Over 1 million tech questions and answers.

driver/service protection of malware - mshta.exe and "Microsoft Security Essentials Alert" attack

Q: driver/service protection of malware - mshta.exe and "Microsoft Security Essentials Alert" attack

QUOTE(ewu @ Oct 14 2010, 05:25 PM) I am running XP and it seems to function well with the exception of multiple mshta.exe incidences. I fell victim to the security essentials trojan but Avast was able to catch it before my system was substantially compromised. It seems like most items have been removed aside from the mshta.exe issue.Exactly every hour, Avast alerts to mshta.exe accessing a location and blocks it. When I check the task manager it sometimes comes up many times. I have taken to ending mshta.exe whenever I see it.I have run quick and full scans with Avast, Malwarebytes, SuperAntiSpyware, and Spybot. I booted up into safe mode and ran quick scans with all four. I also ran a boot-time scan with Avast. All these scans have come up with no infected files.I also downloaded and ran panda anti-rootkit both regularly and in safe mode.Please advise as to how I can resolve this issue.Thanksas per boopme instructed:DDS (Ver_10-10-10.03) - NTFSx86 Run by Eric at 10:11:55.64 on Fri 10/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.782 [GMT -7:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\SugarSync\SugarSyncManager.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exeC:\Program Files\Rainmeter\Rainmeter.exeC:\Documents and Settings\Eric\Start Menu\Programs\Startup\taskmgr.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Eric\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\WINDOWS\System32\mshta.exeC:\WINDOWS\System32\mshta.exeC:\WINDOWS\System32\mshta.exeC:\WINDOWS\System32\mshta.exeC:\Program Files\Alwil Software\Avast5\setup\avast.setupC:\WINDOWS\System32\mshta.exeC:\incoming\dds.scrC:\WINDOWS\system32\NOTEPAD.EXE============== Pseudo HJT Report ===============uStart Page = about:blankuSearch Page = uSearch Bar = mDefault_Page_URL = about:blankmDefault_Search_URL = about:blankmSearch Page = about:blankmLocal Page = about:blankmStart Page = about:blankuInternet Settings,ProxyOverride = *.localmSearchAssistant = mCustomizeSearch = about:blankBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dlluRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" bootuRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exeuRun: [Google Update] "c:\documents and settings\eric\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=trueuRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizedmRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exemRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe bootmRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXEmRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exemRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exemRun: [WINDVDPatch] CTHELPER.EXEmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXEmRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNCmRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMENamemRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXEmRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"mRun: [<NO NAME>] mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hidemRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logonmRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /noguimRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [nwiz] nwiz.exe /installquietmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\docume~1\eric\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: lmco.com\lmpassage3.externalTrusted Zone: musicmatch.com\onlineDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\vir52qs6.default\FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/#inbox|http://www.meebo.com/|http://forums.fanime.com/index.phpFF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\vir52qs6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dllFF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\vir52qs6.default\extensions\[email protected]\platform\winnt\components\nsTwitterFoxSign.dllFF - plugin: c:\documents and settings\eric\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\eric\application data\move networks\plugins\npqmp071505000010.dllFF - plugin: c:\documents and settings\eric\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\eric\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\documents and settings\eric\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\opera\program\plugins\np_gp.dllFF - plugin: c:\program files\opera\program\plugins\nppl3260.dllFF - plugin: c:\program files\opera\program\plugins\nppl3260.dllFF - plugin: c:\program files\opera\program\plugins\nprpjplug.dllFF - plugin: c:\program files\opera\program\plugins\nprpjplug.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - HiddenExtension: XUL Cache: {6E84B22E-0851-4D85-A115-BC91530674E7} - c:\documents and settings\eric\local settings\application data\{6E84B22E-0851-4D85-A115-BC91530674E7}FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

-0000-0019-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS ===============R? Adobe Version Cue CS4;Adobe Version Cue CS4R? d347bus;d347busR? d347prt;d347prtR? osppsvc;Office Software Protection PlatformR? QCEmerald;Logitech QuickCam WebR? Spyder3;Datacolor Spyder3R? Stormser;StormserR? tpcdrdrv;tpcdrdrvS? aswFsBlk;aswFsBlkS? aswSP;aswSPS? avast! Antivirus;avast! AntivirusS? avast! Mail Scanner;avast! Mail ScannerS? avast! Web Scanner;avast! Web ScannerS? SASDIFSV;SASDIFSVS? SASKUTIL;SASKUTILS? Viewpoint Manager Service;Viewpoint Manager Service=============== Created Last 30 ================2010-10-14 20:29:11 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2010-10-14 20:29:00 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2010-10-14 06:27:55 8576 ----a-w- c:\windows\system32\drivers\bambkukrhjby.sys2010-10-14 06:16:14 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys2010-10-13 15:30:17 -------- d-----w- c:\docume~1\eric\applic~1\SUPERAntiSpyware.com2010-10-13 15:30:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-10-13 15:30:05 -------- d-----w- c:\program files\SUPERAntiSpyware2010-10-03 08:09:43 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll2010-10-03 08:09:41 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll2010-10-03 08:09:30 -------- d-----w- c:\windows\Logs2010-10-03 08:03:55 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll2010-10-03 03:32:45 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 62010-09-30 10:10:09 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.22010-09-29 11:09:34 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\SugarSync2010-09-29 06:18:23 274288 ----a-w- c:\windows\system32\mucltui.dll2010-09-29 06:18:23 215920 ----a-w- c:\windows\system32\muweb.dll2010-09-29 06:18:23 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2010-09-29 00:09:10 -------- d-----w- c:\documents and settings\all users\Microsoft2010-09-29 00:04:31 -------- d-----w- c:\program files\Microsoft Analysis Services2010-09-28 22:07:08 -------- d-----w- c:\windows\Performance2010-09-28 22:06:55 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Microsoft Corporation2010-09-28 22:06:23 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor2010-09-25 09:32:45 -------- d-----w- c:\program files\iTunes==================== Find3M ====================2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe2007-01-30 17:16:20 6176768 ----a-w- c:\program files\Adobe DNG Converter.exe2004-06-29 06:17:16 778240 ----a-w- c:\program files\resizer.exe2003-11-08 16:11:08 358400 ----a-w- c:\program files\disktective.exe============= FINISH: 10:26:31.79 ===============

