Over 1 million tech questions and answers.

Trying to recover from rootkit , Security Suite and Fake Microsoft Security Essentials

Q: Trying to recover from rootkit , Security Suite and Fake Microsoft Security Essentials

Following on from http://www.bleepingcomputer.com/forums/ind...p;#entry1928024. C:\Windows\Temp\reoD7D.tmp (Rootkit.Dropper) shown by MBAM, along with some trojan results. I think the trojans have gone after telling MBAM to remove them, but apparently the rootkit is still there.GMER crashed a few times and caused some blue screens, managed to get it to finish eventually but only in safe mode.Thanks for any help.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Andy at 22:00:20.77 on 15/09/2010Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_06Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.2046.1357 [GMT 1:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\Explorer.EXEC:\Windows\helppane.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\Taskmgr.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeG:\guide\dds.scrC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070924uWindow Title = Internet Explorer provided by DelluDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070924uInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:6092BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllBHO: UltraEdit Toolbar: {4e7bd74f-2b8d-469e-85aa-fd60bb9aae22} - c:\progra~1\ue_too~1\UE_TOO~1.DLLBHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllBHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\6.0.472.51\npchrome_frame.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dllTB: UltraEdit Toolbar: {4e7bd74f-2b8d-469e-85aa-fd60bb9aae22} - c:\progra~1\ue_too~1\UE_TOO~1.DLLTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileEB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dlluRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenteruRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupuRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /suRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exemRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hidemRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exemRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"mRun: [SigmatelSysTrayApp] sttray.exemRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [ECenter] c:\dell\e-center\EULALauncher.exemRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONEmRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKeymRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStartmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,StartmRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.inimRun: [MSConfig] "c:\windows\system32\msconfig.exe" /automRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbamNAMECHANGED.exe" /runcleanupscriptmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dllIE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cabDPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabFilter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dllHandler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\6.0.472.51\npchrome_frame.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL================= FIREFOX ===================FF - ProfilePath - c:\users\andy\appdata\roaming\mozilla\firefox\profiles\upgjhk62.default\FF - prefs.js: network.proxy.type - 2FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dllFF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\qfaservices.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=customc:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscoveryc:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");============= SERVICES / DRIVERS ===============R1 SftpDrive;SftpDrive;c:\windows\system32\drivers\SftpDrive.sys [2007-9-21 293832]R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-30 27632]S1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-22 133104]S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-10-3 104000]S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2007-2-22 144960]S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2007-2-22 54872]S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-12-30 90112]S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-24 29744]S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-10-3 72264]S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-10-3 34152]S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-10-3 170408]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-12-30 89256]S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-12-30 15016]S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-12-30 120744]S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-12-30 114216]S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-12-30 25512]S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-12-30 110632]S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-12-30 115752]S3 USBBLSTR;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2008-10-21 53184]=============== Created Last 30 ================2010-09-13 20:00:59 0 d-----w- c:\users\andy\appdata\roaming\SUPERAntiSpyware.com2010-09-13 20:00:59 0 d-----w- c:\programdata\SUPERAntiSpyware.com2010-09-13 20:00:50 0 d-----w- c:\program files\SUPERAntiSpyware2010-09-12 22:35:35 27240 ----a-w- c:\users\andy\appdata\roaming\nvModes.dat2010-09-11 15:56:40 0 d--h--w- c:\windows\PIF2010-09-07 20:21:41 320000 ----a-w- c:\windows\system32\cmd - Copy.pif==================== Find3M ====================2010-09-09 21:47:19 16028 ----a-w- c:\users\andy\a.exe2010-09-07 16:16:12 244944 ----a-w- c:\users\andy\nvModes.dat2010-07-27 21:05:21 86016 ----a-w- c:\windows\inf\infstor.dat2010-07-27 21:05:21 51200 ----a-w- c:\windows\inf\infpub.dat2010-07-27 21:05:20 143360 ----a-w- c:\windows\inf\infstrng.dat2009-02-22 11:28:46 665600 ----a-w- c:\windows\inf\drvindex.dat2008-12-12 14:37:30 174 --sha-w- c:\program files\desktop.ini2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2007-09-24 13:18:26 76 --sh--r- c:\windows\CT4CET.bin2007-09-24 20:50:56 8192 --sha-w- c:\windows\users\default\NTUSER.DAT============= FINISH: 22:00:40.15 ===============

RELEVANCY SCORE 200
Preferred Solution: Trying to recover from rootkit , Security Suite and Fake Microsoft Security Essentials

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trying to recover from rootkit , Security Suite and Fake Microsoft Security Essentials

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

Read other 2 answers
RELEVANCY SCORE 109.2

I have read about that someone got taken into by a fake MSE.

Is there any tell-tale sign to spot a fake one ?

Clarification :
I mean what is the tell-tale sign to spot a fake one BEFORE on gets suckered into installing it.
I know how to remove it after the fact.

A:fake Microsoft Security Essentials, MSE ?

AFAIK, it first mildly infects you and send fake warning messages that you have been infected and need to do a download or run a scan to fix the problem. The download/scan is what really infects you thoroughly. So if you get infection messages that include an option to scan or download anything and don't have MSE, that's a BIG warning sign right there. If you get the messages and do have MSE, you need to open MSE to update it and run a full MSE scan (and MBAM as well) to check your system and NOT download/scan anything suggested by or using the option provided by the message. Real MSE alerts (or others AFAIK) don't include a scan option in the message itself. Here's an article on how it all starts: Microsoft Security Essentials Alert Malware Removal Report.

As far as downloading a fake MSE product, you can avoid that by downloading it directly from the Microsoft site rather than from some third-party vendor site. Then you'll be sure you're getting the real McCoy.

I hope this helps.

Good luck!

Read other 5 answers
RELEVANCY SCORE 109.2

My Windows XP computer has the Fake Microsoft Security Essentials Virus and whenever I try to open anything like Internet Explorer or System Restore it comes up with an alert warning me of a trojan. I went to my laptop and searched for how to get rid of it and found bleepingcomputer's guide. I followed the guide instructions, downloaded rkill and Malwarebytes' and ran each of them as I was told. On the first try Malwarebytes' said it didn't detect a problem so I went to Safe Mode and tried again from the very beginning, still it says that there's nothing wrong but the virus is still there.

I don't know if this is because I can't update Malwarebytes', the virus prevents any and all Internet access from that particular computer, or for some other reason. I'm also not sure if rkill ran properly, but the virus didn't try to shut Malwarebytes' out so I'm pretty sure it did.

What can I do now to try and remove the virus?

A:Fake Microsoft Security Essentials

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 109.2

I re-posted this with a more exact title.

Win XP home, Del inspiron B130 laptop. Appeared to be infected with malware.
It displayed the symptoms listed in your fake Microsoft Security Essentials section. I ran Superantispyware and removed all the entries, I thought, Trojan fake, etc..
Now the computer will boot to the windows welcome screen both in safe-mode and normal. It will not open any user
accounts.
I changed the boot order, and tried to run from the Del recovery CD and a Win XP home CD. The Del recovery disk did
not work, run. With the Win XP Home CD, the computer will boot to the windows welcome screen, both in safe-mode and normal. It will not open any user accounts. It will not allow me to fix or change anything.
Also, the boot option to safe mode with the command prompt does not work.
I want to reinstall the operating system.
Thanks,
Stan

A:Fake Microsoft Security Essentials

Hi Stan, and sorry for the delay.

At this point, do you still want to recover any data from your system, or do you just want to reformat straight away?

Read other 1 answers
RELEVANCY SCORE 109.2

I love your directions for removal of this "stuff" as it has always worked for me before. This one has me stumped.

When I boot into safe mode and try to launch "rkill", the "warning" screen immediately pops up and the whole computer reboots. It also does this when I try to open my browser.

I'm stuck and can't get past this...can someone please help?

A:Fake Microsoft Security Essentials

ok, I figured it out - using one of the renamed rkill files let it work finally and I got it cleared off my computer. Just don't know how to "un-post" this question now.

Read other 1 answers
RELEVANCY SCORE 109.2

Every time I try to close it, it just comes back immediately.The directions include ending the processes antispy.exe, defender.exe, or tmp.exe, but task manager refuses to appear, along with any other programs.The directions also include deleting %UserProfile%\Application Data\PAV\, %UserProfile%\Application Data\antispy.exe, %UserProfile%\Application Data\defender.exe, or %UserProfile%\Application Data\tmp.exe, but I cannot find any of them.Any suggestions?Thanks,Goomba.

A:Fake Microsoft Security Essentials

Try Automated Removal Instructions http://www.bleepingcomputer.com/virus-remo...ssentials-alertPlease report back with exact information on any problems

Read other 2 answers
RELEVANCY SCORE 109.2

Ok so i had the fake microsoft security essentials alert on my computer and followed the guide on bleepingcomputer.com to remove it http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert

I followed all the steps and it seemed to work. but now i cannot access my D: or E: drives, it gives me the error "E:\ Access denied" this is a huge problem and i dont know what to do, please help

A:Fake Microsoft Security Essentials

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 109.2

Hello all, I would really appreciate some help, as I've tried everything (in my knowledge base) to get rid of this fake trojan. Over the weekend, I tried a number of Rkill options to stop the process, but none of them worked. I already had malwarebytes on my computer from another fake virus and have tried to run that, I've tried to restore to an earlier date. I have followed a number of options and directions that people have posted on here, but I am to the point now when I turn on my computer I am getting a blue screen with the stop error message. I have no idea what to do... PLEASE help me! Any advice would be greatly appreciated.

A:FAKE Microsoft Security Essentials - PLEASE HELP

Hello ,Sorry for the delay. If you still need help, please let me know. Thanks,tea

Read other 2 answers
RELEVANCY SCORE 108

For the past day my computer has recently been redirected to ad pages when searching on google.com. Now When I try to open Firefox or Internet Explorer I get a pop up that appears to be Microsoft security essentials. But MS logo looks suspicious. So I just shut off my computer and looked for solutions using another computer. I ran the scans in safe mode and they are posted below. Thanks in advance for any help.

=================dds.txt:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Esther at 23:26:44.07 on Wed 08/25/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.2037.1634 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Users\Esther\Desktop\dds.scr
C:\Windows\system32\... Read more

A:fake microsoft security essentials removal

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please download Rootkit Unhooker and save it on your desktop.Disable your security programs
Double click RKUnhookerLE.exe to run it
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it:"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"Please include the following in your next post:Rootkit Unhooker log

Read other 13 answers
RELEVANCY SCORE 108

Hi,
Recently I have gotten a message from what appears to be Microsoft Security Essentials Alert telling me that I have a trojan virus (picture in an attachment). But I don't have Microsoft Essential installed on my laptop.

I couldn't download the Gmer Rootkit Scanner because when I clicked on the first link it said the file could not be found and on the second link it said it could not be saved because of an unknown error.

I don't have access to a Windows Install disc or a Boot CD.

Any help is much appreciated.


DDS

DDS (Ver_10-03-17.01) - NTFSX64
Run by Others at 5:26:09.40 on 23/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.4056.2634 [GMT 1:00]


============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\De... Read more

A:Fake Microsoft Security Essentials Alert

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Read other 7 answers
RELEVANCY SCORE 108

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 11:38:42.93 on Fri 02/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.520 [GMT -8:00]

AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft... Read more

A:Infected with Fake Microsoft Security Essentials

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes m... Read more

Read other 14 answers
RELEVANCY SCORE 108

I'm sure I posted on this forum yesterday and attached a screenshot, but can find no record of it, and have received no notifications of a reply. Am I on the wrong forum so that an administrator deleted it? I selected the "Enable email notification of replies" option. Do I have to do anything else to see replies?

Out of the blue IE9 displayed a message supposedly from Microsoft Security Essentials saying that I had three viruses. It looked fake sd I didn't click the link that would supposedly download a virus cleaner. I googled the symptoms and it appears that others have seen the same message. I can't find anything on bleepingcomputer forums to match though.

I have a screenshot and can provide further details.

Thanks very much, Gary

A:Microsoft Security Essentials Alert fake?

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 1 answers
RELEVANCY SCORE 108

So I am having trouble getting rid of the Microsoft Security Essentials Alert. It won't let me do a lot of things on my pc, I can't use IE or Firefox so I can't download anything to get rid of it. I used the the spyware guide from this website: http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert

However, it didn't help. I tried using Rkill but it wont let it run on my PC, presumably because the virus wont let it open. I am able to use MBAM and have used it twice. However, nothing seems to change, I still get the Microsoft Security Warning thing and I still cant use the Internet. Even when I try to use Rkill in Safe mode it wont let me. I even changed the name of Rkill, still nothing.

Can someone please help me out?

Thanks in advance

A:Fake Microsoft Security Essentials Threat-Can't Fix it

This problem has gotten horrifically worse.

I reboot my PC and it turns on but shows s blank screen now

It boots up unttil right before the windows xp loading screen..then just goes blank, while the PC is runnin

I really need some help..please

thanks

Read other 1 answers
RELEVANCY SCORE 108

I have a window that says Microsoft security essentials alert. I cannot open internet explorer. I have run MalwareBytes twice to no avail. I downloaded DDS and GMER on another PC and transferred to my infected laptop using USB stick. I tried to run rkill, but it won't stay open. Neither will the 2 aliases I downloaded from this sight. Also I cannot open task manager. I was able to run GMER, but DDS would close immediately. GMER took 2 hours to complete. When I put the file name in and clicked save, it said "save not responding" then the GMER window disappeared. I was able to run defogger . Also the option to enable my Windows firewall has been "grayed out". I am hoping therte is something I can do to get this laptop recovered enough to run these logs for you. Thanks in advance.I was finally able to get the window to close by running Mcafee on access scan, but I'm pretty sure I still have problems lurking. I still cannot get GMER to finish noDDS (Ver_10-03-17.01) - NTFSx86 Run by TolbeLy at 18:24:13.75 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.553 [GMT -4:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -... Read more

A:Fake Microsoft Security Essentials Alert

Hello lynnt1958Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Cli... Read more

Read other 12 answers
RELEVANCY SCORE 108

Just had the fake Microsoft Security Essentials Alert pop up on my "other" laptop... windows vista. When I clicked CLOSE, it didnt close but closed all internet. Now I click on internet explorer and the only thing that comes up is the fake Micro. sec. alert pop up. Cant get online to download the program as bleeping computer tells me to, to get rid of this virus.... please help!! <3

A:fake Microsoft Security Essentials Alert

Hello and welcome. First disable Spybot for all these.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after run... Read more

Read other 1 answers
RELEVANCY SCORE 108

I'm running windows vista home premium on a Toshiba Satellite laptop. Always kept all anti-virus software, etc up to date, and did scans regularly.
The problem with this "microsoft security essentials" fake is that Mbam found two items the first scan through then said it needed to reboot to remove the items. The problem was when it was rebooted, the virus enabled itself FIRST, preventing all of my security software from starting. I've scanned with the updated AVG, Adaware, and Spybot. Spybot doesn't see anything. Adaware saw things but when I deleted them it said the problem was solved, but it wasn't. I'm currently scanning with AVG, but I don't have high hopes for that either.

I found these instructions on your site:

http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert

But the virus is preventing me from opening up ANY web browsers so I can't download the rkill program. What you have us downloading is a short-cut file, so if I save that on a non infected system and try to transfer it to the infected system, it won't open.

Any help at all would be really appreciated! I've easily gotten rid of any infections before, but this one starts itself before all other programs and It even starts itself in SAFE MODE.

Please help!

A:Microsoft Security Essentials Fake (can't remove)

Update: I got iexplore.exe successfully transferred (had to copy and paste to the thumb drive, dragging created only a shortcut) but the log didn't show any processes stopped. AVG scan showed no infections although I still get the pop up security alerts and can't open browsers. I am running another mbam scan now.

