Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iSecurity has blocked my browsers


  • Please log in to reply
3 replies to this topic

#1 Mumx6

Mumx6

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 06 April 2012 - 07:42 PM

Good morning,

Comodo came up with their normal box in the bottom corner of my screen whilst I was surfing this morning and as I was only on my normal haunts and my Comodo advisor said it was Mozilla firefox (a safe program) making the change I clicked on the "treat as installer" and 'remember this" options. Next moment my firefox closes, I cannot reopen it, Chrome or IE and Malwarebytes. An IE Security screen pops up and says give me your credit card no. Not likely. I have found a new shortcut on my desktop for isecurity with the right time stamp for this morning's highjinks. A quick search on here tells me to safe mode with networking and to use TDSS killer - can download and run but at 40% says no drivers found, so haven't run it. Downloaded Rkiller as eXplorer - only program it killed was eXplorer. Allowed me to download the latest update of Malwarebytes and I'm currently running that and watching but I am not sure if this is a good thing or not. In the first 10 seconds it said 2 infections, 16 mins in and no others found yet. I will allow it to continue running and see what happens, however I will not be hitting the "Fix this" button until I hear otherwise.

Should I be worried that :-

1. It cannot find the drivers to run TDSS Killer?
2. Rkiller only shuts down eXplorer.exe and finds no other problems?

Forgot to add using Windows XP SP3

Please help

Edited by Mumx6, 06 April 2012 - 10:45 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:47 PM

Posted 07 April 2012 - 04:39 PM

Post your malwarebytes log

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

good luck

#3 Mumx6

Mumx6
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 09 April 2012 - 02:16 AM

Hi narenxp,

Thank you for your response. I ended up hitting the "Fix it" button on Malware on Saturday as the log looked okay.

My MalwareBytes log was:-

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Mum :: MOTHERHEN [administrator]

7/04/2012 10:23:05 AM
mbam-log-2012-04-07 (10-23-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 752163
Time elapsed: 2 hour(s), 22 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.FakeAlert) -> Data: C:\Documents and Settings\All Users\Application Data\isecurity.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Documents and Settings\All Users\Application Data\isecurity.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mum\Local Settings\Temp\161.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mum\Local Settings\Temporary Internet Files\Content.IE5\QQANA6N9\S4dAyBtK[1].exe (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\SmileyCentral.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
E:\My Docs\Downloads\SmileyCentral(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
E:\My Docs\Downloads\SmileyCentral(3).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
E:\My Docs\Downloads\SmileyCentral.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)

It still didn't find the drivers to run TDSKIller afterwards

I tried running your program yesterday but keep coming up with "pre-boot operation failed unable to continue"

I reran MalwareBytes yesterday and hit Fix it for this log:-

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mum :: MOTHERHEN [administrator]

8/04/2012 2:26:15 PM
mbam-log-2012-04-08 (14-26-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 753982
Time elapsed: 4 hour(s), 15 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{142193E0-9735-4F57-BBF9-82E91901904A}\RP1022\A0464639.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

I'm careful what I'm doing on this machine at the moment and all banking related activities are a no-no til am sure that everything is gone.

I have been unable to find the logs for Comodo where I said to treat this as an installer so that I can Quarantine it there too.

Feel like such a dill.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:47 PM

Posted 09 April 2012 - 09:06 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users