Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anyone Know About This


  • Please log in to reply
15 replies to this topic

#1 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 26 September 2006 - 10:54 PM

There is an icon on my desktop named "security troubleshooting." I did not save it there. Properties reveals the url ... ht**tp://testonsecurity.com/ (** to make the link inactive)
Clicking the icon makes references to cleaning the PC with such appps as WinAntiVirus,AntivirusGolden,virusBurst and other known threats.
An HighjackThis scan shows no references to these in the 04 sections


http://i20.photobucket.com/albums/b203/sas.../Whatisthis.jpg
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:24 PM

Posted 26 September 2006 - 11:44 PM

McAfee Site Advisor gives it the red X. Here is a link to their report:

Site Advisor Report on testonesecurity

Here are a couple of threads about the site:

From CastleCops:

Rogue Software

From PC Magazine discussion:

Infection caused by testonsecurity

Hope this helps,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,135 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 PM

Posted 27 September 2006 - 07:21 AM

The image you included shows it is promoting WinAntiVirus, AntivirusGolden and SpyHeal. Those apps are all well known rogues.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 boopme

boopme

    To Insanity and Beyond

  • Topic Starter

  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 27 September 2006 - 10:26 AM

Thanks OB and Q7...
It does get passed AVG and Ewido. I'll try superantispyware and see what happens.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 27 September 2006 - 11:01 AM

I am more concerned as to why its on your desktop in the first place. Are you infected with anything as far as you can tell?

#6 boopme

boopme

    To Insanity and Beyond

  • Topic Starter

  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 27 September 2006 - 01:07 PM

That was my concern also. How did it install and save to desktop. I only noticed it as it appears as an unfinished Icon with shortcut arrow. ( 2nd item down,below recycle). I did not goe to any of these sites nor install any of the Rogue apps. When I right click on it it fails to bring up the option to scan with Ewido or comodo AV. I've run Superantispywrae and it found all these after running Ewido and ONeCAre which only found some cookie trackers. These (SAS) pics are the result of the scan. Plus one pic (the last) of the 3rd page when opening the icon. Should I post a HJT log or just copy/paste here to look at..

http://i20.photobucket.com/albums/b203/sas...tisthisSAS2.jpg

http://i20.photobucket.com/albums/b203/sas...tisthisSAS1.jpg

http://i20.photobucket.com/albums/b203/sas...atisthispg3.jpg

Thanks

Edited by boopme, 27 September 2006 - 01:08 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 boopme

boopme

    To Insanity and Beyond

  • Topic Starter

  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 27 September 2006 - 06:53 PM

The Superantispyware removed all. Still I don't understand what put it on the desktop
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,135 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 PM

Posted 28 September 2006 - 06:36 AM

Does anyone else have access to your computer? Have you looked at your Internet History lately? May be a clue in there.

Sophos says Online Security Guide and Security Troubleshooting are related to Troj/Zlob-QK and Troj/Zlobns-J which are installers for a video codec. Look at the Advanced tab, for files, registry entries and possible entries in Add/Remove.

smitRem logs show these related files:

~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url

~~~ Favorites ~~~
Antivirus Test Online.url

~~~ system32 folder ~~~
wbeconm.dll
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp

~~~ Icons in System32 ~~~
ts.ico
ot.ico

SmitfraudFix logs shows similar files. I'm not sure I would place complete trust in Superantispyware removing everything without doing more investigating.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 28 September 2006 - 10:34 AM

Also your add/remove programs will probably have a program listed with something like Media Codec (or something else codec) or Password Manager.

#10 boopme

boopme

    To Insanity and Beyond

  • Topic Starter

  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 28 September 2006 - 12:32 PM

Hello .. thanks again
Yes my kids sometimes access this PC. I will discuss this with them after school today. The History's been cleared hmmm..
From Q7 .. only the shortcut icon (troubleshooting, as in the pic above) existed from the lists you've provided.
Don't know if they were there earlier,before the scan amd fix.

In ADD/Remove I find a codec, I don't know what it is. Will attach pic and the link is http://www.illiminable.com/ogg/

http://i20.photobucket.com/albums/b203/sas...Whatisthis1.jpg
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 28 September 2006 - 03:07 PM

That codec may be legit.

#12 boopme

boopme

    To Insanity and Beyond

  • Topic Starter

  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 28 September 2006 - 08:50 PM

OK the kids' friend wanted to show them something. Well fortunately my son knew better and stopped him when he went to install something. yady yadda. They've been corrected.
Back to this . The scan did find and as far as I know removed the files in the post above. I'm doing a rescan with Super and Ewido. Anything else I should run. The only pop up I see now and only once in a while, like once today was Fastclick.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,135 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 PM

Posted 29 September 2006 - 04:45 AM

You could run option #1 in smitfraudfix and look at rapport.txt to see if it shows if there are any more infected files present.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 boopme

boopme

    To Insanity and Beyond

  • Topic Starter

  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 29 September 2006 - 09:23 PM

Thanks again. I ran and it got these results

SmitFraudFix v2.102

Scan done at 17:52:23.43, Fri 09/29/2006
Run from C:\Documents and Settings\Peter\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

All appears to be fine now. Only one question tho. As I rebooted a message came up saying my home page has been changed from OPtonline to MSN ... click allow or refuse change. Well I clicked refuse as I've never had or seen MSN as my home page. It rebooted and my usual home page was there. Seemed an odd messqge.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 01 October 2006 - 10:36 PM

Looks like you got it...you may have teatimer (spybot) or another registry watcher that denied the change. I believe smitfraudfix may put your start page back to the IE default which is what msn is.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users