RELEVANCY SCORE 200
Preferred Solution: driver/service protection of malware - mshta.exe and "Microsoft Security Essentials Alert" attack

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: driver/service protection of malware - mshta.exe and "Microsoft Security Essentials Alert" attack

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following1.logs from DDS2.log from RKUnHooker3.let me know of any problems you may have had[/list]Gringo

Read other 14 answers
RELEVANCY SCORE 149.2

I am running XP and it seems to function well with the exception of multiple mshta.exe incidences. I fell victim to the security essentials trojan but Avast was able to catch it before my system was substantially compromised. It seems like most items have been removed aside from the mshta.exe issue.

Exactly every hour, Avast alerts to mshta.exe accessing a location and blocks it. When I check the task manager it sometimes comes up many times. I have taken to ending mshta.exe whenever I see it.

I have run quick and full scans with Avast, Malwarebytes, SuperAntiSpyware, and Spybot. I booted up into safe mode and ran quick scans with all four. I also ran a boot-time scan with Avast. All these scans have come up with no infected files.

I also downloaded and ran panda anti-rootkit both regularly and in safe mode.

Please advise as to how I can resolve this issue.

Thanks

A:mshta.exe issue after "Microsoft Security Essentials Alert" attack

Hello it appears then some malware files are protecyed by a driver or perhaps a service. To get thrm out we'll need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

Read other 3 answers
RELEVANCY SCORE 90.8

Microsoft Security Essentials Alert popped up on my computer. It won't go away. My friend had this happen to here and she ran it to clean her computer. She ended up having to reload everything.

Does any one know how to get rid of this without having to reload the computer?

A:Microsoft Security Essentials Alert

Hello,You could give this removal guide a try http://www.bleepingcomputer.com/virus-remo...ssentials-alert if this does not work do the following.Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 90.8

I cannot connect to the internet, but I can open folders and some files that are saved on my computer. I can shut down, but not restart my computer. I ran the anti-malware I downloaded from this site, but it doesn't detect any problems. The "Microsoft Security Essentials Alert" box will not close, it says it has "Potential threat details" with this information:Detected Items: Unknown Win/Trojan Alert level: Severe Recommendations: Remove Status: Suspended Norton 360 says it blocked an attack from "nl6fa53.com (194.28.112.6,443)," but when I run a scan it doesn't detect anything for me to remove/delete.Thanks,Julius

A:"Microsoft Security Essentials Alert"

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 90.8

I posted my issue originally in the Windows 7 forum but I was given instructions and I did them in accordance with the Steps outlined. Here's the back ground on my issue: I have an Acer Aspire 5532 laptop. Yesterday I got this blue screen with directions on it and stop codes. Says IRQL_NOT_LESS_OR_EQUAL. STOP: 0x0000000A At the bottom of the page it talks about doing a Physical Memory Dump. Part of the directions was to go into Bios and turn off caching and shadowing.(I didn't do that/no idea how to) I have a trojan on my computer named Microsoft Security Essentials Alert. I have ran Malwarbytes a few times but it says it can't remove everything. Right now I'm running in safe mode, but that only works if I go into Task Manager and end the process "hotfix". I ran GMER in accordance with the directions and it came back clean. "No changes found."Here's the DDS log. DDS (Ver_10-10-21.02) - NTFS_AMD64 NETWORK Run by Owner at 9:57:02.53 on Thu 10/21/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1983 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows&#... Read more

A:Microsoft Security Essentials Alert

Hello bigsalWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Read other 20 answers
RELEVANCY SCORE 90.8

I need help removing this from my computer. I have windows vista.

A:Microsoft security essentials alert

Please refer to the Spyware Removal Guide on this matter.

http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert

Regards

Read other 2 answers
RELEVANCY SCORE 90.8

Hello, i've followed your guide to remove this fake alert but i've some probem. first of all, rkill, iexplorer ecc don't work, when they start, something close them immediatly and Malwarebytes doesn't fond the virus after a full scan. (My Taskmanager and IE/firefox dont work, and i'm writing from another PC). What can i do? thanks

A:MicroSoft Security Essentials Alert

i managed to solve this problem. my malwarebytes version was outdated and didn't find the trojan.

Read other 2 answers
RELEVANCY SCORE 90.8

I had a box pop up that read Microsoft Security Essentials Alert. I didn't click on it but it did stay on my browser screen. I had turned off the computer and when it came back on I opened Firefox browser and the box was still there. I came on the site here immediately and found the removal for it using Malwarebytes Anti-Malware. I ran the programs mentioned on the removal process twice. When the process was done it showed nothing was found. When I opened my Firefox browser again the "alert" was gone. I wonder if the "removal" worked? Any suggestions? Thanks.

A:Microsoft Security Essentials Alert...

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 22 answers
RELEVANCY SCORE 90.8

I got a Microsoft Security Essentials Alert. I haven't clicked on anything on it other that the red "X" and "close" to try and close it out. Blinks, and then reappears.

I can't use the "control alt delete function" When I do this I get a "server busy" box and when I click "switch to" my start menu opens. This is the only way I can get the "server busy" box to go away, but it reappears sometimes.

I can't access internet on fire fox or explorer.

I use AVG free, but can't access it because I get that "server busy" box

I can't restart in safe, I get the blue screen in all safe modes
I'm not very good at computers,so please use "normal" language:) can someone please help me.

I have tried to find help, but it seems that all require you to be able to get online (which I can't because neither of my browsers are able to work)

A:Microsoft Security Essentials Alert

Also I can not access task manager.

Read other 3 answers
RELEVANCY SCORE 90.8

This one.

http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert
However, the above removal process didn't work for me.

Previous steps undertaken are here: http://www.bleepingcomputer.com/forums/topic363341.html
Unfortunately it just keeps coming back after some time without doing anything on my pc.
Thanks!
DDS (Ver_10-11-27.01) - NTFSx86
Run by Gary at 17:15:47.78 on Tue 11/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.611 [GMT 11:00]
============== Running Processes ===============

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Progr... Read more

A:microsoft security essentials alert

Ok, looking through the forum I seem to have a variant of the mshta.exe malware that so many others here seem infected with.
However, I've noticed this seems to be easily fixed for some, but not others.

Considering the amount of time i've spent trying to fix this already, the risk of windows not booting was not significantly worse than its state now so i decided to go all out.

Firstly i downloaded and updated most of the tools mentioned on this site.

Decided to d/c the pc from the network after updating.

Then I ran in order:

Mbam
reboot
SAS
reboot
TFC
reboot
TDSS
reboot
combo fix
reboot

Finally i ran Mbam again.

Upon the final reboot everything looked ok. No iexplore.exe rogue processes. I left the PC on, but d/c from the network overnight and all seemed good.

Today i ensured the firewall was set to block everything (including exceptions) and connected it back up while monitoring processes/scheduled tasks etc.
So far so good...for 30 mins.

Then i noticed my windows auto update shield suddenly came on!
Within about 30 secs everything was infected again =/
I suspect wuauclt.exe is also roothooked (nothing seems to detect this though.) Because even though i've disabled updates that damn process keeps showing up.

So now i don't know what besides mshta.exe, iexplore.exe and wuauclt.exe could be infected.
Seems like a neverending quest to clean the system.

Read other 5 answers
RELEVANCY SCORE 90.8

Ok, so recently I have gotten a message from what appears to be Microsoft Security Essentials Alert saying I have a trojan (pic1). Upon clicking remove, it says it was unable and that i should scan online. When I click that, a menu for a bunch of different things pops up (pic2). I don't wanna do anything without knowing if this is actually an alert or if it's just a virus made to look like an alert. Also, it blocks access to the internet and most applications by popping up with pic1 and nothing else...Help?

I had to upload the pics as attachments because I don't have them on the internet anywhere. Sorry...

ps, I have run malwarebytes and It DID detect a trojan and it DID delete it, but this is still happening.

A:Microsoft Security Essentials Alert???

Wow I just realized how small they are...

Read other 2 answers
RELEVANCY SCORE 90.8

my mothers computer popped up Microsoft Security Essentials Alert with about 4 'trojans' showing, after researching I found that this isnt true and its all
a adware thats been put on the computer..I read where I can run Malwarebytes and remove the false alert, however it didnt find it on my computer..I also read where I can go into Application Data folder except thats not showing on her computer either?
I dont know alot about computers so im trying to learn, her computers turns off for no apparent reason and is extremely SLOW
We ran AVG and malwarebytes but no luck so far
can someone please help me??
thanks in advance

A:microsoft security essentials alert

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 1 answers
RELEVANCY SCORE 90.8

Please help if possible. I have tried eradicating this malware but with no success. The problem seems somewhat isolated to one of the two user logins on our Windows XP machine. The GMER scan took about 8 hours to complete. Let me know what to do next. Thank you in advance for any help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Mariko at 16:24:20.89 on 09/20/2010 MonInternet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.1534.983 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeSVCHOST.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Brother\BRAdmin Professional 3\bratimer.exeSVCHOST.EXEC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exeC:\Program ... Read more

A:Microsoft Security Essentials Alert

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 11 answers
RELEVANCY SCORE 90.8

My system has been infected with "Microsoft Security Essentials Alert"

I am running Windows XP. A window stating that the system is infected with "Unknown Win32/Trojan" stays open even if I attempt to close it. No other programs are able to be started up either.

############################################

DDS (Ver_10-10-21.02) - NTFSx86
Run by Danny at 12:59:30.70 on Tue 10/26/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.89 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ah... Read more

A:Microsoft Security Essentials Alert

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download this file, courtesy of BleepingComputer.com, and save it to your desktop.

If necessary, download it to a USB drive on another computer, and transfer it to your desktop.

Double-click rkill.com to run it.

You may have to run it multiple times to kill all the processes that are controlling your machine.

If you get a prompt from the fake AV, just leave it open.

Don't, I repeat, don't restart your computer.

------------------------------------------------------

If after running rkill.com, you have no desktop, open Task Manager by hitting Ctrl+Alt+Del

Go File > New Task(Run...) and type explorer.exe and click OK.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download ... Read more

Read other 15 answers
RELEVANCY SCORE 90.8

Hello! I have a virus on my computer that gives me a fake message from "Microsoft Security Essentials Alert" The detedted item is "Unknown Win32/Trojan".

I am not very computer savy, but I knew this was suspicious and did not click on "Clean computer"! I Googled the message, and that brought me to your site! I followed all the instructions and I think I did everything correctly. I ran RKill, and installed and ran a full system scan with MBAM. It took about 35 minutes and it said that it found 4 items. I read the note that it created in note pad, and then restarted my laptop. When it was restarted, the same message box appears! I did a quick scan with MBAM, and it found no more threats, but this fake window is still here! Please help!

Respectfully,
Jennifer

A:Microsoft Security Essentials Alert

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 90.8

Yesterday my Girlfriends computer got this virus, and all programs she tries to open pop up as a security risk with some fake security program.

I followed all of the steps given on this website, and in the end MalwareBytes and Symantec found a virus and removed it. upon restart of my computer, the virus was still there, and following the same steps again, None of our security software finds a virus. Is there another way to fix this issue?

Please help.

A:Microsoft Security Essentials Alert

Is the Symantec Norton anti virus? If it is and you are running MS security essentials at the same time then this is part of your problem. Running two anti virus programs at the same time will cause problems, like false positives. Disable one of these and then run your scans.

Read other 2 answers
RELEVANCY SCORE 90.8

I am getting the "Microsoft Security Essentials Alert" I found the link for it and have been trying to use that. When I run rkill or under the alerternate names it still pops up. I'm in SAFE MODE WITH NETWORKING.

What do I do now?

A:Microsoft Security Essentials Alert

try restarting in safe mode again?

Read other 11 answers
RELEVANCY SCORE 90

Just had the fake Microsoft Security Essentials Alert pop up on my "other" laptop... windows vista. When I clicked CLOSE, it didnt close but closed all internet. Now I click on internet explorer and the only thing that comes up is the fake Micro. sec. alert pop up. Cant get online to download the program as bleeping computer tells me to, to get rid of this virus.... please help!! <3

A:fake Microsoft Security Essentials Alert

Hello and welcome. First disable Spybot for all these.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after run... Read more

Read other 1 answers
RELEVANCY SCORE 90

I keep getting a popup alert that I'm convinced is a fake. It displays as a Microsoft Security Essentials Alert. The box/popup states Potential Threat and its displaying: Microsoft antivirus has found critical process activity and lists 3 threats and provides
a tab to click on so that I may remove the threat (which I ignore). When I try closing the msg box, another pops up and says I need to click tab to clean computer immediately to prevent systems breakage. The only way of closing it is with
Task Manager but it keeps returning and does not allow me to move forward. I have done a complete viral scan with the windows defender that finds no viruses but this obviously is something that got through and I can't seem to pin it to remove it. How can it
be removed/stopped? I would appreciate that you keep in mind that I'm a complete novice and know next to nothing about technical computer issues. Heck I don't even know where in the forum my question lies!

A:Fake Microsoft Security Essentials Alert

On Thu, 20 Feb 2014 12:02:30 +0000, ellen618 wrote:
 
>I'll run my anti-virus. I wish I could find more info about this pop-up. Worries me.

 
 
http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert
has details on this.
 
-- Barb Bowman

Read other 29 answers
RELEVANCY SCORE 90

I have this virus and followed the directions for deleting it from another website.

the website: http://www.precisesecurity.com/rogue/fake-microsoft-security-essentials-alert/#comment-7625

One thing this virus does is it disconnects you from the internet so i dont have access to internet(im on another cpu)

right now im at the point where i dont have the popup anymore, however when i restart my computer my wallpaper is all that shows but when i end explorer.exe task in task manger and retype it everything appears and i still cant cannot to the internet.

I've ran Avg, Malwarebytes, ad aware, spybot seach and destroy, and super antispyware still i apparently still have the virus. I really need some help here lol

anything is greatly appreciated :)

ill post the log shortly cuz i have to tranfer through a flash drive

DDS (Ver_10-10-10.03) - NTFSx86
Run by edeop328 at 17:34:00.09 on Sun 10/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1992.1332 [GMT -4:00]

AV: AVG Internet Security *On-access scanning disabled* (Outdated) vBadvanced 9-3-3 7
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) vBadvanced 9-3-3 6
AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) vBadvanced 9-3-3 5

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch... Read more

A:Fake Microsoft security essentials alert

Hi c1r3 and welcome to TSF,

Please subscribe to this thread to get immediate notification of replies (if you haven't already) as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------------

I am sorry to tell you that one or more of the identified infections is a backdoor trojan / rootkit .

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

-----------------------------------

Please note that these fixes won't be instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of... Read more

Read other 19 answers
RELEVANCY SCORE 90

I guess I put this in the wrong forum initially... Copied from my other topicThis morning, I woke up to find that Windows had restarted during the night, after what I assumed to be an auto update. When I logged in, I had a window pop up that had "Microsoft Security Essentials Alert" in its title. It warned me that 3 of my autoupdate processes were "unknown Win32/Trojan" and prompted me for action. When the clean computer button was pressed, it brought up links to a couple of anti-virus programs. I immediately suspected a problem. I cannot access the ctrl-alt-delete series of menus to look at the task manager nor can I access any of my browsers, including using them in safe mode with networking. I use Firefox exclusively, but have Explorer and Chrome available. I ran dds per the instructions on this site, and was in the middle of an hours long gmer scan when it crashed. Instead of waiting 6 more hours on the gmer scan, I decided to go ahead and post the dds log and see if you guys could help. All of my other files are accessible, except for the previous mentioned. I grabbed a laptop to get online.Here is my dds log:DDS (Ver_10-10-10.03) - NTFSx86 Run by Steven at 9:57:32.10 on Thu 10/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1643 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchos... Read more

A:Microsoft Security Essentials Alert Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 90

Hi,
Recently I have gotten a message from what appears to be Microsoft Security Essentials Alert telling me that I have a trojan virus (picture in an attachment). But I don't have Microsoft Essential installed on my laptop.

I couldn't download the Gmer Rootkit Scanner because when I clicked on the first link it said the file could not be found and on the second link it said it could not be saved because of an unknown error.

I don't have access to a Windows Install disc or a Boot CD.

Any help is much appreciated.


DDS

DDS (Ver_10-03-17.01) - NTFSX64
Run by Others at 5:26:09.40 on 23/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.4056.2634 [GMT 1:00]


============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\De... Read more

A:Fake Microsoft Security Essentials Alert

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Read other 7 answers
RELEVANCY SCORE 90

I have a window that says Microsoft security essentials alert. I cannot open internet explorer. I have run MalwareBytes twice to no avail. I downloaded DDS and GMER on another PC and transferred to my infected laptop using USB stick. I tried to run rkill, but it won't stay open. Neither will the 2 aliases I downloaded from this sight. Also I cannot open task manager. I was able to run GMER, but DDS would close immediately. GMER took 2 hours to complete. When I put the file name in and clicked save, it said "save not responding" then the GMER window disappeared. I was able to run defogger . Also the option to enable my Windows firewall has been "grayed out". I am hoping therte is something I can do to get this laptop recovered enough to run these logs for you. Thanks in advance.I was finally able to get the window to close by running Mcafee on access scan, but I'm pretty sure I still have problems lurking. I still cannot get GMER to finish noDDS (Ver_10-03-17.01) - NTFSx86 Run by TolbeLy at 18:24:13.75 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.553 [GMT -4:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -... Read more

A:Fake Microsoft Security Essentials Alert

Hello lynnt1958Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Cli... Read more

Read other 12 answers
RELEVANCY SCORE 90

Dear Friends,

I have Windows XP Home edition and use Microsoft Security Essentials (MSE) as my anti-virus. Recently I keep getting a security alert "Your computer might be at risk. MSE is turned off click this balloon to fix this problem" When you click the balloon it takes you to the Security Centre which states that the Anti-Virus is OFF. In the notification area there is a red shield with a white cross in it stating Windows Security Alerts. However, also in the notification area the usual green icon with the white tick says "PC statusrotected"

If you open the MSE programme it states "Real Time Protection On : Virus and Spyware Definitions Up to Date" and there is the usual large white tick in the icon of the monitor. All of this would seem to suggest to me that MSE is turned ON and working so I am baffled as to why I keep getting the alert and that the Security Centre is showing OFF.

Thank you,

Red Cloud
 

A:Solved: Microsoft Security Essentials Alert

Read other 13 answers
RELEVANCY SCORE 90

I'm sure I posted on this forum yesterday and attached a screenshot, but can find no record of it, and have received no notifications of a reply. Am I on the wrong forum so that an administrator deleted it? I selected the "Enable email notification of replies" option. Do I have to do anything else to see replies?

Out of the blue IE9 displayed a message supposedly from Microsoft Security Essentials saying that I had three viruses. It looked fake sd I didn't click the link that would supposedly download a virus cleaner. I googled the symptoms and it appears that others have seen the same message. I can't find anything on bleepingcomputer forums to match though.

I have a screenshot and can provide further details.

Thanks very much, Gary

A:Microsoft Security Essentials Alert fake?

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 1 answers
RELEVANCY SCORE 90

I have Microsoft Security Essentials Alert trojan, and I tried running rkill like the guide has suggested I dled it from this site onto a usb drive since the trojan disables the internet from being used, then I put the program onto the infected computer, but I don't know if rkill is working. It opens for 3 seconds then closes. After repeditly clicking it in an annoyed rage it now is staying open saying please be patient etc... etc... so is it supposed to close quickly like that? How can I be sure its working or not? It has been scanning the files or whatever you call it for about 40 minutes now can someone please tell me what to do?

A:Infected With Microsoft Security Essentials Alert

http://www.bleepingcomputer.com/forums/topic308364.htmlYou might have to try all 5 of these RKill options, you will know when it's working

Read other 6 answers
RELEVANCY SCORE 90

got a virus that ids mascaraing as Microsoft Security, it doesn't allow me to open up the internet, Malwarebytes Anti-malware and it seems to be able to resist rkill.scr, exe, com, iExplore.exe and eXplorer.exei have attempted to run them in varying orders, and have atempted so in both normal and safe mode. in either case the black window is simply closed before it can complete its task.I have also created hundreds of shortcuts, and opened them at once in an attempt to give one the time required, while this succeed in opening one long enough for it to allow me to actually read its text it seems to be unable to do anything and has simply remained open for a great while now.i am not sure how to progress from here, and so i submit my problem to those wiser then myself, and beg your assistance.am currentlyy running rootkit, not sure how long that will take but will post results as soon as it finishesedit, its finished and posted belowRkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #2==============================================>Drivers==============================================0xB906C000 C:\windows\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)0xB8C07000 C:\windows\system32\DRIVERS\NETw5x32.sys 3637248 bytes (Intel Corporation, Intel? Wireless WiFi Link Driver)0xBF1E7000 C:\windows\System32\igxpdx32.DLL 2699264 b... Read more

A:Microsoft Security Essentials Alert virus

Hello thunderingWelcome to BleepingComputer See if you can run this program.==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Read other 1 answers
RELEVANCY SCORE 90

Greetings - My buddy's mom's sister (follow that?) clicked on an email and now has the 'Microsoft Security Essentials Alert'. Apparently it was something in her yahoo email. I thought yahoo scanned for that stuff? Plus, I think she has AVGFree 8.5 (at least there is a shortcut on her desktop) and I see the 4 color boxes briefly in the task tray, but I think it's getting shut down.

I downloaded RKill in all it's variants onto a flash drive. I copied them to her desktop and when I run any of them, the WSEA pops up. I even tried leaving the pop-up as instructed but clicking on any of the RKill variants seems to do nothing.

I rebooted and when I got into Windows did a Ctrl-Alt-Del and managed to get the Task Manager to come up, went to Applications and killed the Application! I was pretty excited. I then was able to install and run MalwareBytes. Unfortunately I was not near an internet connection and wasn't able to connect to the Internet and download the latest definitions (I believe it said 145 days out of date which stinks because I downloaded it today) It came up with 64 objects and said I needed to restart to finish the removal process.

When I rebooted, it was back. Upon entering Windows it pops up almost instantaneously. I do the Ctrl-Alt-Del and if I'm lucky, the Task Manager pops up but then it's gone. I downloaded DDS & GMER and they run for about a second before they're gone. Now the pop-up is there the who... Read more

A:Infected with Microsoft Security Essentials Alert

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan"... Read more

Read other 3 answers
RELEVANCY SCORE 90

Hello, I recently obtained the Microsoft Security Essentials Alert Virus which acts as an antivirus software on my computer. Everytime i try to open any program/file it says that its the virus on my computer. In Safe Mode without networking the virus pops up immediatly when my computer boots up. I tried to follow the insturctions on this link http://www.bleepingcomputer.com/forums/topic34773.html in order to show the diagnostics of my computer but i can not get the internet to run or any program for that matter. I have done a lot of research on this site and saw the different RKill's you can download to close the processes the virus continually runs. This was ineffective and i am at a complete loss. The RKills i have used so far are iExplorer.exe eXplorer.exe rkill.com rkill.exe rkill.scr rkill.pif and then i just tried random names in front of each format of extension. At this point I need some direction of where i can go from here. Could you please help me with the next steps i can take to get around this virus? I am running with Windows Xp Media Center Edition Version 2002. thanks,Donald Trumpet

A:Microsoft Security Essentials Alert Virus

After a couple hours of trial and error methods i finally got the rkill to run. This topic can be deleted.

Read other 1 answers
RELEVANCY SCORE 88.8

Attached is the results of the combo fix scan

A:Microsoft Security Essentials Alert (Fake Virus)

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 88.8

I am receiving the alert window that says "Microsoft Security Essentials" and says it has found a Trojan. I have followed all the steps I usually do for removing fake antivirus software--rkill.com, malwarebytes, hijackthis--and nothing has worked. When I have tried to run rkill.com, it usually shows me the command prompt type screen with nothing in it instead of the "terminating known malware...". Malwarebytes has not found any suspicious files. When I ran Hijackthis, I was not able to find any of the registry keys/files that every tutorial I read talked about. I even tried going to start, run, and typing in "%AppData%" but once again, couldn't find any of the files mentioned on help sites. Please help me!

A:Fake Microsoft Security Essentials alert - cannot remove

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 88.8

The window pops up, whenever I try to open Task Manager, or Command Prompt.

How do I kill processes if I cannot open the Task Manager

A:How do I Remove fake Microsoft Security Essentials Alert

Is that not some kind of virus playing up?? Run malware bytes scan on that machine first please, its free..
Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com
If it don't let you run that on normal login, try safe mode..

cheers
Ash

Read other 24 answers
RELEVANCY SCORE 88.8

Hello I am new to the board. My computer was recently infected with the Microsoft Security Essentials Alert Trojan. (link: http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert) When I tried to open a web browser, an IM client, etc., just about any program that accessed the Internet, the Microsoft Security Essentials box popped up. I ended up downloading an anti-virus program called Hitmanpro 3.5 and it removed the virus. Malawarebytes does not find anything now in scans. I think that the hitmanpro removed it because my computer now seems to function normally and I can open up programs again. However, I do not have the knowledge to know if it is completely removed or if there is some other malware I am infected with. I am running Windows XP Home w/ Service Pack 2. I have attached logs and tried to follow the instructions I saw in the "before you post." Please help me clean my computer completely. Thank you. DDS.txt :DDS (Ver_10-03-17.01) - NTFSx86 Run by Jeffrey at 18:17:28.45 on Thu 01/06/2011Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.287 [GMT -8:00]AV: Doctor Web Anti-Virus *On-access scanning enabled* (Outdated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running P... Read more

A:Infected with Microsoft Security Essentials Alert Trojan

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 10 answers
RELEVANCY SCORE 88.8

while playing games on pogo after a while my game will freeze and I get a message saying Microsoft security essentials alert has found viruses and Trojans on my computer. I have not clicked on this yet but believe this to be malware. please help me get this off my computer

A:microsoft security essentials alert saying viruses found

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.    Click on Change Parameters and click Detect TDLFS File System.    Click the Start Scan button.    Do not use the computer during the scan    If the scan completes with nothing found, click Close to exit.    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.    A TDSSKiller text file would be saved in Local Disk C.    Copy and paste the contents of that file in your next reply.ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential... Read more

Read other 2 answers
RELEVANCY SCORE 88.8

Ok so my laptop got infected by the microsoft security essentials alert trojan. I followed all the steps here to remove it. Although it got rid of the microsoft security essentials alert trojan...a bunch of new fake antivirus pop ups still would come up. So i repeated the steps and ran both Rkill and malwarebytes again. This time malwarebytes would just shut down part way through the scan. Afterwords when i'd try to reopen it. It would say...

Windows can not load the specified device, path or file. You may not have the appropriate permissions to access the item

I would try deleting and reinstalling malwarebytes and the same thing would happen, first it would shut down during the scan then not give me permission to access the program afterwords.

Then it got EVEN WORSE...i tried getting a clean install file for both rkill and malwarebyes from my other pc on a memory card to transfer over to my laptop when i discover...this bastard trojan has disabled my memory card reader!

So now i've tried hijack this, security task manager...you name it, no matter what program i try to open, whether i'm in safe mode with all wifi switched off or otherwise. Every program i open gets shut down then im locked out of permission to access it.

This is really driving me nuts cause the steps on this site dont seem to apply to me, i literally have nothing i can do. To make things worse this stupid laptop never let me create a windows recovery disc saying i already created one when... Read more

A:microsoft security essentials alert wont give up!

Yep, no matter what program i install, even after running Rkill...an error message pops up that says....

"Windows can not load the specified device, path or file. You may not have the appropriate permissions to access the item"

So basically i need to know how to get permission again so i can run the programs i need to.

Also i have no clue why my memory card slot is locked out either. When i put in a memory card it does nothing and wont show up in my computer.

Read other 7 answers
RELEVANCY SCORE 88.8

Hi,

I can no longer find where to access the Security Essentials that is built in on Windows 7. I've tried searching on Google but it keeps claiming it needs to be installed when I know it's built-in as I used it a little over a month ago.

Also is their any difference between the built in client and Microsoft Security Essentials. Thanks

A:Microsoft Security Essentials (Built-In Windows 7 protection)

The built in version is "windows defender" (just search for defender and you will find it) and although it uses the same virus definitions as Security Essentials I don't think it offers the same level of protection or options as MSE itself. Installing MSE automatically disables windows defender.
I would go ahead and install MSE - Microsoft Security Essentials | Protect against viruses, spyware, and other malware

Danny

Read other 1 answers
RELEVANCY SCORE 88

My brothers computer has become infected with what I believe to be the Fake Microsoft Security Essentials Alert Trojan. How do I remove it?
 

Read other answers
RELEVANCY SCORE 88

Fake Microsoft Security Essentials Alert TrojanDid you mean 5 or 6?Thanks

A:Feedback - Fake Microsoft Security Essentials Alert Trojan

Did you mean 5 or 6?These five rogue programs are:Red Cross AntivirusPeak Protection 2010Pest Detector 4.1Major Defense KitThinkPointAntiSpySafeguard or AntiSpy SafeguardIs this what you are referring to ?? Updates get added and not All the text is updated to suit -

Read other 1 answers
RELEVANCY SCORE 88

I was infected with the Fake Microsoft Security Essentials Alert Trojan as described here http://www.bleepingcomputer.com/virus-remo...ssentials-alertI'm running Windows 7.Whenever I'd logon to windows (regular or safe mode), the Microsoft Security Essentials Alert and I would immediately blue screen (irql_not_less_than_or_equal was the reason).I put the Kaspersky rescue cd on a usb disk and it found a lot of malware which it removed. Logging back into windows, however, still blue screened.Back in kasperky, I went to the file explorer and poked around, and found "hotfix.exe" in appdata/local/temp, which I promptly deleted (I'd done this for someone else recently). Now I could login to windows, but I still wasn't out of the woods yet.Logging into windows in regular mode would show a black screen with no explorer, I had to launch it from task manager. Full scan with MalwareBytes showed that there was a registry entry in policies/explorer which turned it off, and some driver with a random name (sqbzeh.sys) was an infected file. Neither MalwareBytes nor I was able to delete this file, so I had to go back into Kaspersky to do it.Running Sophos rootkit finder flagged some temp files, and Security Task Manager found another file in the temp dir that was bad. Now MalwareBytes gives me a clean bill of health, but I still see a lot of strange activity in TCPView. Here's my dds file output:DDS (Ver_10-10-10.03) - NTFSx86 Run by D at 9:15:24.05 on Sun 10/1... Read more

A:Infected with Fake Microsoft Security Essentials Alert Trojan

BTW, the network icon in the taskbar shows that I'm not connected, even though when I click on it and open up the dialog, it says I'm connected. More fallout from the infection? Any way to get this back to normal without reformatting?

Read other 2 answers
RELEVANCY SCORE 88

I have followed the removal instructions for this malware but the infected PC in Safe mode will not let me run MalwareBytes AntiMalware or regedit or cmd.

It took me about 20 tries to get it to run rkill but it wouldn't run Malwarebytes after that.

Help

A:Fake Microsoft Security Essentials Alert Trojan & AntiSpySafeguard

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 1 answers
RELEVANCY SCORE 88

While visiting a view sites, this window alert page came up. It stated that my computer could be hacked and personal information can come out or something. And I couldn't open a new page or anything, and I couldn't close it out. It had a phone number and I called. A person picked it up seemed friendly. He asked me what happened and stuff, and I explained. He knew the websites I visited and everything. And knew my grandma and my dads name. He eventually spoke of this $100 thing and I dont have to pay again after that. That it would help against viruses and things. But I refused, I didnt have any money. But eventually he unblocked everything for me for free. But asked alot of personal questions. I dont know what to think. After everything was unblocked I looked up if something like this can be fake and a virus or something. And im wondering if what just happened to me, was a Fake Microsoft Security Alert, and if so is there anything I can do. Im really worried at the moment. Thank you. 

 
  

A:Fake Microsoft Security Essentials Alert Virus Blocked PC

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 12 answers
RELEVANCY SCORE 88

I have tried rkill.com, iexplorer.exe and mexplorer.exe (typing from memory) to stop the alert virus process--just pops back up after half a second of seeing the dos command prompt box pop up. Trying to get rid of it I safe mode with malware but not optimistic. Any help appreciated. Thanks

chris

A:Cannot get Microsoft Security Essentials Alert process to stop w/rkill

Try running it a few times in quick succession and hopefully you can get it to run before the malware catches up to it and terminates it.

Read other 9 answers
RELEVANCY SCORE 88

New beta of Microsoft Security Essentials released with network protection.

-- Tom
 

A:New beta of Microsoft Security Essentials released with network protection

Read other 8 answers
RELEVANCY SCORE 87.6

Problems:While googling it redirects me to sites - "http://directagain.net/in.php?source=7777&q=&suid=1101&rnd=3xz%2B1mgzFz9AZ7RtJ0%2Bx2w%3D%3D"and"http://www.ihavenet.com/?search=&n=1355828587"(there are some more redirections, but at the moment these are the most frequent)After copying "http://www.ihavenet.com/" from address bar or search bar it pastes "google.com" (I'm using Firefox atm).Bigger problems:Microsoft Security Essentials starts only for the moment on the boot-up and after that is gone.I can't turn on Windows Security Center Service.I tried:Starting WSCS from services.msc and setting it to "Automatic (Delayed)" and after restarting PC..same.Reinstalling MSE didn't work.I used CCleaner. And please tell me is cleanpcguide.com valid site?Did the scan with AdwCleaner and deleted all the threats.Did the scan with Malwarebytes Anti-Malware and deleted all the threats.Did the scan with TDSSKiller and deleted all the threats.I've made "Windows Defender Offline" Bootable USB and did the scan. It only found keygen that I've never used. Deleted it.I did a little "house cleaning" (nice, yeah) but the problem is still there!If someone have an idea what's the problem, please help. Thanks in advance.Sorry for this big post, and I appreciate for you time.

A:Can't turn on Windows Security Center Service, Microsoft Security Essentials is also off

[delete this post]

Read other 21 answers
RELEVANCY SCORE 87.2

I got sucked in at 2am the other day. Now have been infected with the Microsoft Security Essentials Alert malware and rootkit. Actually fell for one of the "online scan" prompts and now have something called AntiVirus 2010 on machine.Tried all the suggested removal steps. This version of the infection has squashed all attempts to run rkill or the other named versions. Tried running after booting safe mode but rkill found nothing. Did manage to install and run current Malwarebytes antimalware but it didn't find anything. My Avira did appear to find a couple bad files which I quarantined but no help there either. Pretty much stuck at this point. Am requesting help. I have run the recommended programs and will include and attach the requested files here as instructed.Thanks for any help. I have spent a whole day so far trying to clean my computer and I'm pretty stuck at this point. JimHDDS (Ver_10-03-17.01) - NTFSx86 Run by Jim at 14:03:32.50 on Thu 09/16/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.263 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\system32\svchos... Read more

A:Infected with fake Microsoft Security Essentials Alert and AntiVirus 2010

Hello hawleyj ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

Read other 2 answers
RELEVANCY SCORE 87.2

Hello everybody!I'm fairly new to this site and first time posting. Hope someone can help.I had the Fake Microsoft Security Essentials Alert trojan and removed it using the instructions here:http://www.bleepingcomputer.com/virus-remo...ssentials-alertNow the trojan is gone but every time I turn my computer on, it shuts down and restarts on it's own within 5 seconds (after everything has loaded)Right before it does so, a blue screen flashes that says A problem has been encountered or detected (it appears & disappears so fast that it's hard to read the rest).I'm wondering how I can fix this?Any help will be greatly appreciated Thanks!

A:Problems after removing Fake Microsoft Security Essentials Alert Trojan

Hello! I am Blind Faith or Elle(it's easier to remember,I think) and I will help you with your malware related problems.As you can see I am still a trainee and that means my work is revised by a coach.Therefore, it will take a bit longer for me to reply.So don't be impatient because I won't leave your case suspended in the air,waiting forever.NOTE: Do not make any type of changes to your system during the cleaning process.The steps you are following are based on strict information from your system.So changes which I did not give instructions for are not recommended. I will need some time to research the files on your system so please click the Options button at the top bar of this topic and Track this Topic, where you should choose email notifications to know when I replied. Remember to check your topic for new replies.Probably, it will take a couple of days until the next reply but after that everything will go faster. Also please let me know if you still need help after you have read this.Now I would like you to answer to 2 questions:1. Where exactly does the Windows loading process stop? By that I mean when does the blue screen appear? Please give me all the information regarding this question.2. Do you have a Windows Installation CD ? (I suppose the Operation System is Windows XP, if not please tell me which one is it)Elle

Read other 2 answers