saying 'your computer is infected, blah blah blah', and I'm not getting any false error messaged disabling me from using programs. In fact, my computer was running perfectly fine until yesterday afternoon, while I was playing Civilization V. The game was running smoothly with no problems when suddenly it slowed down quite a bit, rendering speeds halted drastically, and the familiar distorted audio returned. After exiting out and restarting, it appears my computer is back to its old tricks. The mouse moves slightly slow, not quite as bad as a few weeks ago. I'm getting no help whatsoever from antivirus programs.


And so, I come to you guys to help guide me through solutions. Tell me what information I should provide you for further help. Thank you.

Edited by Budapest, 05 March 2012 - 03:52 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users