Read other 1 answers
RELEVANCY SCORE 108

I keep getting a popup alert that I'm convinced is a fake. It displays as a Microsoft Security Essentials Alert. The box/popup states Potential Threat and its displaying: Microsoft antivirus has found critical process activity and lists 3 threats and provides
a tab to click on so that I may remove the threat (which I ignore). When I try closing the msg box, another pops up and says I need to click tab to clean computer immediately to prevent systems breakage. The only way of closing it is with
Task Manager but it keeps returning and does not allow me to move forward. I have done a complete viral scan with the windows defender that finds no viruses but this obviously is something that got through and I can't seem to pin it to remove it. How can it
be removed/stopped? I would appreciate that you keep in mind that I'm a complete novice and know next to nothing about technical computer issues. Heck I don't even know where in the forum my question lies!

A:Fake Microsoft Security Essentials Alert

On Thu, 20 Feb 2014 12:02:30 +0000, ellen618 wrote:
 
>I'll run my anti-virus. I wish I could find more info about this pop-up. Worries me.

 
 
http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert
has details on this.
 
-- Barb Bowman

Read other 29 answers
RELEVANCY SCORE 108

today i left my computer for a couple of minutes, Firefox working before i left. i came home, and tried to open it, and i got an error from Microsoft Security Essentials saying that firefox.exe is a trojan virus. same thing with Internet Explorer. now, for the real kicker. i dont have microsoft security essentials installed on my computer. im running a toshiba laptop with windows 7 home premium 64. havent had any problems before today. had to steal my brothers laptop just to post this.

also side note: avg did not pick up this virus in a full computer scan.
 

A:Fake Microsoft Security Essentials Virus?

may have solved it. downloaded spybot and malware bytes on my brothers laptop and flash drive transfered it to mine. so far malware is picking up viruses, so i think ive found my problem. but help is still apreciated.
 

Read other 1 answers
RELEVANCY SCORE 108

I have this virus and followed the directions for deleting it from another website.

the website: http://www.precisesecurity.com/rogue/fake-microsoft-security-essentials-alert/#comment-7625

One thing this virus does is it disconnects you from the internet so i dont have access to internet(im on another cpu)

right now im at the point where i dont have the popup anymore, however when i restart my computer my wallpaper is all that shows but when i end explorer.exe task in task manger and retype it everything appears and i still cant cannot to the internet.

I've ran Avg, Malwarebytes, ad aware, spybot seach and destroy, and super antispyware still i apparently still have the virus. I really need some help here lol

anything is greatly appreciated :)

ill post the log shortly cuz i have to tranfer through a flash drive

DDS (Ver_10-10-10.03) - NTFSx86
Run by edeop328 at 17:34:00.09 on Sun 10/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1992.1332 [GMT -4:00]

AV: AVG Internet Security *On-access scanning disabled* (Outdated) vBadvanced 9-3-3 7
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) vBadvanced 9-3-3 6
AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) vBadvanced 9-3-3 5

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch... Read more

A:Fake Microsoft security essentials alert

Hi c1r3 and welcome to TSF,

Please subscribe to this thread to get immediate notification of replies (if you haven't already) as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------------

I am sorry to tell you that one or more of the identified infections is a backdoor trojan / rootkit .

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

-----------------------------------

Please note that these fixes won't be instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of... Read more

Read other 19 answers
RELEVANCY SCORE 106.8

I am receiving the alert window that says "Microsoft Security Essentials" and says it has found a Trojan. I have followed all the steps I usually do for removing fake antivirus software--rkill.com, malwarebytes, hijackthis--and nothing has worked. When I have tried to run rkill.com, it usually shows me the command prompt type screen with nothing in it instead of the "terminating known malware...". Malwarebytes has not found any suspicious files. When I ran Hijackthis, I was not able to find any of the registry keys/files that every tutorial I read talked about. I even tried going to start, run, and typing in "%AppData%" but once again, couldn't find any of the files mentioned on help sites. Please help me!

A:Fake Microsoft Security Essentials alert - cannot remove

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 106.8

I have a fake Microsoft security essentials virus message when I go to the internet. I run MalwareBytes everyday but it has not detected this.

Would appreciate any help to get rid of this. Below are files requested.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:02 AM, on 2/8/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Users\New\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\M... Read more

Read other answers
RELEVANCY SCORE 106.8

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mads at 22:23:14,10 on 26-09-2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.522 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Polar\Daemon\polard.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Polar\WebSync\WebSync.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\W... Read more

A:Help: Fake Microsoft Security Essentials Alarm->PC unstable

Hello, and welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Also, I'd be grateful if you would note the following: The fixes are specific to your problem and should only be used for the issues on this machine.
Do not install/uninstall anything on your computer unless advised.
Do not run any other scanning tools other than those instructed for you to use.
Follow the instructions on the order they are given.
Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.
_________________________________________________

Read other 13 answers
RELEVANCY SCORE 106.8

Hi all,

A dialog box popped up on my laptop, which I think is a virus of some kind. At the top, it said, "Microsoft Security Essentials Alert." Under that is a wide red stripe, with "Potential threat details" in white. The message in the center was something like, "Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent system crash." Under that, it listed 3 potential threats & then a "Clean computer" button.

I've never seen that type of message from Microsoft before, so I was suspicious. I noticed the url of the page I was on said supervisionmonitorrescue.com, so I figured I should not click on the "Clean computer" button until I checked it out further. I ran an AVG scan, which was clean, then shut down my computer. I searched for &#8220;Microsoft Security Essentials & supervisionmonitorrescue&#8221; on my other computer, and it sounds like a virus. Apparently, if you click "Clean computer" it prompts you to download "free" software to remove the threats, when you do that, you download the virus, then they try to force you to buy a paid version of the software to remove the threats.

All the info I found on this gave instructions on how to remove the virus downloaded when you click "Clean computer" (which I did not do.) I'm not sure if, the fact that I g... Read more

Read other answers
RELEVANCY SCORE 106.8

Hello TSF:

Yesterday I contracted some sort of malware or virus, peculiar since I wasn't using the Internet much. I have had an issue for some time now with Google search re-directs/search hijacking, and have not been able to isolate the cause for such. I run Spybot and Malware-Bytes Anti-Malware but no active AV (Norton 2006 still shows up on my computer but I do not use it) since most AVs block access to a game I play, declaring it a false positive. Really risky, I know.

The malware/virus I contracted is something masquerading as Microsoft Security Essentials. It blocks access to all Internet browsers, the task manager via ctrl-alt-del, and realsched.exe at startup. The only way I can be online is through Safe Mode. Upon attempting to open these programs, an alert pops up that supposedly looks similar to the legit MSE alerts. I will describe it in detail:

Microsoft Security Essentials Alert
Potential Threat Details:
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click 'Show Details' to learn more.

Detected items: Unknown Win32/Trojan
Alert level: severe
Recommendation: remove
Status: suspended

Options given: Show details - Clean computer - Apply actions - Close - 'X' to close

Upon clicking 'Show Details':

Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommend... Read more

A:Microsoft Security Essentials - fake pop-up that blocks programs

Hello and welcome to TSF


We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.


It actually appears to have not only Norton still on your machine but also Avast. This does not give you extra protection. They will conflict with each other and give false positives, slow your system down and cause system instability. Chose one a/v to keep and uninstall the other.


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See th... Read more

Read other 2 answers
RELEVANCY SCORE 106.8

The window pops up, whenever I try to open Task Manager, or Command Prompt.

How do I kill processes if I cannot open the Task Manager

A:How do I Remove fake Microsoft Security Essentials Alert

Is that not some kind of virus playing up?? Run malware bytes scan on that machine first please, its free..
Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com
If it don't let you run that on normal login, try safe mode..

cheers
Ash

Read other 24 answers
RELEVANCY SCORE 106.8

Hello. Long time reader, first time poster.

Yesterday one of my co-workers had a fake Microsoft Security Essentials pop-up that said she had been infected by a Win32 trojan. Unfortunately, she clicked as instructed and was taken to the internet, however, she DID NOT download anything else.

Last night I worked for about 4 hours on it. I did an extensive set of internet searches and tried quite a few things that were recommended, including the recommendation from this site. Here is a summary of all I tried. After starting in safe mode, I was able to use rkill to stop it from running so I would run Malwarebytes, but it DID NOT find anything. I then ran SUPERAntiSpyware, which did find about 100 files (mostly advertising cookies, but it also found some trojan files). I quarantined those, rebooted, and the MSE fake popup came back.

I have looked in the file structure and the registry for the suggested files (antispy, hotfix, etc.), but haven't found anything.

I also tried to run Spyware Doctor, but it wants to update and can't get online to do that, so it shuts down.

I tried to do a system restore, but it would not let me do it in Safe Mode and I can't use rkill in normal mode, so I'm sure this trojan won't let me run system restore in normal mode.

I also ran hijack this to look for the couple of 04 entries I read about on a post somewhere, but they were not part of the scan report.

I'm looking for other suggestions to fix this without having ... Read more

A:Fake Microsoft Security Essentials virus has attacked me

Hello,could we see the trojan portion of the SAS scan. SUPERAntiSpyware, which did find about 100 files (mostly advertising cookies, but it also found some trojan files). Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Rerun MBAM (MalwareBytes) like this:Open MBAM in... Read more

Read other 7 answers
RELEVANCY SCORE 106.8

Attached is the results of the combo fix scan

A:Microsoft Security Essentials Alert (Fake Virus)

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 106

Fake Microsoft Security Essentials Alert TrojanDid you mean 5 or 6?Thanks

A:Feedback - Fake Microsoft Security Essentials Alert Trojan

Did you mean 5 or 6?These five rogue programs are:Red Cross AntivirusPeak Protection 2010Pest Detector 4.1Major Defense KitThinkPointAntiSpySafeguard or AntiSpy SafeguardIs this what you are referring to ?? Updates get added and not All the text is updated to suit -

Read other 1 answers
RELEVANCY SCORE 106

Hey all.

I got the fake Microsoft Security Essentials when viewing a random google image late last week. Thought I removed it late last week with Malwarebytes and now I'm having separate problems. I get random pop ups, an error message for "Generic Host Process for Win32 Service", and my internet connection then cuts out. When I get the Win32 error, my Windows XP orientation changes to "Classic" for some reason. I also noticed that when I lose connection, the network name changes to "Access Point" and when I try to repair it, the DNS cannot be registered.

Please help me.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Mark Johnson at 17:18:56.40 on Mon 10/18/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1356 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.e... Read more

A:Generic Host Win32/Fake Microsoft Security Essentials

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 11 answers
RELEVANCY SCORE 106

While visiting a view sites, this window alert page came up. It stated that my computer could be hacked and personal information can come out or something. And I couldn't open a new page or anything, and I couldn't close it out. It had a phone number and I called. A person picked it up seemed friendly. He asked me what happened and stuff, and I explained. He knew the websites I visited and everything. And knew my grandma and my dads name. He eventually spoke of this $100 thing and I dont have to pay again after that. That it would help against viruses and things. But I refused, I didnt have any money. But eventually he unblocked everything for me for free. But asked alot of personal questions. I dont know what to think. After everything was unblocked I looked up if something like this can be fake and a virus or something. And im wondering if what just happened to me, was a Fake Microsoft Security Alert, and if so is there anything I can do. Im really worried at the moment. Thank you. 

