Over 1 million tech questions and answers.

infected with fake protection system/ fake windows security center/ fake security center alerts

Q: infected with fake protection system/ fake windows security center/ fake security center alerts

Everytime I start up my desktop, a fake windows security center message comes up trying to get me to install a fake protection system software. When this windows security center message comes up, it also adds three shortcuts to my desktop to porn sites. This virus is hindering me from using various software such as Malwarebytes, Spybot, and it wont let me install Hijack this. Also, this virus is making Internet Explorer practically unusable (using Safari right now). Please help me, it would be greatly appreciated.

RELEVANCY SCORE 200
Preferred Solution: infected with fake protection system/ fake windows security center/ fake security center alerts

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: infected with fake protection system/ fake windows security center/ fake security center alerts

I forgot to put this, but I am using Windows XP
One of the sample messages from Security Center Alter asks if I want to block a suspicious software called Trojan.Win32.Agent.dcc. This "Alert" has popped up many time, but warning me about different trojans.
Also, in the lower-right tray, messages are continuously coming up saying stuff like keyloggers, exploits, and etc have infected your computer.

Read other 4 answers
RELEVANCY SCORE 205.2

Edit: The Windows Security System is a fake, not this post! I am writing this from my laptop as my desktop has a pretty nasty infection. Internet searches have turned up some similar infections that this seems to be a variation of. When I first noticed the infection a few days ago I started to do a System Restore but my computer did not have any restore points. I wonder if the virus was able to delete or hide these files since I have always kept it active and have used it before with success.Symptoms:Sometimes start up will hang on a black screen in place of the XP sign on but the mouse pointer will be active.ZoneAlarm catches multiple instances of svchost.exe after startup and an instance of Apache.exe that I do not remember. If I deny access some of the following systems will not manifest themselves.The following fake Windows Security Center box will pop up. I first thought it was real until I noticed that the setting were different from the Control Panel.After a lag, a security alert pops up warning me of an infection.At the same time, another box appears asking me to download a free Protection System piece of software.My computer will then continue to nag me occasionally with the following notification. Notice the fake Windows Security Center shields.After a period of time, ZoneAlarm gives another alert that Installer.exe is requesting internet access. If I allow it, the following box pops up and starts downloading from the internet. My modem shows activity at this p... Read more

A:*Fake* Windows Security Center - Protection System

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.----------------------------*-------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is ne... Read more

Read other 2 answers
RELEVANCY SCORE 197.6

3 days ago my computer started receiving fake windows security center alerts. They are sometimes red windows, others blue. Also I get yellow pop up bubbles in the bottom right hand corner of my screen in the tray. One of the threats is trojandownloader.xs. Another thing my desktop has changed to a blue screen that says "click here to scan your computer for spyware" and "fatal errors have occured on your pc"

Please Help! Here is My log file.

Deckard's System Scanner v20071014.68
Run by john sladish on 2008-03-12 00:12:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-03-12 07:13:30 UTC - RP528 - Deckard's System Scanner Restore Point
78: 2008-03-12 02:52:02 UTC - RP527 - System Checkpoint
77: 2008-03-10 09:46:37 UTC - RP526 - System Checkpoint
76: 2008-03-09 08:07:11 UTC - RP525 - Installed Java(TM) 6 Update 5
75: 2008-03-08 15:37:11 UTC - RP524 - Last known good configuration


-- First Restore Point --
1: 2008-03-08 15:19:56 UTC - RP450 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as john sladish.exe) ------------------------... Read more

A:Fake Windows Security Center Pop Up Alerts!Please Help

Hi, welcome to TSF!

Please post a fresh main.txt log if you still need help.

Read other 17 answers
RELEVANCY SCORE 197.6

Hello,this is my first time posting here and on any forum for that matter. i just recently started to encounter the infamous fake windows security notifications on my computer and it seems like i tried every trick in the book to get rid of them. i've used malwarebytes, superantispyware. i have a subscription to mcafee. all of these programs have found trojans and what nots and removed them but they seem to keep coming back. i do not know how to get rid of this problem and i'm afraid my information on my computer is at risk. please help in any way possible. attached is a hijack this log file i just recently ran. i will also paste it in the post just in case. thanks. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:03:51 AM, on 9/5/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Windows\OEM02Mon.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exeC:\Windows\system32\igfxsrvc.exeC:\Program Fi... Read more

A:Fake Windows Security Center Alerts! Help!

Hi eric_m,

My name is dark_messenger, but DM or Brett is fine.

I need to look over you log first, so if you want to track this topic so you are notified when I reply, please click to options button at the top of this topic and click track.

Thanks,

DM

Read other 13 answers
RELEVANCY SCORE 197.6

I'm not quiet sure how I got this virus though but I'l do my best to give as much information as I can...

~~~PC SPECS~~~
CPU: Intel Pentium 4 Dual Core(Both 3.00 Ghz)
RAM: 1gb DDR2
GPU: nVidia 512mb 7600 GS
OS: Windows XP Professional(32-bit)

~~~~Problem~~~~
I start up my pc, and it goes through all the booting processes... but before it gets to the "WINDOWS XP" screen, it acts like it's going to boot up in a terminal like fashion(only did this after I got the virus). After letting the virus load to see which one it was, it seems to be a virus that advertises constantly pops up windows that look like legitimate "Windows Security Center" alerts of virus(obviously fakes) and programs being blocked(trying to make me "unblock" the virus to run and install it.)... After letting it pop up these ads for awhile it starts a new fake/virus program (Protection System... Which I've removed this, but it keeps coming back because I can't get rid of the other virus).Some characteristics of this problem is not getting access to Google links (clicking links on a Google search result page) and not getting access to any Microsoft website links(any kind)... Any help is appreciated... here's the HJT file...

~~~~~~~HijackThis LogFile~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:06 AM, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running pr... Read more

Read other answers
RELEVANCY SCORE 190.8

Hi. Hoping to find help. I believe I have fake virus scan viruses...avg resident shield tracking cookie alerts and microsoft security center fake alerts. Also I am being redirected on search results...k-directory and others. I have limited amounts of time before being cut off of internet access by hijacking(?)...I cannot access my wireless directory at times and it reports that windows is not controlling the wireless network connections. Finally, I have multiple mshta.exe files running at times...more than 20 processes of it at one time. Thank you in advance!

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:04 PM, on 4/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program F... Read more

Read other answers
RELEVANCY SCORE 190.8

I know i've seen this before....these fake pop ups from a fake windows security center saying I have some problems. Don't know exactly how to get rid of it, maybe somebody here has some advice? Pretty sure I got it going to a bad website which my antivirus didn't pick up on as bad.

A:Fake security center alerts

Download Malwarebytes for starters. http://download.cnet.com/Malwarebytes-Anti...&tag=button

Read other 2 answers
RELEVANCY SCORE 188.8

I have been recieving these fake alerts from windows security center. Also my desktop says "Click here to scan your pc for spyware" How do I remove this infection?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:35 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_05\bin\jus... Read more

A:Window's Security Center Fake Alerts. Please Help!

bump.

Read other 1 answers
RELEVANCY SCORE 187.6

Hello, first post here and I would really appreciate some help with this problem. I've downloaded Hijackthis and installed it. When I open it to scan and give a log, it automatically closes. Then I can't open it again until I change the security settings for the file.

Thanks in advance.

A:Fake windows security center alerts and failure to open anti-spyware programs.

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 7 answers
RELEVANCY SCORE 186.8

Hi,
I was just browsing imdb.com with my dad and we suddenly had a virus or viruses rapidly begin to take action. We first noticed a popup appear with only the text like "??????". Before I could finish saying don't click the Ok button to my dad, he had clicked it. From that point on we have not clicked buttons on any pop ups. After that we started seeing all kinds of fake alerts about viruses. A window came up that appeared to be from Windows and was scanning for viruses. There are 2 tray icons that keep showing balloons about security risks or detected viruses. There is a very legitimate Security Center Alert asking if we want to enable windows firewall protection against net-worm.win32.dipnet.d, Backdoor.Win32.Kbotal, Trojan-Downloader.JS.Multi.a. The Keep Blocking and Unblock buttons are disabled. We immediately tried to restart in safe mode because it seemed the virus(es) were running out of control despite having McAfee installed. We were unable to start in safe mode. Every time it got to mup.sys we got a bsod, I think it was PAGE_FAULT_IN_NONPAGED_AREA. So we were forced to restart in normal mode. We installed (when trying to install spybot we were first redirected to a fake spybot page that wanted us to enter username and password info...) and ran Spybot and it found and removed the following:

Fraud.Sysgaurd
-C:\Program Files\txatfb\sysguard.exe
-Some registry keys pointing to that exe

Win32.KillAV-KQ
-Class ID: AFD4AD01-58C1-47DB-A404-FB... Read more

A:Security Center Alert and other Fake Virus Alerts

Welcome to BClet's see if we can produce a logWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press an... Read more

Read other 5 answers
RELEVANCY SCORE 184.8

Hello, few days ago , out of nowhere, on my computer appeared , what turned out to be a fake security system alert indicating that i have a Win32.Conficer.C.
There are 3 buttons ( Keep blocking, unblock, enable protection). First two are not available and when i clicked on "enable protection" button my computer downloaded Proof Defender 2009( which is somekind of a malware). i scaned my pc with spyhunter which found Rouge.Proof Defender 2009( however i wasnt able to remove it beacuse you need to by a full version of a program to do that so I removed proof defender 2009 file manually). afterwards i scanned my computer with ad-aware , spybot, spyhunter and mcaffe. none of them found proof defender 2009, but i still get those fake system security alerts every couple min. and when i turn on my internet browser , at first it displays a page called: insecure internet activity. threat of virus attack. What can I do to remove all of it? Fake system security allerts, proof defender and insecure internet activity. threat of virus attack? Please help me.

btw. im new here, so please try to be understanding

A:Fake Security Center Alerts + Proof Defender 2009

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 182

A malware infection which masquerades as Windows Security Center has invaded my computer. Currently, I can only run my machine (OS: Windows XP) in safe mode, otherwise the computer freezes in 1-3 minutes. Even in safe mode, I am unable to start any .exe files. (I am aware that a GMER log is required for these types of posts, but I cannot get GMER to start successfully. When I try to run the application, Windows says that part of the file is somehow unable to run?) Anything I can get to run must be on my flash drive; anything installed to the desktop does not work. The situation started when a pop up advertising virus protection appeared on my computer. I clicked out of it, thinking it was a mere pop-up. When it appeared again, and I clicked out of it, I knew something was wrong and attempted to run both McAfee and Malwarebytes Anti-Malware and the programs simply did not appear. Then, pop ups on the taskbar appeared saying I had several strange trojans and other problems, and then Windows Security Center popped up, saying I needed to purchase virus protection. I have both McAfee and Malwarebytes, so I disregarded these messages and tried to stop the infectious processes using rkill so I could attempt to use my virus protection software. While rkill does stop all the WSC messages, I am still locked out from all my programs. Soon after, the computer began to freeze up--first the windows, then the mouse. After a few attempts of manually shutting down and starting the computer, a... Read more

A:Infected with fake Windows Security Center malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 10 answers
RELEVANCY SCORE 182

This is very annoying. I get popups that I am infected with various Trojans from Security Center Alerts and get prompted to download "AntiMalware". All help is greatly appreciated. ThanksDDS (Ver_09-12-01.01) - NTFSx86 Run by US30211 at 22:00:19.42 on Fri 12/11/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050.2007 [GMT -5:00]AV: AntiMalware *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}============== Running Processes ===============C:\WINDOWS\system32\ADMonitor.exeC:\WINDOWS\system32\DTS.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\AtService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\EMSService.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\CmgShieldSvc.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exeC:... Read more

A:Infected with a fake Windows Security Center and Trojans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 182
A:Infected With Fake Windows Security Center Sytem

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Read other 1 answers
RELEVANCY SCORE 181.6

Hi,

I am running Windows XP, Service Pack 2 with latest Windows Updates (critical fixes) and McAfee. Am getting multiple fake security alerts that direct me to fake security/spyware websites - these popups occur every few minutes.

E.g.
"Windows Security Alert - Windows has detected and Internet attack attempt..."

"Spyware Alert - Security Warning ! Trojan.W32.Looksky was detected on your machine..."

etc

I have run Spybot - Search and Destroy. This found and 'fixed' smitfraud. McAfee scans find nothing. Popups still occur.

I have completed "The 5 Steps before Posting a Log" process. During the Panda Scan step, scanning would not proceed past a text file on the root of the C drive. However, a problem had already been found at this stage. Logs below/attached:

Thanks for your help.

Activescan log:

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bethany Waye\Cookies\[email protected][2].txt ... Read more

A:Fake windows security alerts, fake trojan.w32.looksky on WinXP

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------


Open HijackThis (not DSS) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Read other 5 answers
RELEVANCY SCORE 180.8

Hello techsupportforum team,

although I found some other threads, which describe the same symptoms, I start a new one, because I don't know if the cause is the same.

behaviour

-fake-security-center-icon in the taskbar

- windows pop up like this:
"Maleware Defense:
There is unauthorized antivirus software detected on your computer. It is recommened you remove it, otherwise it could inflict with Maleware Defense.
Press 'OK' to remove Malwarebytes' Anti-Malware_is1"

- balloon popup like this:
"Danger! Your computer and all your personal data are in serious danger. Protection: Please click the balloon to get details"

-new processes:
settdebugx.exe
wscsvc32.exe

-Malewarebytes' Antimalware doesn't launch
- Spybot doesn't launch
- after login this error-message appears:
"MSASCui.exe could not be initialized ( 0x80000003)"
- Windows wants me to activate it within 3 days because substantial hardware changes

DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jan at 14:39:48,26 on 02.01.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1559 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.ex... Read more

A:Fake-Windows-Security-Alerts, Fake-Maleware-Defense

the Gmer log.

edit:

additional info:

-perhaps the logfile isn't complete. While scanning the files on c:, the computer was shutting down automatically. ( after 1 hour, or so)

-I have no access to a boot cd

Read other 11 answers
RELEVANCY SCORE 178.4

Hello, This just started today, and I have noticed a few people who have similar problems, one being a new member on here, their thread is at

http://forums.techguy.org/malware-removal-hijackthis-logs/710530-htj-log-fake-spyware.html

The wallpaper turns a light blue, says, "Warning: Spyware Threat has been detected on your PC" It says some more, then a link at the bottom that says "click here to scan your pc for spyware..."

Along with this, there are popups imitating Windows Security, and the warning triangle pops up in the clock area, with one of 4 warnings:

"Your computer is infected with spyware"
