Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! Please! Bogus Firewall popup, bogus Seurity Shield, etc


  • Please log in to reply
8 replies to this topic

#1 ramonv

ramonv

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 May 2013 - 07:34 PM

Hi,

 

Came home from the movies, turned on my pc, and immediately got bogus virus scan thing going, with bogus firewall pop-up, and "Microsoft Security Shield" in tray.

It closed my browser, and won't allow me to re-open.  Won't allow Malware Bytes to run, cuts off McAfee scan after about 5% of scan.

What do I do?

 

Currently, I have logged into another ID on the pc, and was able to open a browser, and install Malwarebytes for that user (my son).

It is running, and has detected 5 objects so far.  But will this clean up the problems on my profile?

 

I don't remember how to start in safe mode, and run malware bytes from there, or how to download something else, like superantispyware, while in safe mode.

 

I need my pc working, because I run a e-commerce business from my home, and everything is on that one PC, and none of my peripherals are compatible with my laptop, as the PC is Vista, and the Laptop is Win7 64.

 

It is na HP Pavilion Desktop, with Vista.  Microsoft firewall is turned off because it isn't compatible with my McAfee, which is provided by AT&T (my ISP).

 

Any help would be greatly appreciated.

 

Oh... I have tried in the past to use the restore feature, and it never works on this pc.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 03 May 2013 - 07:49 PM

Hello, yes running a Full scan

But Run Rkill first then rerun MBAM

This tool simply does the following:

  • Terminates approximately 320+ known rogue processes
  • Deletes some of the more annoying protection processes commonly being used today:
    • c:\Windows\svchast
    • c:\Windows\svchasts
    • c:\Windows\svohost
    • C:\program files\Windows Police Pro\Windows Police Pro.exe
  • Uses the reg command to fix the following policy restrictions:
    • Disable TaskManager
    • Disable Regedit
    • Disable Run menu option in the Startup Menu

 

 

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

•In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
•Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)?Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.

•A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
•An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
•Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
•If nothing happens or if the tool does not run, please let me know in your next reply.

 

 

Post the new MBAM scan log.

The log is automatically saved and can be viewed by clicking the Logs tab.[/*] [*]Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

 

How is it now?


Edited by boopme, 03 May 2013 - 07:53 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 May 2013 - 07:55 PM

Okay, so that was a "yes" to the question of whether a full Malware Bytes scan will clean up all profiles on this pc?

Since I'm already running MB, do I need to abort it, to download the Rkill?



#4 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 May 2013 - 07:58 PM

Well, I guess I didn't have to abort MB, because I clicked on one of those links, thinking it would take me to a download page, but it started the download, so I let it do it's thing.

Here is the log.

Where it says, "Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic"

Does that mean they changed that?  I can't use Defender with my McAfee...

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/03/2013 05:54:47 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 05/03/2013 05:55:38 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)



After 35 minutes, MB has found 5 objects, which it found almost immediately...



#5 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 May 2013 - 08:28 PM

I of course had to run Rkill on my son's log-in, rather than my log in, where I was having the problems...



#6 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 May 2013 - 08:32 PM

MBAM not finished running.



#7 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 May 2013 - 08:39 PM

I switched users, back to my profile, and it said that MBAM had found and quarantined something.  Everything seemed to be okay again.  I tried to copy and paste the log, but as I suspected, the clipboard doesn't carry over from one user to another.



Edited by ramonv, 03 May 2013 - 08:42 PM.


#8 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 May 2013 - 11:12 PM

Seems to be fine now.  MBAM removed 7 items.

Thank you.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 08 May 2013 - 04:13 PM

You;re welcome!


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users