Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows security center" fake popup malware


  • Please log in to reply
27 replies to this topic

#1 shelliebear

shelliebear

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 05:32 PM

Need help; my sister referred me here.

Today the internet worked fine until approximately 3:15pm at which time whilst someone else in my house was on the computer a popup came up for "Windows Security Center". It claimed it had found several malicious files, and seemed legit, but what immediately told me it was a virus or malware was that it blocked EVERYTHING on the computer that could disable it--task manager, internet explorer, etc. We could not alter the settings of the program and it did not appear to be installed in "Add or remove programs" under Control Panel.

I've tried a few times unsuccessfully upon rebooting the computer to get into the area that allows for system restore. So we tried logging on to another account on the computer and voila, internet works, program is not here, but we know this account has a different sort of virus somewhere, or did.

How do I remove this nasty thing from the other account? I'm currently installing Kaspersky virus removal in the hopes that this will work, but could anyone guide me through how to work it? Or if there's a better way, how to do that? I'm desperate to remove this.

It's the same virus found here:

http://www.malwarehelp.org/fake-windows-security-center-analysis-and-removal-2009.html

 

Thanks for any help in advance!

Shellie



BC AdBot (Login to Remove)

 


#2 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 05:37 PM

So far Kaspersky's virus scanner is not picking this bad boy up, but I read that only 6 anti virus programs even recognize it. :(



#3 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 05:40 PM

Now it says it found:

"c:\Documents and Settings\Lars\Local Settings\Application Data\AC3Filter\msppzbpf.dll"

HEUR:Trojan.win32.generic

Should I restart and disinfect?



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:41 AM

Posted 05 July 2013 - 05:45 PM

Hello -

 

:step1: Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

 

:step2: Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

:step3: Download Malwarebytes Anti-Malware Free (aka MBAM) to desktop and install it
Always check for updates if not done during the install
Run a Quick Scan only and remove all items found
Copy / Paste the report it generates back here

Reboot after you post the log -

 

 

:step4: Download SUPERAntiSpyware Free (aka SAS) and install it to desktop
Always check for updates if not done during the install
Select Quick Scan only and remove all items found
Copy / Paste the report it generates back here

Reboot after you post the log -

 

Thank You -



#5 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 05:51 PM

Step 1 is here as follows, but will it pick it up on the other account on the computer, since I'm on a different one?

" Results of screen317's Security Check version 0.99.68 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360 Premier Edition  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 30 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 

"

On to step 2



#6 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 06:00 PM

Step 2 is as follows:

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Brainstorm Rehab (administrator) on 05-07-2013 at 15:57:59
Running from "C:\Documents and Settings\Brainstorm Rehab\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com

There are 10901 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet  = Local Area Connection 2 (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : lars-15bbbbc437

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection 2:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet

        Physical Address. . . . . . . . . : 00-22-15-1A-C1-BE

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 68.118.47.79

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 68.118.47.1

        DHCP Server . . . . . . . . . . . : 68.114.39.242

        DNS Servers . . . . . . . . . . . : 68.116.46.115

                                            24.205.192.61

                                            24.205.224.36

        Lease Obtained. . . . . . . . . . : Friday, July 05, 2013 3:19:45 PM

        Lease Expires . . . . . . . . . . : Friday, July 05, 2013 8:32:44 PM

Server:  vip01mdfdor.mdfd.or.charter.com
Address:  68.116.46.115

Name:    google.com
Addresses:  173.194.33.41, 173.194.33.37, 173.194.33.38, 173.194.33.32
   173.194.33.36, 173.194.33.46, 173.194.33.34, 173.194.33.35, 173.194.33.33
   173.194.33.39, 173.194.33.40

 

Pinging google.com [173.194.33.35] with 32 bytes of data:

 

Reply from 173.194.33.35: bytes=32 time=27ms TTL=50

Reply from 173.194.33.35: bytes=32 time=28ms TTL=50

 

Ping statistics for 173.194.33.35:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 27ms, Maximum = 28ms, Average = 27ms

Server:  vip01mdfdor.mdfd.or.charter.com
Address:  68.116.46.115

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=82ms TTL=43

Reply from 98.138.253.109: bytes=32 time=81ms TTL=43

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 81ms, Maximum = 82ms, Average = 81ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 22 15 1a c1 be ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      68.118.47.1    68.118.47.79   10
      68.118.47.0    255.255.255.0     68.118.47.79    68.118.47.79   10
     68.118.47.79  255.255.255.255        127.0.0.1       127.0.0.1   10
   68.255.255.255  255.255.255.255     68.118.47.79    68.118.47.79   10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      169.254.0.0      255.255.0.0     68.118.47.79    68.118.47.79   20
        224.0.0.0        240.0.0.0     68.118.47.79    68.118.47.79   10
  255.255.255.255  255.255.255.255     68.118.47.79    68.118.47.79   1
Default Gateway:       68.118.47.1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/05/2013 03:56:23 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (07/05/2013 03:56:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2013 03:47:41 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (07/05/2013 03:47:26 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2013 03:47:09 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (07/05/2013 03:47:04 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2013 03:45:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2013 03:45:15 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2013 03:45:13 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2013 03:45:13 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (07/05/2013 03:19:58 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/05/2013 03:15:38 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/05/2013 02:46:12 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/05/2013 01:05:13 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/05/2013 00:02:59 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/05/2013 03:20:03 AM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/05/2013 02:21:48 AM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/04/2013 08:40:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (07/04/2013 08:39:31 AM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/02/2013 07:28:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================
Error: (07/05/2013 03:56:23 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (07/05/2013 03:56:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/05/2013 03:47:41 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (07/05/2013 03:47:26 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/05/2013 03:47:09 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (07/05/2013 03:47:04 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/05/2013 03:45:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/05/2013 03:45:15 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/05/2013 03:45:13 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/05/2013 03:45:13 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