"Internet attack attempt detected"
"Your Computer is working slowly"
"Your Computer is not protected against spyware..."

Every now and then, a webpage opens, with the title on the top of the screen of "Top Rated Spyware Removers"
Ran Avast, have 4 infections, and can not delete/repair/move
Either win32:Spyware-gen(Tri) or Win32ialer-567(Tri)

Hope that helps.

On windows XP Media Center Edition
Here is a Hijack This log, and thank you for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:45 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost... Read more

A:Solved: Fake Windows Security Center system Warning

Read other 11 answers
RELEVANCY SCORE 175.2

Hello Malware Removal Specialist,

My HP Pavillion Slimline running Windows XP was taken over by rogue fake security scanner that pops up after booting and warns me that I am infected and need to subscribe to have infections removed.
Launching all executables was prevented until I finally ran RKILL and was able to run DDS, GMER. Norton Internet Security was not finding anything. I have rebooted once since running RKILL and the fake scanner has not come back but I assume that it is hiding somewhere in my registry waiting to wreak havoc. I've attached the Attach.txt and Ark.zip files per the instructions from Grinler.
Can someone please take a look and let me know what else I need to do do make sure my system is clean. Thanks in advance for your volunteer efforts to help me out of my computer purgatory...
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Owner at 10:39:44.48 on Sat 03/05/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.105 [GMT -8:00]

AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support&... Read more

A:Infected with fake Security Center scanner

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 10 answers
RELEVANCY SCORE 175.2

I am fixing my sister's laptop for her. It's infected with some sort of Security Center rogue. It creates a ridiculous amount of temp files on her C drive, each file occupying about 5 MB of disk space. If I allow it, it will create so many temp files that it will completely fill the remaining space on the hard drive. Before running DDS and Rootrepeal to obtain the required log files, I managed to find and kill its process so that I could actually get the scans done (its popups were rather annoying and got in the way). I also scanned with Malwarebytes' and it found 0 infected objects. I'm rather confused! Following are the DDS and Rootrepeal logs, and attached is the Attach text file. Thanks for the help!DDS (Ver_09-12-01.01) - NTFSx86 Run by test at 3:21:11.96 on Fri 01/22/2010Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2046.874 [GMT -6:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC: ... Read more

A:Infected with a fake Security Center rogue

Hi,I see you have Malwarebytes installed. Have you updated before? Because malwarebytes should detect this variant though.Start MalwareBytes and click the Update tab. There click "Check for updates"Once the updates are downloaded, perform a quick scan again.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh DDS log, then we'll proceed from there with new steps.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 6 answers
RELEVANCY SCORE 174.8

yup, one of those. it doesn't seem to be messing with anything but who knows. it's taking cpu juice and making my fan run higher.
i've tried the various malwarebites, microsoft scan, and one other with the ccleaner afterwords. nothing worked. i was on a different thread and read about combo fix. i ran it and the problem seemed to go away. back in non safe mode the tray icon was gone but my comodo security kept updating over and over and didn't recognize previously trusted apps and programs on startup. i tried to uninstall comodo to reinstall fresh and the fake icon came back.
i ran combofix in safemode and here's the log. please help me get rid of the stupid thing entirely.
thanks
gt

A:fake windows security center with system tray icon and warning balloons

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then ... Read more

Read other 2 answers
RELEVANCY SCORE 173.2

I accidentally clicked on an ad on a gaming site and suddenly ended up with my Windows Security Alerts shield on the bottom Icon bar of my screen. I ran a scan with spybot and Malwarebyte software. That caught a couple of minor things, but this one won't go away. Avira isn't seeing it and neither does Prevx V3.05.
 attach.txt   15.12KB
  2 downloadsInternet Explorer won't launch and no Windows Updates are being downloaded.
Here is my DDS.txt log:

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13

Run by paul at 22:25:26 on 2011-06-22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.236 [GMT -7:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.e... Read more

A:Infected with Fake Microsoft Security Center Malware

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: ... Read more

Read other 15 answers
RELEVANCY SCORE 169.2

Last friday my computer was infected with some serious spyware. I wasn't able to access my control panel, my background was changed to a spyware warning, and I kept getting popups telling me I had spyware on my computer and go to go these websites to buy spyware software. Through reading forums such as these I was able to remove most of those programs and regain control(mostly) of my computer. My problem right now has to do with a false windows security center which shows itself as a small red shield in my system tray. When I click on it a security center pops up that looks exactly like the one provided by microsoft in windows, except instead of providing options like windows update and turning on your windows firewall it wants you to install ultimate defender, ultimate cleaner, and winifixer. All of which are programs I know will put me right back to where I was when all this started. I need to get rid of this false security center as it keeps popping up with warnings that one of its programs are not installed, and asks me to install them.

Now I am not sure if it is related, but if I run any peice of microsoft software such as IE, any office software, or outlook I get a windows installer window come up acting like it is installing something. I have to cancel it several times to make it go away, and I cannot seem to find the source of the program that keeps attempting to install itself. If anyone has any insight as to how to rid myself of these problems I am ve... Read more

A:Help! Can't Get Rid Of Fake Windows Security Center!

Please print out and follow the generic instructions for using "SmitfraudFix". Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If using Windows Vista be sure to Run As Administrator-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then cl... Read more

Read other 5 answers
RELEVANCY SCORE 169.2

I'm getting a fake windows security center pop up that looks very real. also there's a yellow notification popup in my taskbar that says, "Your computer might be at risk. Your virus protection status is bad. Click this baloon to fix the problem.". I have run ad aware se along with spybot sd and removed everything. I run these programs weekly. any help would be appreciated.Thanks.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Fake Windows Security Center

The notice that your computer may be at risk usually is a reminder to update you anti virus.

Read other 6 answers
RELEVANCY SCORE 169.2

Hi, Shelling here, I had been bug by this malware. I have scanned with spyware doctor, malwarebytes anti-malware but to not avail. I have seen other topic and below is a hijack of my notebook. thanks in advance for your help.Deckard's System Scanner v20071014.68Run by eugene on 2008-05-14 23:09:42Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-14 23:10:12Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Softex\OmniPass\OmniServ.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\P... Read more

A:Fake Windows Security Center

Hello Shelling,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 15 answers
RELEVANCY SCORE 169.2

Yesterday I went to visit somethingawful, and almost immediately thereafter I started getting strange popups, and a few obvious spyware things, I decided to run spybot and AVG, got rid of what it showed me. Today a few more things started cropping up. Most notably SpywareGuard2008 and Windows Security Center. I tried with AVG/Spybot again, to no avail. Turned to Superantispyware, and it seems to have fixed the SpywareGuard2008 popups I was getting, but I am still getting a little popup from Windows Security Center prompting me to set SpywareGuard2008 as my Antivirus. Nothing I've tried so far has worked, and in my searches it seems like the only thing people have been able to use to get rid of it is HJT logs and the like, so here I am!My Kaspersky and HJT logs are below. I guess they tell you pretty much everything you need to know about my computer, but of course if there are any specifics required please let me know.KASPERSKY ONLINE SCANNER 7 REPORT Monday, December 8, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, December 08, 2008 04:06:46 Records in database: 1443363--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\... Read more

A:Fake Windows Security Center

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may tak... Read more

Read other 10 answers
RELEVANCY SCORE 169.2

Our system is infected with a malware that pretends to be Windows Security Center with popup messages from Windows Firewall and a "Protection System". Attached are the DDS.txt Attach.txt and ARK.txt files requested in the preparation guide.

Thanks for any help

williams2524

A:Windows Security Center fake

Hi, williams2524 Welcome.Launch RootRepeal once again. Locate the following Service:UACd.sys-and-The following file:C:\WINDOWS\system32\drivers\UACeabhuaaapa.sysRight click on each and "Wipe" both items.Please read and follow all these instructions very carefully. Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.=====================================================================Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already hav... Read more

Read other 6 answers
RELEVANCY SCORE 169.2

I need help with my computer. I have a virus that freezes the computer after a few minutes, so I must restart it. When I am online, it exits out after about a minute. On one user name, a window pops up claiming to be Windows Security Center, and that I have a virus. This also comes with bubbles on the bottom claiming that I have a virus on my computer that cn be removed if I click on it. McAfee does not work, but MBAM does (although it could not find any viruses), as well as Hijack This. I can post a Hijack This log if you want, but on this message, I used the two programs I installed from this website. Thank you.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Alex at 11:58:20.89 on Sun 12/27/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1589 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files�... Read more

A:Fake Windows Security Center

Hi LQTI apologize for the delay in response to your thread.If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please follow these instructions:Download OTL to your desktop.
if you have problems, try this download link:
OTLDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Check the boxes beside LOP Check and Purity Check..Now copy the lines in the codebox below.
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.Thanks

Read other 2 answers
RELEVANCY SCORE 169.2

Hi, I have a really strange problem. When I opened my pc yesterday, on the desktop appeared a Security Center Alert warning me about a lot of different virus (trojan and so on). Then appeared a tray icon like the one of the Windows security center and when I checked it the Virus protection said: Not found. But my antivirus (Comodo) was already running. I scanned my pc with comodo and the result was that it was perfectly clean. I thought that comodo wasn't working correctly (my brother already had problems with it) and tried to scan my pc with AVG (uninstalling comodo asap and not leaving my pc without protection). Well, AVG failed the installation everytime, so I couldn't scan anything. In the meantime, an antimalware program is constantly trying to install itself automatically. I tried to block it but all I can do is shut down everytine the process by the task manager. Moreover, the real windows security center ceased to work. I'm without an antivirus, firewall and so on.I really don't know what to do.Every 5 min the (fake?) security alert warn me with another virus infection.Can you help me, please?I don't know if the security alerts are real. In any case, I'll post here some of the virus that iwas warned about:viruschin9.wintrojan.win.agent.dccbackdoor.win32.agent.ichbackdoore.win32.kbot.al

A:Fake windows security center and so on....please help me!!

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to de... Read more

Read other 5 answers
RELEVANCY SCORE 169.2

It seems like a virus/spyware issue similar to others I have seen in this forum. I ran AVG, Malwarebytes' Anti-Malware and cannot remove a constant string of annoying warning messages in the taskbar and a fake Windows Security Center popup. I also get a security warning every time i try to open a program.
 

Read other answers
RELEVANCY SCORE 169.2

My computer has at least one virus. It's driving me crazy and I already changed my sensitive online passwords. I think it was contracted from hxxp://www.explainthisimage.com. However it's possible there's something else on the system as I haven't been able to download Vista (blech) service pack 2 and iTunes has been screwing up. These last might also be just because Vista sucks.

Symptoms:

-Fake Windows Security Center pops up saying I need to buy malware protection
-fake popup dialogs saying I'm infected with various trojan horses (didn't catch the names)
-random sounds playing through my speakers (sound like movie trailers??) when I'm not connected to the internet and have no programs open
-internet explorer pop ups redirecting to hxxp://netslist.com/search.php?mode=all&query=screensaver, and another site that purports to sell anti-spyware
-porn shortcuts added to my desktop
-won't let me open some .exe files (anti malware programs and gmer; I can open them when I rename them)
-redirects to fake antivirus websites when I click on links to real help forums (won't let me access bleepingcomputer at all)
-Windows says it has problems caused by UACD.sys



DDS (Ver_09-06-26.01) - NTFSx86
Run by Hajile at 13:58:17.46 on Sun 01/17/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_02
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2942.2064 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44... Read more

A:Fake Windows Security Center Bug(s?)

Hi baxterstockman and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread (if you haven't already) to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 16 answers
RELEVANCY SCORE 169.2

A couple of weeks ago I misspelled a web address and it was done. The fake Windows Security Center started giving me lots of errors, like "***STOP: 0x01C0107B (0x0A140184, 0xFC3034)*** (...) Click balloon to fix problem".It also tells me to install three "security essentials"; UltimateFixer, SystemDefender and SysCleaner.Every once in a while there is an error message that says something did something and the system will reboot in 60 seconds.This is getting really annoying, because if Im not by my computer at all time and can stop the shutdown (start -> run -> shutdown -a, which has been a great help) the system reboots and I have to start up all the stuff I was working on again.Here is the main log from CSS (it didnt create the extra file..):Deckard's System Scanner v20071014.68Run by Torfinn on 2008-05-20 08:32:07Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 80% (more than 75%).Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis (run as Torfinn.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:32:15, on 20.05.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS&#... Read more

A:Fake Windows Security Center

Looks like I might have found a way to remove the problem.

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

I fixed these four lines using HijackThis, and there was a forced reboot.
When the system started up again, the fake windows security center was gone.

So by the looks of it, the problem is solved.
At least for now..

Read other 3 answers
RELEVANCY SCORE 169.2

I have some malware on my PC, yeah, silly em. I have Norton 360, butI ended up DLing some tainted software.

I have HJT and can post whatever info you need.

Thanks in advance.
Scott

A:Fake Windows Security Center

you need to follow the 5 steps before posting 3 logs in the hijack log section
http://www.techsupportforum.com/showthread.php?t=15968

Read other 1 answers
RELEVANCY SCORE 169.2

I have this annoying popup that is obviously not windows security center, it has various spelling errors etc.Itpops up on startup with a window stating:You need an antivirus solution, click to download (or something along those lines)SystemErrorCleaner - OFFSystemDefender - OFFSysCleaner - OFFIt has annoying popups and has been causing some sort of memory write errors that will crash the system. Any help would be appreciated.Thanks, RegI did notice that the oqeeorre.dll seemed odd.Deckard's System Scanner v20071014.68Run by Everyone Else on 2008-04-23 16:55:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --8: 2008-04-23 21:55:36 UTC - RP89 - Deckard's System Scanner Restore Point7: 2008-04-23 21:07:57 UTC - RP88 - Software Distribution Service 3.06: 2008-04-23 21:07:34 UTC - RP87 - Installed Windows Internet Explorer 7.5: 2008-04-23 21:07:22 UTC - RP86 - Installed Windows IDNMitigationAPIs.4: 2008-04-23 21:07:04 UTC - RP85 - Installed Windows NLSDownlevelMapping.-- First Restore Point -- 1: 2008-04-23 20:57:13 UTC - RP82 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Everyone Else.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:56:48 PM, on 4/23/2008Platform... Read more

A:Fake Windows Security Center

Hello Regulus. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.See you soon,Billy3

Read other 8 answers
RELEVANCY SCORE 169.2

Recently my computer has been infected with a fake "windows" Security Center. It basically shows a slightly altered windows logo and has a Windows Defender looking icon in the system tray. It keeps repeating that a certain IP address is trying to access my computer, that I have 18 infections, asks for new database updates, asks for registry (with email, name, and payment), and has an option to remain unprotected which I have clicked every time.

It all started with a typical Firefox "attack page" and it asked me to download a Security program, which I thought it was an addon to firefox to help me protect against rogue websites, but it was this "scareware" program. It was pretty bad on my part to download it, but I need a fix now.

I'm currently using Kaspersky Virus Removal Tool, it has removed/disinfected or will remove/disinfect the following when it has restarted my computer (1 of the detected threats). (username) is just a space filler for my protection.
5/25/2011 12:15:06 PM Deleted
Trojan program Trojan.Win32.FakeAV.dekj C:\Documents and Settings\All Users\2bbe67ef-a09c-4187-98f8-032a455aedb2.dat

5/25/2011 12:39:29 PM Deleted Trojan program Trojan.Win32.FakeAV.dekj C:\Documents and Settings\(Username)\AppData\Local\Temp\insA046.tmp

5/25/2011 12:39:51 PM Deleted Trojan program Trojan.Win32.FakeAV.dekj C:\Documents and Settings\(Username)\AppData\Local\Temp\wrkDE2D.tmp

5/25/2011 12:39:5... Read more

A:Fake Windows Security Center

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed not to upset the waiting queue.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 169.2

Hi,I want to get rid of this fake Windows Security Center that wants me to install Ultimate Fixer, System Defender, and syscleaner. I've seen some others with this problem, but there doesn't seem to be a generic solution that I can easily follow, so I was hoping to get some specific help. Here's my Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:42:15 PM, on 5/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\WINDOWS\System32\QCONSVC.EXEC:\WINDOWS\System32\sv... Read more

A:Fake Windows Security Center

Hello Bigpolishkelbasa and welcome to BleepingComputer,Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

Read other 6 answers
RELEVANCY SCORE 169.2

I have posted this in many forums and nobody seems to want to help me. I am praying that somebody here can help. I have that stupid fake windows security center on here and no spyware or virus remover seems to help me. here is my HJT log, please help me!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:47 PM, on 5/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolb... Read more

A:Fake Windows Security Center

Hi, Welcome to TSG!!
Download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

Read other 1 answers
RELEVANCY SCORE 169.2

So I got one of those obviously fake antivirus programs. I searched online for the symptoms, and it seems I don't have a lot of them. When I started up my browser, one "Windows Security Center" window came up, but other than that I don't get fake warning messages, and my browser and real antivirus programs work fine. Something

I ran scans with Malwarebytes, Spybot, and SuperAntiSpyware. Spybot and SuperAntiSpyware didn't catch anything. Malwarebytes got one "Malware Trace" which it removed. When I restarted, Windows Security Center was still there, along with a new tray icon called "Blocked startup programs" claiming to be Windows Defender.

How do I get rid of this?

Edit: I looked in my Task Manager and there are a few weird processes: 2bac_xp.exe (I have a Vista, not an XP), 33aa01.exe, and avgnt.exe (which has the description Antivirus System Tray Tool). When I try to end the processes, I get the message "Access is denied".

Read other answers
RELEVANCY SCORE 169.2

Hi I'm new here and I apologize if I'm doing something wrong. It's late now and this fake security center is giving me a real pain. It gives me a pop up saying that a virus has been detected and that I should take action. By clicking the button it downloads a virus. The Security center keeps on poping up no matter how many times I close it.AVAST gives me this warning about the virus. "c:\users\owner\appdata\local\temp\richtx64.exe"Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:53:18 PM, on 12/19/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exeC:\Windows\system32\taskeng.exeC:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exeC:\Program Files\Spare Backup\SpareBackup.exeC:\Program Files\Napster\napster.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\... Read more

A:Log for fake Windows Security Center pop up

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 169.2

Hello, my new friends! I am experiencing the famed fake windows security center as well as occasional virus warnings in a balloon from the tray. I have a machine that I have lost a lot of sleep over trying to beat this malware. Here are the tools I have already used... AVG 8, Norton AV 2007, and Spyhunter 3. I have also attempted to run Windows Live One Care scan, but the machine reboots itself before it can finish it's scan. Out of all the scans I have done, the only one picking anything up is OneCare and since it is unable to complete it's scan, I can't get to the point where i can remove any infections. I have also run sysinternals process explorer and found that the security center popup is somehow bound to explorer.exe! I have spent quite a it of time trying to figure this one out for myself, but I am so stumped that I can really use some more help. Thank you so much! Here is my HiJackThis logfile: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:16:48 PM, on 4/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common F... Read more

A:Fake Windows Security Center Pop Up

Cancel this. I figured it out by following another posts instructions and changing the file names to the names of my discovered infected files. Thank you all very much for having such a helpful site. This thread can now be closed.

Read other 2 answers
RELEVANCY SCORE 169.2

I have posted a couple of posts on here and then for some reason I can't find them anymore. I really need help as I do not want to wipe my computer cean because of a lot of personal files that I do not want to lose. Please please help me. I keep getting these fake security center pop ups. I have tried what has worked for other people, but it doesn't work for me. Please help!!!

