"Total Security" and/or "Personal Ativirus&qu

View previous topic View next topic Go down

"Total Security" and/or "Personal Ativirus"

Post by secesh on Tue Sep 22, 2009 3:56 am

Hello.
A Newby here. My kids got this "Total Security" and/or "Personal Ativirus" on my laptop.
I've gone the Malwarebytes route, and the thing still manifests itself when I seek to confirm eradication.
I saw the warning against using other peoples instructions for using potent removal software, so here I am....Help?!?...pleez? anyone?
Also, am I safe in the meanwhile to do my online banking? Thanks.

secesh
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-21
Gender Gender : Male
OS OS : vista
Points Points : 26337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by Dr Jay on Tue Sep 22, 2009 4:23 am

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by secesh on Tue Sep 22, 2009 4:50 am

Thank You!

Here's the results:


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:44 on 21/09/2009 by Office Max (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 177152 bytes [02:50 21/01/2008] [02:50 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\SysWOW64\scecli.dll --a--- 177152 bytes [02:50 21/01/2008] [02:50 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll --a--- 235520 bytes [02:49 21/01/2008] [02:49 21/01/2008] 35F1DD99F9903BC267C2AF16B09F9BF7
C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll --a--- 177152 bytes [02:50 21/01/2008] [02:50 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 592384 bytes [02:48 21/01/2008] [02:48 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\SysWOW64\netlogon.dll --a--- 592384 bytes [02:48 21/01/2008] [02:48 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll --a--- 716800 bytes [02:51 21/01/2008] [02:51 21/01/2008] 5D0A4891F8CD0E9E64FF57A6A34044F5
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll --a--- 592384 bytes [02:48 21/01/2008] [02:48 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F

Searching for "eventlog.dll"
C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll --a--- 7216 bytes [05:30 13/01/2007] [05:30 13/01/2007] C2A279A458A06DE2C83D842AA042B5A8

Searching for "winlogon.exe"
C:\Users\Office Max\AppData\Local\Temp\Temp1_Malwarebytes_Anti-Malware_1.41.zip\winlogon.exe --a--- 4045528 bytes [04:37 16/09/2009] [04:37 16/09/2009] 866E72C78E98CA4919CD16724A3BD4C1
C:\Users\Office Max\Documents\Downloads\Software\Bad Malware Day\Malwarebytes_Anti-Malware_1.41\winlogon.exe --a--- 4045528 bytes [04:37 16/09/2009] [04:37 16/09/2009] 866E72C78E98CA4919CD16724A3BD4C1
C:\Windows\System32\winlogon.exe --a--- 314880 bytes [02:50 21/01/2008] [02:50 21/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\SysWOW64\winlogon.exe --a--- 314880 bytes [02:50 21/01/2008] [02:50 21/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe --a--- 406016 bytes [02:49 21/01/2008] [02:49 21/01/2008] 856491FCED98093D824B9EB2892F564A
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a--- 314880 bytes [02:50 21/01/2008] [02:50 21/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24

Searching for "comres.dll"
C:\Windows\System32\comres.dll --a--- 1291264 bytes [02:50 21/01/2008] [02:50 21/01/2008] 4211249955AF9133E2E357CC92B54DFD
C:\Windows\SysWOW64\comres.dll --a--- 1291264 bytes [02:50 21/01/2008] [02:50 21/01/2008] 4211249955AF9133E2E357CC92B54DFD
C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_88cf765b9e8f4a59\comres.dll --a--- 1291264 bytes [02:49 21/01/2008] [02:49 21/01/2008] DDEE5FE5C3C3141CE02DE6B7B2BF686B
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll --a--- 1291264 bytes [02:50 21/01/2008] [02:50 21/01/2008] 4211249955AF9133E2E357CC92B54DFD

Searching for "crypt32.dll"
C:\Windows\System32\crypt32.dll --a--- 977408 bytes [02:50 21/01/2008] [02:50 21/01/2008] D4D86075510C02F887528207D8E0D713
C:\Windows\SysWOW64\crypt32.dll --a--- 977408 bytes [02:50 21/01/2008] [02:50 21/01/2008] D4D86075510C02F887528207D8E0D713
C:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_b78e5d5f96313810\crypt32.dll --a--- 1254400 bytes [02:49 21/01/2008] [02:49 21/01/2008] 35F494C3AFC788FA8AA2D3F68A283459
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\crypt32.dll --a--- 977408 bytes [02:50 21/01/2008] [02:50 21/01/2008] D4D86075510C02F887528207D8E0D713

Searching for "gpedit.dll"
C:\Windows\System32\gpedit.dll --a--- 936960 bytes [02:49 21/01/2008] [02:49 21/01/2008] E3DDEB38C6303086F79C6B7E83C372C8
C:\Windows\SysWOW64\gpedit.dll --a--- 936960 bytes [02:49 21/01/2008] [02:49 21/01/2008] E3DDEB38C6303086F79C6B7E83C372C8
C:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6001.18000_none_2a50c8191d44d9bb\gpedit.dll --a--- 996352 bytes [02:48 21/01/2008] [02:48 21/01/2008] 5DE5E6AEA096D3DCE9830A35F56D7ABC
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6001.18000_none_ce322c9564e76885\gpedit.dll --a--- 936960 bytes [02:49 21/01/2008] [02:49 21/01/2008] E3DDEB38C6303086F79C6B7E83C372C8

Searching for "rundll32.exe"
C:\Windows\System32\rundll32.exe --a--- 44544 bytes [12:20 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A
C:\Windows\SysWOW64\rundll32.exe --a--- 44544 bytes [12:20 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A
C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_31ed2b17665cf346\rundll32.exe --a--- 46592 bytes [09:33 02/11/2006] [11:16 02/11/2006] 10446646D128E580C46615338E74E672
C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_d5ce8f93adff8210\rundll32.exe --a--- 44544 bytes [12:20 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A

Searching for "sfc.dll"
C:\Windows\System32\sfc.dll --a--- 4608 bytes [12:21 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\SysWOW64\sfc.dll --a--- 4608 bytes [12:21 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_03545ed0148f16ae\sfc.dll --a--- 6144 bytes [09:05 02/11/2006] [11:19 02/11/2006] 2CCA759379C220D29F0066CA49E9259F
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll --a--- 4608 bytes [12:21 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a--- 21504 bytes [02:48 21/01/2008] [02:48 21/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\SysWOW64\svchost.exe --a--- 21504 bytes [02:48 21/01/2008] [02:48 21/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe --a--- 27648 bytes [02:50 21/01/2008] [02:50 21/01/2008] CDA9F1373805AF88F6FA4F2064BBA24D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe --a--- 21504 bytes [02:48 21/01/2008] [02:48 21/01/2008] 3794B461C45882E06856F282EEF025AF

-=End Of File=-

secesh
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-21
Gender Gender : Male
OS OS : vista
Points Points : 26337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by Dr Jay on Tue Sep 22, 2009 3:41 pm

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by secesh on Wed Sep 23, 2009 1:26 am

Thank You,

I will do so again, but as I indicated, I have done all of this; Only the quick scan found the file (twice), but the folder/files were still found in C:/Program Files/(x86/TS.
Also it was still listed in the "Programs and features" list.
(Attempting to uninstall or delete only has re-awakened it, and now Malwarebytes doesn't detect it anymore - at least not on the last attempt).
But I will re-download it and follow instructions to the tee, and get back.

Thanks again.

secesh
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-21
Gender Gender : Male
OS OS : vista
Points Points : 26337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by Dr Jay on Wed Sep 23, 2009 3:05 am

Hi

Please use the Internet Explorer and run a BitDefender Online scan from [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by secesh on Wed Sep 23, 2009 6:07 am

Hello,

Just returned to report the Malwarebytes results and found your last posting. Here are the Malwarebytes results after uninstalling Malwarebytes, then RE-INSTALLING it following your instructions, (and before running BitDefender):



Malwarebytes' Anti-Malware 1.41
Database version: 2845
Windows 6.0.6001 Service Pack 1

9/22/2009 9:48:18 PM
mbam-log-2009-09-22 (21-48-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 349638
Time elapsed: 1 hour(s), 38 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\Common Files\TSUninstall (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\11BT0LC0\PersonalScan-1249ffc_2009-1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Common Files\TSUninstall\Uninstall.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Computer Scan.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Help.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Registration.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Security Center.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Settings.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Update.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\Users\Office Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TS.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TS\tsc.exe (Rogue.TotalSecurity) -> Quarantined and deleted successfully.




I checked C:/Program Files/(x86)/TS, and IT IS NOW AN EMPTY FOLDER!
Also, I went to the "Programs and features" list to uninstall “Total Security”, and was informed there is nothing to un-install, and the remaining folder was deleted.

It appears that this download of Malwarebytes was different somehow – or at least had the desired result.

THANK YOU!

I will run BitDefender anyway (I already started it and watched it scan C:/Program Files/(x86)/TS with no detection!), and will post the results just in case, but the problem appears to be corrected.

THANKS AGAIN SO MUCH! Hooray! Thank You! Thank You!

secesh
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-21
Gender Gender : Male
OS OS : vista
Points Points : 26337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by secesh on Wed Sep 23, 2009 2:37 pm

Hello,

The BitDefender results confirm removal.

Thanks again!


BitDefender Online Scanner



Scan report generated at: Wed, Sep 23, 2009 - 02:52:06





Scan path: C:\;D:\;E:\;







Statistics

Time
02:38:23

Files
605667

Folders
29854

Boot Sectors
0

Archives
10046

Packed Files
37839




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
4252414

Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Aug 27 2009)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.

secesh
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-21
Gender Gender : Male
OS OS : vista
Points Points : 26337
# Likes # Likes : 0

View user profile

Back to top Go down

total security hellish thing!!!!

Post by debbie76 on Wed Sep 23, 2009 5:28 pm

Moderated Message: Hello, debbie76, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic.

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27131
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Total Security" and/or "Personal Ativirus&qu

Post by Dr Jay on Wed Sep 23, 2009 7:17 pm

Hi

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


==

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay, and save it to your Desktop.
  • Please disable realtime protection. (If any)
  • Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer.


Please post the checkup log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum