Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with Windows Advanced Security Center


  • This topic is locked This topic is locked
7 replies to this topic

#1 rogue_agent

rogue_agent

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:08:00 AM

Posted 06 January 2014 - 03:17 PM

A laptop that a family member of mine uses, (Medion Akoya), is infected with Windows Advanced Security Center. As you may well know, this program blocks many things.

 

Even in Safe Mode with Networking (and other Safe Modes), this program still pops up and causes havoc. Lastly, I used my USB drive to transfer rkill (iExplore.exe) to the infected laptop's Desktop. Even if I restart in Safe Mode and try to quickly run iExplore.exe, Windows Advanced Security Center still blocks it!

 

Please help me in removing this problem and cleaning up the system overall. Thank you.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:00 PM

Posted 06 January 2014 - 04:43 PM

Hello -

(Sorry about the cricket, but we loved it over here)

 

Remove Security Center (Uninstall Guide) - Bleeping Computer
Our Online DIY removal directions start =Here <=

Please read this first and if you are unable to do the steps, we can offer further help.
 

 

Typically Windows Advanced Security Center is spread via peer to peer applications, free movie download site, software sharing program, email attachments, social networking sites and other many malicious web sites. Sometime it hacks other good website and use it bait.

 

 

Alternate Instructions for you - How to remove Windows Advanced Security Center

 

Step 1: Print out these instructions as you will need to shutdown the computer in next step.

Step 2: Now power down the Windows Advanced Security Center infected computer. And wait for 30 Seconds before you turn on

Step 3: Now please turn ON the computer and immediately keep hitting F8 until you see WINDOWS ADVANCED OPTIONS MENU

Step 4:In the WINDOWS ADVANCED OPTIONS MENU, go down to the SAFE MODE WITH NETWORKING using the arrow keys on the board. Then press ENTER on the keyboard. This will take your computer to Safe mode. Safe Mode will cause the display and desktop icons to appear changed. This is normal. No need to Panic as it is due to Windows Advanced Security Center.

Step 5: This, Windows Advanced Security Center, infection may change computer windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer. We will first need to fix this as we will need to download malware removal utilities. They are safe and very reputed in Computer Industry. Now hold down the WINDOWS key and then press the R key.

Step 6: The RUN dialog box will appear. Type iexplore.exe In the RUN dialog and click OK button.

 

This part is important to reset your internet -

Step 7: You will see Internet Explorer. On the top navigation click TOOLS then under the sub-menu of TOOLS choose INTERNET OPTIONS

Step 8: Now find the CONNECTIONS tab within the INTERNET OPTIONS dialog box and click on it. Then click the LAN SETTINGS button.

Step 9: If there is a check-mark in the box named “Use a proxy server for your LAN”, under the PROXY SERVER section, then uncheck the box. If there is not a check mark located in the box then you can skip this step and move on to next step.

Step 10: Now hit the OK button to close the LOCAL AREA NETWORK dialog box. Then press the OK button to close the INTERNET OPTIONS dialog box.

Step 11: Now we must end all the processes that belong to Windows Advanced Security Center so that it does not interfere with your ability clear your computer. Inspector-[random char].exe and Protector-[ random char].exe are the processed that needs to be stopped. To do this we need to download Rkill, developed by Bleepingcomputer to help stop the computer process of Windows Advanced Security Center. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box.

Step 12: Now type or copy / paste “iexplore.exe http://www.fixpcyourself.com/rkill.com and hit the OK button.

Step 13: Save the Rkill.exe on your desktop. Double-click the Rkill icon and run Rkill.exe. You will see a black MS DOS dialog box. Now it will kill all the processes of Windows Advanced Security Center. It will take several minute before a Notepad file containing log information on what Rkill found will open. You may review it and close notepad file

Step 14: Now you are ready to removal all the infection related to Windows Advanced Security Center. For the you need to Malwarebytes. Malwarebytes is a very popular malware and spyware removal application. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box. Type or copy / paste “iexplore.exe http://www.fixpcyourself.com/mbam.exeand hit the OK button.

Step 15: Save the mbam.exe on your desktop. Double-click the Malwarebytes icon and run mbam.exe. Now the SELECT SETUP LANGUAGE dialog box will appear. Select your preferred language and hit press OK button.

 

Follow the other Set-up instructions and try to run a Full Scan

 

If you are still not able to scan, please read on - -

Now please read MBAM Chameleon Link How to run MBAM Chameleon on an infected computer.

 

Be sure that you Delete ALL found problems, and post the log back here.

 

Any problems, please post back -

 

 

Thank You -


Edited by noknojon, 06 January 2014 - 04:49 PM.


#3 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:08:00 AM

Posted 06 January 2014 - 05:26 PM

OK, firstly, I stupidly forgot to mention that the operating system is Windows 7 Ultimate Edition - also your instructions work fine so thank you.

 

However, I have run into a problem with Step 6. When I run iexplore.exe, as I've mentioned in my original post, something is blocking the program. It reads:

 

"Firewall has blocked a program from accessing the Internet."

 

Also:

 

"iexplore.exe is suspected to have infected your PC..."

 

I suspect this is Windows Advanced Security Center that's blocking even this.

 

So I cannot proceed with the instructions :(


Edited by rogue_agent, 06 January 2014 - 05:26 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:00 PM

Posted 06 January 2014 - 08:11 PM

Hi -

A couple of options now - "Firewall has blocked a program from accessing the Internet", <= Can you Disable the firewall for now, and reinstate it later ??

 

"iexplore.exe is suspected to have infected your PC..." <= Where do you get this message, as it "may" be fake ??

 

See directions => How To Temporarily Disable Your Anti-virus, etc.

 

Also, did you try the other link - Our Online DIY removal directions start =Here <=

This is usually our first step, and the rest is added on if you have problems.

I can try a few other minor items, but I think you sound blocked ......

Do you have Malwarebytes program installed on this (sick) computer ?? This can help you -

If you are still not able to scan, please read on - -

Now please read MBAM Chameleon Link How to run MBAM Chameleon on an infected computer.

 

 

 

However, if you wish one on one instructions with the Experts, the following is our link to them

 

Please follow the instructions in THIS PREP GUIDE starting at Step #6.

 

NOTE -  If you cannot, for any reason complete a step, skip it and continue.

 

Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs area -

 

Please be patient as that area is always very busy, and you may need to wait a day or so for a reply.

 

If HELP BOT responds to your post, please follow its Step #1 so the team will be notified.

 

 

Thank You -



#5 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:08:00 AM

Posted 06 January 2014 - 08:31 PM

Yes, it was a fake message and only this fake program was blocking it. The message pops up at the bottom right-hand corner of the Desktop, where the Notifications Bar is.

 

I want to use Malwarebytes Chameleon, but I can't because I don't have the program installed. Is there any way I can install the program? I can't open y browser to download Malwarebytes because all my browsers are blocked.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:00 PM

Posted 07 January 2014 - 02:29 AM

Hi -

Attempting to find a way to download MBAM to a USB, or other method, are not looking good.

It is known that you will have many troubles transferring from a working system to a sick system.

There are other specialist tools that do work, but they are not for here.

 

Alas,the diagnostic and repair tools that are needed for a computer that will not access any internet, are not allowed in this forum area.

 

Once we find the computer is not able to be fixed simply, we must refer it to the Experts area.

 

My best solution (at this time) is the last half of Post #4

 

Thank You -



#7 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:08:00 AM

Posted 07 January 2014 - 10:24 AM

I understand. Thanks for your advice! I will refer this to the Experts Area.



#8 rotor123

rotor123

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:02:00 AM

Posted 07 January 2014 - 11:41 AM

There is now a topic in the malware logs forum here

So I am closing this one to prevent confusion.

 

Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient

 

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.
 
If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.
 
To avoid confusion the topic is closed.

 

Good Luck with Your problem.

Roger
 


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users