A:Fake Windows Security Center

Your other topic is located here.To find it more easily, click the my topics link near the top of the page.

Read other 1 answers
RELEVANCY SCORE 169.2

hi all-

im in desperate need of help, i have NO idea how to get rid of this virus, it wont let me run any kind of anti virus, anti spyware or anything of that nature, it wont let me do a system restore.. please help me, this is waaaaay out of my league.

A:fake windows security center

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 3 answers
RELEVANCY SCORE 168

Hi,

There are essentially three symptoms that I am seeing. There is a fake Security Center Warning that pops up periodically asking me to enable autoprotect. It says that the computer has been infected with a "Spyware.ISPYNow", a high risk virus. The popup also contains a link that I haven't clicked.

When I bring up either (IE or Firefox) of the browsers that I use, it gets automatically redirected to a page with a warning about "Insecure Browsing" and has links to download and install protective software.

I believe the infection came from a site that I was browsing via Firefox. I recognized it within minutes of setting in and started acting to fix it. Since then, I have ran a variety of programs. They are:

Norton Antivirus with the latest updates
SDFix
HijackThis
Ad-aware
ATF Cleaner
SuperAntiSpyware and finally
ComboFix

Norton reported Backdoor.TiServ, but couldn't remove or quarantine it. Between SDFix and HijackThis, a lot of the TSSServ virus files and registry entries got removed. I also manually cleaned up some files including some TSSServ tmp files in my Local Settings folder. Ad-Aware then reported and removed ctl_w32.sys from the temporary internet files folder. It also removed a number of "suspicious" cookies, temp files and registry entries. However, it was not able to remove a hidden registry entry under HKLM/System\ControlSet0001\Control that looked like it was related to ctl_w32.sys. ATF Cleaner and SuperAntiSpywar... Read more

A:Computer Infected, IE / Firefox getting Redirected and a Fake Security Center Warning Popup

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download random's system information tool (RSIT) and save it to your desktop.Double click on RSIT.exe to run it.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 9 answers
RELEVANCY SCORE 167.6

Hi all,Ok, best thing to do is to start from the beginning:About one week ago (whilst another family member was using the computer) the computer was infected by "AntiVirusPro 2009" malware. Upon returning I tried to fix it (We've had problems like this before that I was able to resolve) but I got tired and gave up. In the mean time my brother bought PC Tools "Spyware Doctor" while I was away and told the problem had been resolved.Unfortunately it wasn't as simple as that; when I turned on the PC later in the week a fake "Windows Security Center" popped up at start up telling me to buy AntiVirusPro 2009. It has somehow managed to embed itself in the system as it appears in the Control Panel as "Windows Security Center". The final and worst problem appeared last night: as my brother was surfing the web the Contrast control menu for the monitor came up and started decreasing on its own. I came in and immediately disconnected the internet (for fear of the computer being hijacked) but it kept declining (so it must be a program); this now happens every few hours.I believe its all connected so I went on a bit of a crusade against "Windows Security Center". I let it run to see what process was attached to it in the Taskmanager. It came up with "RUNDLL32.EXE" From my reading I understand that there is a file of that name which has legitimate importance so I decided to search for it in the explorer. I came up with three resul... Read more

A:Fake "windows security center" and other problems

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part... Read more

Read other 8 answers
RELEVANCY SCORE 167.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:46 PM, on 7/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\HP\KBD\KBD.EXEC:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exeC:\Program Files\Common Files\Real\Update_OB\realsc... Read more

A:Hijackthis Log For Fake Windows Security Center

Hello,Please uninstall DrAntispy via software > add/remove programs.Then, * Please download SmitfraudFix (by S!Ri)* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Doubleclick SmitFraudFix to start the tool.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 will set your desktop background blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process.Post the log from smitfraudfix in your next reply together with a new hijackthislog.The report can also be found at the root of the system drive, usually at C:\rapport.txt

Read other 4 answers
RELEVANCY SCORE 167.6

Hi,I want to get rid of this fake Windows Security Center that wants me to install UltimateFixer, SystemDefender, and SysCleaner. I've seen some others with this problem, but there doesn't seem to be a generic solution that I can easily follow, so I was hoping to get some specific help. Below is my Hijack Log File:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:37:12 PM, on 4/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photosho... Read more

A:Fake Windows Security Center Removal

Hello TerryD505,Welcome to Bleeping Computer This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 4 answers
RELEVANCY SCORE 167.6

Hi, I am working on a friends computer, and got rid of quite a few problems, but I can't get rid of the the Fake Windows Security Center malware. Here is the HijackThis report, thanks in advance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:14 AM, on 5/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\Ontrack\Fix-It\mxserver.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\xwusuhzh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet ... Read more

A:Need help, Fake Windows Security Center ware

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers