Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Centre Has Detected Spyware/adware Infection


  • Please log in to reply
4 replies to this topic

#1 thorntonman

thorntonman

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 08 May 2006 - 07:11 PM

I have a laptop running XP which I am recovering from a series of viruses. AVG detected DOWNLOADER.TIBS, DIALER.BIB, I-WORM/DELF.CL, I-WORM/DELF.EK, DOWNLOADER.GENERIC.QUS, GENERIC.SCZ. Symptoms were very much restricted internet access. I seem to have eliminated them all now through running SpyBot and running Registry CheckUp. I don't get the virus warnings in AVG now but I still have a couple of problems with Windows error/warning messages.

First problem is, on booting up I get an error message 'Windows cannot find C:\WINDOWS\inet20005\winlog.exe' followed by a warning message on the same file to either locate it or remove from registry. After passing these I get my second problem.

On the menu bar there is a RED circular X with a Windows bubble message 'Your computer is in danger. Windows Security Centre has detected spyware/adware infection'. I have run AVG and SpyBot again, both with latest updates, and they give clean runs. I have downloaded the latest Windows updates also but still get this message.

Any guidance on what I should do will be most welcome.

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:57 PM

Posted 08 May 2006 - 10:55 PM

There is no such thing in Windows XP as the Security Centre. It is called the Security Center, and it does not monitor for malware, per se, so you are getting a bogus notification.

I would recommend following the Preparation Guide to posting a High Jack This log. You may not need to actually post a log, however. If you follow the instuctions in the Preparation Guide faithfully then your computer may be cleaned. However, rarely is a computer infected with only one thing, and it is possible that some of them will not get removed using this method.

PREPARATION GUIDE


Another good tool to try is SpySweeper. You can download a trial of the program HERE. Install and update it, then boot into safe mode and run it for best results.

Then you might try Ewido.

Please download Ewido Anti Malware it is a trial version of the program.
  • Install ewido anti malware
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
If after completing all of the steps in the Preparation Guide and running Ewido you continue to have issues, post a HJT log as instructed in the Preparation Guide.

Edited by Albert Frankenstein, 08 May 2006 - 11:03 PM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 thorntonman

thorntonman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 10 May 2006 - 02:23 PM

Well thanks for the advice, I'm almost clean now!

Firstly it was my mistake with the spelling on the posting before as the error message I was getting was from Security Center (not the UK spelling I posted), anyway that it by the way as it is fixed now..

I followed the Preparation Guide religously. Ad-aware SE put 49 items in quarantine, mainly trackers but one browser hijacker.
Ran SpyBot again, it was clean.
Then ran Bit Defender which found a few more.
McAfee Labs Avert Stinger ran clean.
I could not down load from the Microsoft site. Network policy settings prevent me from using the website (error code 0x8DDD0003). I followed the steps as system administrator to disable the blockage but still no joy. So I moved on to the next stage.
I was still getting virus alerts through AVG for items I thought were cleared.
Ewido scan found 24 items to be cleared, 21 Medium risk (all Tracking cookies) and 3 High risk (Not-A-Virus.Hoax.Win32.Renos.cj, Trojan.Small and Logger.Sters) all have been removed. After rebooting the virus seems to be cleared and the 'Your Computer is in Danger Windows Security Center has detected...' warnings have stopped.

Only one related lingering error now. When the systems boots up I still get the error message 'Windows cannot find C:\WINDOWS\inet20005\winlog.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search'. When I continue passed this it immediately gives a warning message 'Could not load or run C:\WINDOWS\inet20005\winlog.exe specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.' I presume I can resolve this by updating the registry. How do I do that? Should I now be following this post up with a log file?

Not a serious problem now but would be nice to finish off with a clean system again

#4 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:10:57 PM

Posted 10 May 2006 - 02:45 PM

Here's another handy tool I've discovered via my help at the Microsoft Security Newsgroups:


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

I recommend using the Kaspersky module. Please post back here with results and further questions.
Stanford '14
B.S. Candidate | Computer Science

#5 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:57 PM

Posted 10 May 2006 - 04:45 PM

Only one related lingering error now. When the systems boots up I still get the error message 'Windows cannot find C:\WINDOWS\inet20005\winlog.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search'. When I continue passed this it immediately gives a warning message 'Could not load or run C:\WINDOWS\inet20005\winlog.exe specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.' I presume I can resolve this by updating the registry. How do I do that? Should I now be following this post up with a log file?

There are many ways to do this, but the simpliest is just to go to:

Start > Run > type "msconfig" without the quotes > Start up tab

Look for some reference to inet20005/winlog.exe. If you see it, uncheck it. Reboot. See if error message goes away.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users