 
  

A:Fake Microsoft Security Essentials Alert Virus Blocked PC

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 12 answers
RELEVANCY SCORE 106

I was infected with the Fake Microsoft Security Essentials Alert Trojan as described here http://www.bleepingcomputer.com/virus-remo...ssentials-alertI'm running Windows 7.Whenever I'd logon to windows (regular or safe mode), the Microsoft Security Essentials Alert and I would immediately blue screen (irql_not_less_than_or_equal was the reason).I put the Kaspersky rescue cd on a usb disk and it found a lot of malware which it removed. Logging back into windows, however, still blue screened.Back in kasperky, I went to the file explorer and poked around, and found "hotfix.exe" in appdata/local/temp, which I promptly deleted (I'd done this for someone else recently). Now I could login to windows, but I still wasn't out of the woods yet.Logging into windows in regular mode would show a black screen with no explorer, I had to launch it from task manager. Full scan with MalwareBytes showed that there was a registry entry in policies/explorer which turned it off, and some driver with a random name (sqbzeh.sys) was an infected file. Neither MalwareBytes nor I was able to delete this file, so I had to go back into Kaspersky to do it.Running Sophos rootkit finder flagged some temp files, and Security Task Manager found another file in the temp dir that was bad. Now MalwareBytes gives me a clean bill of health, but I still see a lot of strange activity in TCPView. Here's my dds file output:DDS (Ver_10-10-10.03) - NTFSx86 Run by D at 9:15:24.05 on Sun 10/1... Read more

A:Infected with Fake Microsoft Security Essentials Alert Trojan

BTW, the network icon in the taskbar shows that I'm not connected, even though when I click on it and open up the dialog, it says I'm connected. More fallout from the infection? Any way to get this back to normal without reformatting?

Read other 2 answers
RELEVANCY SCORE 106

My brothers computer has become infected with what I believe to be the Fake Microsoft Security Essentials Alert Trojan. How do I remove it?
 

Read other answers
RELEVANCY SCORE 106

Hi,

I?ve been having a few problems with my computer recently, and I?ve been directed here for advice. However, there?s so much (useful) information that I just don?t know where to start! I hope that this is the right place to post this message, and I hope that it makes sense.

A week ago, I came down with what I think was a fake Microsoft Security Essentials problem. I was using both Internet Explorer and uTorrent at the time. Basically, a window popped up telling me that a Trojan had been directed in a file, DivXUpdate.exe, I think. If I tried to close this, another window popped up immediately naming a different file, and this kept happening. Internet Explorer, uTorrent and Outlook all closed themselves, and I was unable to open any other programs or Task Manager. All I could do was restart my computer through the Ctrl-Alt-Del dialogue, and when I relogged-on, the Microsoft Security Essentials window appeared again immediately.

Anyway, I think I managed to get rid of this using a combination of Spybot-S&D, Ad-Aware and AVG in Safe Mode and through a different administrative account on my computer. However, after doing that, I discovered that I had a ?Google redirect virus?. When I perform a search on Google, sometimes the links go to the right place, but sometimes I?m redirected to other sites, sometimes Internet Explorer fails and sometimes another (empty) window opens up.

In addition, opening Task Manager revealed a number of possibly bizarre processes. I?m af... Read more

Read other answers
RELEVANCY SCORE 106

My PC has stopped loading webpages in IE and chrome, but will update malwarebytes/SAS and other such programs. I have troedscans and such, but all that seems to work is system restoring to a certain restore point, but even that only gives me webpage access for a few minutes before chrome throws up error 102. I think the problem is "Microsoft security essentials" related as I've had a few of those popups and a new white flag with an red x icon near the clock.

I have tried rkill followed by mbam with no luck, and SAS, it always comes out with my Internet saying connected, and updating certain things, but not loading pages in the browser.

Help?

A:Windows 7 PC will not load webpages possible "Microsoft security essentials fake"?

Have a read here: Removing the Microsoft security essentials fake Alert

Read other 1 answers
RELEVANCY SCORE 106

I have followed the removal instructions for this malware but the infected PC in Safe mode will not let me run MalwareBytes AntiMalware or regedit or cmd.

It took me about 20 tries to get it to run rkill but it wouldn't run Malwarebytes after that.

Help

A:Fake Microsoft Security Essentials Alert Trojan & AntiSpySafeguard

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 1 answers
RELEVANCY SCORE 106

Hi and thanks in advance for your help. I'm having a heckuva' time trying to get this issue cleaned up and figured I'd better turn to someone who knows what they're doing before I ruin something. Issue started while browsing a fox sports forum at fightonstate.com. It immediately shut down my browser and Outlook and I got this pop-up, ostensibly from Microsoft Security Essentials. I came here, searched it out and used rkill and MBAM to clean it up. No luck. Multiple other tries with MBAM, Ad-Aware, SpyBot S&D and AVG have gotten me mostly clean, but the browser hijacker persists. It's taking over in IE, Firefox and Chrome and redirects the search result links to sites like findstuff.com. I also get new tab pop-ups from winnerweekly about a WalMart gift card and they end up locking up the browser.Lastly, programs are slow to start up now and that was never an issue. I also am intermittently getting a Rundll32 error; I keep forgetting to write down the specifics, but the GUI on my XP reverts to a Windows 3.1 style when that happens. Also, at the moment, my browser can't post in this Forum. I can navigate to it, but I can't post. All three browsers are getting a page not available error when I click "post new topic". I'm currently using a terminal connection to my office to post this. Is it usual for a browser hijacker to block access to BLEEPINGCOMPUTER forums?!This has been ongoing for almost a week and I'm a... Read more

A:Fake Microsoft Security Essentials / Hotpoint led to browser hijacks

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 15 answers
RELEVANCY SCORE 106

Quote:
A new scareware threat is using some very convincing tricks, which include displaying fake Microsoft Security Essentials (MSE) alerts.
...


New Scareware Displays Fake Microsoft Security Essentials Alerts - Softpedia

A:New Scareware Displays Fake Microsoft Security Essentials Alerts

hi !

"old news"....

Borg 386 posted about it 2 weeks ago: http://www.sevenforums.com/system-security/107539-dont-fooled-fake-mse.html

in that thread Corrine mentioned her post: Beware: Fake Microsoft Security Essentials Rogue ~ Security Garden

which included a link to the "original" story: Remove the Fake Microsoft Security Essentials Alert Trojan and AntiSpySafeguard

Read other 2 answers
RELEVANCY SCORE 105.6

Hi guys, I recently have encountered a suspected Rootkit infection on my pc. It has targeted my MSE program and is showing all the symptoms of a Rootkit Virus, I have carried out scans using Farbar and have attached the frst.txt file. I would be more than grateful if someone can help me compile the needed fixlist.txt file to help me remove MSE and reinstall a fresh copy... ndonaldson2912     Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013Ran by SYSTEM on 18-06-2013 19:36:33Running from J:\Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccessHKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: []  [x]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrob... Read more

A:RootKit - Microsoft Security Essentials!

Hi, Welcome to the forum. Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. 

Read other 20 answers
RELEVANCY SCORE 104.8

My mother's computer had the trojan horse a few months back, so when one of my teachers said her laptop had it, I figured it would be a cinch. Since I don't really know what all she did to the computer, I'm stuck. Whenever I try to use Rkill, the computer bluescreens, and reboots. The same happens with most other programs EXCEPT Malwarebyte's. When I tried to use it, however, it ran. When the scan completed, it came back with 13 results, and I removed them all. However, whenever I try to open a program or application, the same fake pop-up appears and it reboots. Short of reinstalling Vista, any ideas?Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

A:"Remove the Fake Microsoft Security Essentials Alert Trojan and AntiSpySafeguard"

Hello could you post that MBAM scan log?The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black scr... Read more

Read other 15 answers
RELEVANCY SCORE 104.8

I got sucked in at 2am the other day. Now have been infected with the Microsoft Security Essentials Alert malware and rootkit. Actually fell for one of the "online scan" prompts and now have something called AntiVirus 2010 on machine.Tried all the suggested removal steps. This version of the infection has squashed all attempts to run rkill or the other named versions. Tried running after booting safe mode but rkill found nothing. Did manage to install and run current Malwarebytes antimalware but it didn't find anything. My Avira did appear to find a couple bad files which I quarantined but no help there either. Pretty much stuck at this point. Am requesting help. I have run the recommended programs and will include and attach the requested files here as instructed.Thanks for any help. I have spent a whole day so far trying to clean my computer and I'm pretty stuck at this point. JimHDDS (Ver_10-03-17.01) - NTFSx86 Run by Jim at 14:03:32.50 on Thu 09/16/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.263 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\system32\svchos... Read more

A:Infected with fake Microsoft Security Essentials Alert and AntiVirus 2010

Hello hawleyj ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

Read other 2 answers
RELEVANCY SCORE 104.8

Hello everybody!I'm fairly new to this site and first time posting. Hope someone can help.I had the Fake Microsoft Security Essentials Alert trojan and removed it using the instructions here:http://www.bleepingcomputer.com/virus-remo...ssentials-alertNow the trojan is gone but every time I turn my computer on, it shuts down and restarts on it's own within 5 seconds (after everything has loaded)Right before it does so, a blue screen flashes that says A problem has been encountered or detected (it appears & disappears so fast that it's hard to read the rest).I'm wondering how I can fix this?Any help will be greatly appreciated Thanks!

A:Problems after removing Fake Microsoft Security Essentials Alert Trojan

Hello! I am Blind Faith or Elle(it's easier to remember,I think) and I will help you with your malware related problems.As you can see I am still a trainee and that means my work is revised by a coach.Therefore, it will take a bit longer for me to reply.So don't be impatient because I won't leave your case suspended in the air,waiting forever.NOTE: Do not make any type of changes to your system during the cleaning process.The steps you are following are based on strict information from your system.So changes which I did not give instructions for are not recommended. I will need some time to research the files on your system so please click the Options button at the top bar of this topic and Track this Topic, where you should choose email notifications to know when I replied. Remember to check your topic for new replies.Probably, it will take a couple of days until the next reply but after that everything will go faster. Also please let me know if you still need help after you have read this.Now I would like you to answer to 2 questions:1. Where exactly does the Windows loading process stop? By that I mean when does the blue screen appear? Please give me all the information regarding this question.2. Do you have a Windows Installation CD ? (I suppose the Operation System is Windows XP, if not please tell me which one is it)Elle

Read other 2 answers
RELEVANCY SCORE 103.2

Here is the link to previous post as requested: 
http://www.bleepingcomputer.com/forums/t/494411/cant-reinstall-microsoft-security-essentials-error-code-0x80070643/
 
Start of problem: 
5/12/13 – Some false internet security program popped up.  My husband either closed it or hit cancel but then Microsoft Security Essentials (MSE) quit working.
 
Steps taken 5/12 and 5/13 (yesterday):
System restore.  Restore succeeded.  MSE still didn’t work.
 
Tried to uninstall MSE.  Couldn’t do it using Add/Remove Programs. 
 
Error box was labeled Microsoft Security Client and said “An error has occurred in the program during initialization.  If this problem continues, please contact your administrator.  Error Code:  0x80073b01.”
 
Downloaded Malwarebytes.  It found some Trojan (didn’t write it down).  Still couldn’t uninstall MSE.
 
Finally able to uninstall MSE Microsoft Security Essentials using Microsoft article at support.microsoft.com/kb/2483120.  However, not able to reinstall MSE. 
 
Removed Malwarebytes in case it was the problem - conflicting AV software - even though I run both on my other computer. 
 
Went through all the steps in windows.microsoft.com/en-us/windows/i-cant-install-microsoft-security-essentials.  Still can't install MSE.  Error code is 0x80070643. 
 
One Microsoft Support answer I r... Read more

A:Zero Access rootkit --> can't reinstall Microsoft Security Essentials

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. Hello there, TAB4 I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on. ---------------------------------------------------------------------------------------------------Please download aswMBR.exe and save it to your desktop.Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)Allow it to update where necessaryClick ScanUpon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compr... Read more

Read other answers
RELEVANCY SCORE 103.2

Hi

I was hit by 3 or 4 trojans, at least 4 virus files and who knows what else. Right now, I cannot start or run Microsoft Security Essentials. Therefore my netbook must still be infected. I have no idea what to do next, and need help.

I have a Netbook with windows XP home edition. No CD rom, disabled Boot from external (so I can't boot from a USB key)

- had the trojan dos alureon.a which seemed to allow fqb.exe, fqc.exe, fqd.exe, and fqe.exe to be installed. The effect of these programs, among other things, was to disable Microsoft Security Essentials and the windows firewall
- I manually disabled my internet connection
- I used TDSSKiller to remove the one trojan, and rootkit virus was detected and removed
- I ended up going into safe mode with DOS prompt to force delete the fq*.exe files
- ran malwarebytes' anti-malware (full scan) and found and quarantined 2 trojan downloaders and 1 trojan fraud.pack
- used regedit to remove O4 - HKUS\S-1-5-18\..\Run: [8DDYX0ZBPZ] C:\WINDOWS\TEMP\Zqd.exe (User 'SYSTEM') and O4 - HKUS\S-1-5-18\..\Run: [XMZH42I4GI] C:\WINDOWS\TEMP\Zqc.exe (User 'SYSTEM')
- ran HiJack This
- ran DDS by sUBS and saved files DDS.txt and Attach.txt
- ran GMER.exe from the desktop, no activity reported

However, I can't get MS Security Essentials to even open. I have

- deleted and reinstalled the program
- used Process Explorer on run32dll.exe to see if it was pointing to an alternate DLL to run (the command line says giv... Read more

A:Microsoft Security Essentials won't run after rootkit/virus/trojan

I've rebooted a few times while trying to resolve the issue. It's really taking a very long time to start up, and there's some kind of wickedly bad sound coming out of it now. I mean, the startup tune sounds like it's vibrating the speaker due to volume. The virus did have a sound feature which was some voices, guys talking, no idea what they were saying or if it was English. Any ideas folks? Or do I just copy what I can salvage and take it in to Best Buy to have the thing fixed and a newer OS installed?
 

Read other 3 answers
RELEVANCY SCORE 96

You can read about it here:

https://blogs.technet.microsoft.com...staller-that-can-lead-to-a-support-call-scam/

--------------------------------------------------------------
 

Read other answers
RELEVANCY SCORE 95.6

Problems:While googling it redirects me to sites - "http://directagain.net/in.php?source=7777&q=&suid=1101&rnd=3xz%2B1mgzFz9AZ7RtJ0%2Bx2w%3D%3D"and"http://www.ihavenet.com/?search=&n=1355828587"(there are some more redirections, but at the moment these are the most frequent)After copying "http://www.ihavenet.com/" from address bar or search bar it pastes "google.com" (I'm using Firefox atm).Bigger problems:Microsoft Security Essentials starts only for the moment on the boot-up and after that is gone.I can't turn on Windows Security Center Service.I tried:Starting WSCS from services.msc and setting it to "Automatic (Delayed)" and after restarting PC..same.Reinstalling MSE didn't work.I used CCleaner. And please tell me is cleanpcguide.com valid site?Did the scan with AdwCleaner and deleted all the threats.Did the scan with Malwarebytes Anti-Malware and deleted all the threats.Did the scan with TDSSKiller and deleted all the threats.I've made "Windows Defender Offline" Bootable USB and did the scan. It only found keygen that I've never used. Deleted it.I did a little "house cleaning" (nice, yeah) but the problem is still there!If someone have an idea what's the problem, please help. Thanks in advance.Sorry for this big post, and I appreciate for you time.

A:Can't turn on Windows Security Center Service, Microsoft Security Essentials is also off

[delete this post]

Read other 21 answers
RELEVANCY SCORE 95.6

Rogue security product claims to be Microsoft Security Essentials.

F-secure reports:
This malware is distributed via drive-by-download attacks as hotfix.exe or mstsc.exe (md5: 0a2582f71b1aab672ada496074f9ce46).Click to expand...

-- Tom
 

A:Rogue security product claims to be Microsoft Security Essentials - Oct 22, 2010

Thanks for sharing.
 

Read other 2 answers