Fake Windows Security Center Infection - Big Mess !

View previous topic View next topic Go down

Re: Fake Windows Security Center Infection - Big Mess !

Post by Resto on 18th September 2009, 10:43 pm

In case you need to know, I have a red shield with an X on it in the lower right corner of my screen (next to the clock). When I hover my cursor over it, it says "Windows Security Alerts". Is this the real Windows talking to me, or is it a product of the malware ? Thanks.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Fake Windows Security Center Infection - Big Mess !

Post by Belahzur on 19th September 2009, 6:22 pm

Hello.
It's real, it's only because we had AVG disabled for the Combofix. Re-enable AVG and the alert goes away.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0
    LimeWire 4.18.8

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Fake Windows Security Center Infection - Big Mess !

Post by Resto on 19th September 2009, 8:49 pm

I have not been using this machine except for communicating with you and following your instructions to remove the malware. I will let you know if there are any further issues.

I have taken your advice and removed the two programs per your suggestion. I do not even know what the J2SE Runtime Environment 5.0 was for. When removing Limewire, I noticed that it had not even been used since November 2008, so I will not miss it at all.

Do you have a hypothesis as to how I got this malware ? I remember I was online at what should have been a "non-risky" website, when I heard my HDD going crazy. I know, for certain, that I did not click on any suspicious link. Could this infection have occurred through some scripting that did not require any action from me in order to execute ?

Do you have any recommended steps I can take to give my system additional protection ?

Please accept my most sincere thanks for the attention you have given to me and this issue with my computer. Your courtesy and professionalism have been beyond compare.

As soon as I post this reply, the first website I will visit is the Geek Police donation page. I do not have a lot of money to spare, but I certainly wish to make at least a small contribution as a sign of my appreciation.

Thank you and best wishes.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Fake Windows Security Center Infection - Big Mess !

Post by Resto on 19th September 2009, 9:59 pm

Followup post:

Out of curiousity, I ran MBAM again a few minutes ago. It found four more items, which I allowed it to fix.

I have not re-started my computer after this scan because when I was initially infected on Thu 17 Sep 2009 I ran MBAM and allowed it to fix things, but my computer developed serious problems upon re-start.

The log for my initial MBAM scan was included on my first Geek Police posting on Thu 17 Sep 2009 12:06 pm.

The log for the MBAM scan I just completed is here:

Malwarebytes' Anti-Malware 1.41
Database version: 2825
Windows 5.1.2600 Service Pack 2

9/19/2009 5:45:01 PM
mbam-log-2009-09-19 (17-45-01).txt

Scan type: Quick Scan
Objects scanned: 91643
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rusarepuzo (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tftp.msc (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Fake Windows Security Center Infection - Big Mess !

Post by Belahzur on 20th September 2009, 2:10 am

Hello.
Nothing serious in that log. One leftover run value, one modified value, one harmless file and one false positive.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Fake Windows Security Center Infection - Big Mess !

Post by Resto on 20th September 2009, 3:46 am

Great news. Thanks again.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum