Spyware, viruses, & security : Windows Security Center - Fake Pop-ups
Windows Security Center - Fake Pop-ups
by ducky1016 - 4/7/08 9:37 AMMy computer has had these fake security pop-ups coming up. By the clock, there are two separate red circles with a white X in them. One is blinking and the other is solid. Little yellow balloons pop up from them every so often explaining that I have a secuity Alert and I need to download some software. Also, there are 3 icons on my desktop for 3 different Spyware things that if I delete them, they come back after restart. Last, but not least, if I open Internet Explorer, a different hompage comes up. Doesn't matter if I change it in the Options menu, it changes right back everytime and if I type in google and search it for something it will bring up my results but if I click on anything to look at one of the webpages, I get redirected to some other website that I've never heard of. Some error cleaner type thing. I bought the rend micro software in hopes that tha would work and it's still there. Please help. I am using XP on my Dell Inspiron 6000, nothing special about it. I don't know much about what to look for in tems of viruses and what not.
I would give this a try......
by Marianna Schmudlach
- 4/7/08 9:56 AM
In reply to: Windows Security Center - Fake Pop-ups by ducky1016
Download SmitfraudFix from here:
http://siri.geekstogo.com/SmitfraudFix.php
Pls. print out and follow the instructions!
Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!
If using Windows Vista be sure to Run As Administrator
If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.
Next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
NoteNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
THANK YOU!!!!
by icy_cold - 5/1/08 4:40 PM In reply to: I would give this a try...... by Marianna Schmudlach
Dear
Marianna Schmudlach
THANK YOU SOOOO MUCH, I never sign up to fourms really but these instructions were that great i just want to thank you.
I thought i was doomed and going to have to restore my pc and lose everything but all is fine so i just want to say thank you as i could not even use the internet as it keeped locking up and the spaming of all the ads was horrible so thank you soo much
Best Regards
(NT) You Are Very Welcome and THANKS for posting :)
by Marianna Schmudlach - 5/1/08 6:16 PM
In reply to: THANK YOU!!!! by icy_cold
Still Stumped!
by Chip C - 5/7/08 5:44 PM In reply to: (NT) You Are Very Welcome and THANKS for posting :) by Marianna Schmudlach
My In-laws have seemingly dozens of infections. They have McAfee running and I added Malaware Anti-Malware and Spy Hunter and PC Tools but they still keep getting these damn things. (I don't know what they do...) The latest is a window that looks like Windows Security Center. I tried the above steps, but it tries to stop the scan by giving me a warnign that a "buggy program" is running. When I click that away it runs for a short time longer, then re-boots. The scans never finish. I was able to go into regedit and re-enable task manager, but none of the listed processes are running. I also used msconfig to terminate most of the programs that run on startup. Any more suggestions? Thanks!
hmmm..... did you run.......
by Marianna Schmudlach - 5/7/08 6:11 PM
In reply to: Still Stumped! by Chip C
SmitfraudFix first???
What you also could do is, download HJT, run a scan and post it on ONE of the HJT forums.
HOW to post your HJT log on ONE of the HJT forums
http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2639147#2639147
Tried that-
by Chip C - 5/8/08 10:21 AM In reply to: hmmm..... did you run....... by Marianna Schmudlach
I did dl HJT and ran scan. I can't get the txt file from their computer to mine to upload it. I read the posts explaining how to use combofix, but can not find where to download it. I get messages saying it was withdrawn due to a security problem.
I did get to a certain point- I tried using task manager to end processes to see which one eliminated the security center icon from the task bar. At one point I got a box saying the system would be shut down due to a security violation, authority: NT Adminstrater.
The scans I run get a message: System unstable: "Windows has been shut down buggy program to prevent.." Real good English. Then I get the same System shutdown box above. It all happens too fast to get a good read on it.
I'll try to get the HJT Log file posted soon. Thanks for any suggestions.
smitfraudfix not working
by ducky1016 - 5/8/08 12:08 PM In reply to: I would give this a try...... by Marianna Schmudlach
I downloaded the smitfraudfix and it wont work. i tried to save it to (c:\) as well. When I open the program, it open the black screen and then turns to red and says the reboot file is missing. I also tried to download the hijackthis program and it won't even open. I deleted smitfraudfix, not sure if it has an uninstall... couldn't find one. What do I do now? Thank you for your help.... sorry for the aggrevation!
Did you try HJT in safemode?
by Marianna Schmudlach - 5/8/08 12:47 PM
In reply to: smitfraudfix not working by ducky1016
Tried Safemode
by ducky1016 - 5/9/08 9:51 AM In reply to: Did you try HJT in safemode? by Marianna Schmudlach
It says the following messages for Smitfraudfix:
Reboot.exe file missing
or
Dumphive.exe file missing
HJT doesn't even open. I doubleclick on the icon and it doesn't do anything.
I must be retarded or something....
I may be doing it wrong.... when I download Smit... it brings up 2 things: a folder filled with a bunch of things and an icon for the program. I always click on the icon and try to open but it gives me those error messages on a red screen?? Is there something I'm doing wrong?
Give this a try......
by Marianna Schmudlach - 5/9/08 10:32 AM
In reply to: Tried Safemode by ducky1016
1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
How to extract (decompress) zipped or compressed files
»www.lvsonline.com/compresstut/index.shtml
Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda, AVG) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Does that work?
Rogue Remover
by emperordarius - 5/9/08 11:33 AM In reply to: Give this a try...... by Marianna Schmudlach
Try Malware Bytes Rogue Remover. Can be found at www.malwarebytes.org
It worked!!!
by ducky1016 - 5/9/08 1:00 PM In reply to: Give this a try...... by Marianna Schmudlach
I was able to do it that way! I also ran the Malwarebytes you said to run in the first post... it's done and it cleaned it all out. Everytime I start my computer though, three error messages come up. All of them are the same except they are for different programs:
The following error occurred and had to shut down....
Fax Man Server
Persistent Module
Device Monitor
Is that due to this as well? Is there any way to fix that problem?
Also, I was able to access the internet through work and hook my laptop up to the DSL, but at home I can't get it to work with my cable connection? It doesn't detect it or something... I don't really know what to do about that.
Thank you for the help with Smitfraud and Malware bytes... the 3 icons are gone and it no longer redirects me to any other sites. I can't tell you how much you have helped me... My summer semester with school starts on Monday so you have been a life saver!!
Super :)..... GREAT Job :)
by Marianna Schmudlach - 5/9/08 1:24 PM
In reply to: It worked!!! by ducky1016
The following error occurred and had to shut down....
Fax Man Server
Persistent Module
Device Monitor
Do you know to WHICH programs they belong?
Can you SEE them at Startup?
Maybe you have a look here:
HOW CAN I IDENTIFY THESE PROGRAMS?
http://www.pacs-portal.co.uk/startup_content.php
Glad to see YOU solved the problem :)Great job !
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