=========================== Installed Programs ============================

3DVIA player 5.0 (Version: 5.0.0.12)
7-Zip 4.65
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Media Player (Version: 1.6)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Shockwave Player 11.5 (Version: 11.5)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar Updater (Version: 1.2.0.20007)
BetterLinks v1.7.6.28 (remove only) (Version: 1.7.6.28)
Bing Bar (Version: 7.0.822.0)
Bonjour (Version: 3.0.0.10)
Critical Update for Windows Media Player 11 (KB959772)
Foxit Reader (Version: 5.4.2.901)
GamesBar 2.0.1.82 (Version: 2.0.1.82)
Glary Utilities 2.56.0.1822 (Version: 2.56.0.1822)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
ieSpell (Version: 2.6.4 (build 573))
InstallMgr (Version: 1.0.39.0)
InterActual Player
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Player Codec Pack 3.9.0
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 1.1.53.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mplayer 0.6.9 (Version: 0.6.9)
MSN
MSN Toolbar (Version: 1.0.39.0)
Netflix Movie Viewer (Version: 1.2.211)
NVIDIA Drivers (Version: 1.10)
NVIDIA nView Desktop Manager (Version: 6.14.10.00)
OpenOffice.org 3.1 (Version: 3.1.9420)
PC Tools Registry Mechanic 11.0 (Version: 11.0)
PlayPickle Toolbar (Version: 2.4.0)
Pogo Games (remove only)
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Shop To Win (Version: 1.1.0.0)
The KMPlayer (remove only)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Driver
Veetle TV (Version: 0.9.18)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 3582.41 MB
Available physical RAM: 2769.48 MB
Total Pagefile: 7509.81 MB
Available Pagefile: 6924.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.52 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:379.45 GB) NTFS

========================= Users: ========================================

User accounts for \\LARS-15BBBBC437

Administrator            ASPNET                   Brainstorm Rehab        
Guest                    HelpAssistant            Lars                    
SUPPORT_388945a0        

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



#7 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 06:05 PM

Tried to update Malwarebytes, got this message:

Program_Error_Updating (0, 0, I/O error)

So I cannot update the version :/



#8 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 06:12 PM

Am having great difficulty running anything on computer, CPU usage keeps jumping to 100% and nothing will work, including interrnet and MBAM.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:41 AM

Posted 05 July 2013 - 06:17 PM

Can you run the installed MBAM Version -

The infection is causing this -



#10 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 06:32 PM

Yes, I ran the installed MBAM with great difficulty, internet explorer stopped working multiple times, and then kept closing itself every time I opened it. Had to restart. Here is log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Brainstorm Rehab :: LARS-15BBBBC437 [administrator]

7/5/2013 4:05:55 PM
mbam-log-2013-07-05 (16-05-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245073
Time elapsed: 18 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46139C86-83B3-45F2-9CCD-ED76765E2B87} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46139C86-83B3-45F2-9CCD-ED76765E2B87} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{732C6853-DB5B-44B6-AF0F-3874727E9C5F} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{732C6853-DB5B-44B6-AF0F-3874727E9C5F} (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Lars\firefox.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lars\rundll32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)



#11 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 06:35 PM

SAS cannot update itself either. It is being blocked from internet access. So I am simply running it as is without updates.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:41 AM

Posted 05 July 2013 - 06:41 PM

Has there been any change since the MBAM scan ?

This deleted many infections - Please Reboot your computer and try again.

 

More ideas after you post back -

 

Thanks -



#13 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 06:45 PM

No changes. Computer is still running extremely slow, CPU usage continues to spike randomly from 9% to 100%, IE keeps crashing, MBAM and SAS cannot update themselves.



 SAS has found 184 threats thus far. I am waiting for it to complete the scan before restarting, but then I will reboot and let you know of any changes.



 How "bad" or dangerous were the infections deleted thus far?



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:41 AM

Posted 05 July 2013 - 07:03 PM

 How "bad" or dangerous were the infections deleted thus far? << Some were parts of the infection, plus a few extras.

 

Just FYI http://www.bleepingcomputer.com/virus-removal/remove-xp-security-cleaner-pro
The above link shows one version of  Windows security center, but there are Many similar ones.

Do Not click on anything to do with the infection while it is on your system

 

Press these keys to open Windows Task Manager and see what is using the most processes

Go > Control (Ctrl) + Shift + Escape (Esc) at the same time to bring up The Task Manager window.

Tell me what is using the Most, or Moving the most in the list - Do Not click to remove yet .....

 

 

http://www.bleepingcomputer.com/virus-removal/remove-xp-security-cleaner-pro
The above link shows one version of  Windows security center, but there are Many similar ones.

Do Not click on anything to do with the infection while it is on your system

I need you to install this in Safe Mode as per instructions (if you can)
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them.
NOTE : You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
 

 

Thanks -



#15 shelliebear

shelliebear
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 July 2013 - 07:09 PM

"System Idle Process" is using the most CPU at anywhere from 60% to 75% at any given time. Will install rKill now. SAS is still running though~~






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users