Official Intrusion Detection System

View previous topic View next topic Go down

Official Intrusion Detection System

Post by TonyRoebuck on 17th January 2010, 3:54 am

A warning box pops up saying

"Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and PC saftey is at risk. To get rid of unwanted spyware and keep your computare safe you need update your current security software. Click OK to download official intrusion detection system (IDS software)"

On everything I've Googled the message has come up different from mine. As mine says. "You private information and PC saftey is at risk." Where as everyone else's says "Your private information and PC safety is at risk."

It has changed my background to "Your system is infected"

It has disabled the Windows Task Manager (ctrl-alt-del), regedit.exe, and most other Windows diagnostic I tried. I ran Norton Antivirus and it did not find a problem. I ran Spybot S&D and it found it. I ran Spybot S&D a second time and it deleted all but 2 entries that were in memory. Spybot called for a restart to finish cleaning the entries. After the restart, I cannot log on. It will go as far as showing my desktop wallpaper and "click when the audio drivers load, then immediately says "logging off" and "saving your settings." I can not sign into Safe Mode of any kind, "a previous good setting", or anything else, but to a command line in the Recovery Console.

I ran "chkdsk C: /r " in the Recovery Console. It found and fixed one problem, but did not help my boot problem. What next? I would rather donate here than pay a tech in town. Unplugging the box is no fun! Forgive me for posting in the wrong place. I am new to the site and am still learning your rules. They are different from other forums I have used.

Thanks,

Tony

TonyRoebuck
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-16
OS OS : Windows XP
Points Points : 25333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by Belahzur on 17th January 2010, 7:37 pm

Lets try using a boot disc.

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by TonyRoebuck on 17th January 2010, 9:21 pm

I downloaded Avira and made the CD. I had trouble booting to my first CD/DVD and finally was able to boot from my second CD/DVD. The first menu was different:

(ver. 3.6.9 - 20090527143502)

Boot Options:
1. Boot AntiVir Rescue System (default)
2. Boot from first Hard Drive

Advanced users only
3. Boot AntiVir Rescue System (800x600 16) VGA 788
4. Boot AntiVir Rescue System (1024x768 16) VGA 791
5. Boot AntiVir Rescue System VGA =ask



Then shows Linux guy

Then shows:

Avira AntiVir Rescue System
-----------------------------------

Press Alt-F7 to return to the graphical user interface

root@RescueSystem: /#



The graphical interface never loads. I tried all options except boot from first hard drive.

I am going to try to burn another disk. What next?

I have a HP Pavilion a610e with Norton and Spybot S&D.


Last edited by TonyRoebuck on 18th January 2010, 12:13 pm; edited 1 time in total (Reason for editing : Added Computer Info)

TonyRoebuck
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-16
OS OS : Windows XP
Points Points : 25333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by TonyRoebuck on 19th January 2010, 3:59 pm

I have tried every way to make and run the Avira boot CD, even the exe and iso from their website. I am trying to be patient, but need the computer. The CD will not boot the graphical interface, just the command line. I can access Midnight Commander. Both these options are useless to me because I know Dos commands, but do not know Linux commands.

I am going external to try to fix my HD. I only have one NTFS desktop computer, so slaving it will not work. I am going to use my XP laptop. It has some RAM issues (physical problems), but is usually stable.

Do you have any software recommendations. I will try to use Spybot S&D first, since it has found it once. It took a while, but I found a post that told how to get Spybot S&D to scan a drive other than C:. I hope it works.

TonyRoebuck
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-16
OS OS : Windows XP
Points Points : 25333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by Belahzur on 19th January 2010, 6:32 pm

No problems with that, it's worth it a shot eh? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by TonyRoebuck on 23rd January 2010, 4:28 am

Still working. I'm able to access the drive. Data is still there!! I have copied all our "critical" files (I think) onto another drive. I was able to access Spybot's log files. The offending entity is called Supsav.Smss32. Spybot removed all but the registry entry under: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" I found a file in the Windows\Prefetch folder that pointed to smss32.exe. I deleted it and then accessed the external drive's Windows registry to remove the "...\Run"entry. It was gone.

I put the drive back in and it still will not boot... same problem. I am running a-squared Free 4.5 now in hopes of removing anything Spybot missed. I almost gave up and installed XP onto another clean drive from my brother-in-law. New problem... I have no install disks (nȯne included with the original packaging and manuals). My restore files are on a partition on the non-bootable drive! Genius!!

Is there a way to make a bootable "install" DVD with the contents of that drive?

While a-squared was running, I found an XP Recovery Disk I made, put in a drawer, and forgot about (2004). I will try to boot into it when I finish this scan. Maybe it will work.

Still looking for ideas.

TonyRoebuck
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-16
OS OS : Windows XP
Points Points : 25333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by Belahzur on 23rd January 2010, 11:02 pm

Give the recovery disc a shot too then, it's the userinit key that has been modified within the registry.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by TonyRoebuck on 26th January 2010, 3:35 am

The Recovery disk was worthless, unless you know the NT commands, or want to do a re-install. After more Google, I found it on a 2006 post!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon : Userinit was set to C:\Windows\system32\winlogon32.exe and it should be set to C:\Windows\system32\userinit.exe.

I now am up and running!! The only remaining problem I have found (so far) is from where the virus changed my desktop wallpaper to it's green "Your System is Infected" image. The image is gone and the controls for my wallpaper are grayed-out and inaccessible. I just have the capability to change colors. It must be in the registry somewhere too. Any ideas where?

I ran an updated Spybot S&D and removed a few "stat counters" and am running Norton AV Full scan. Do I need to reset the System Restore Point, or anything else that might have a copy of a bad setting? If so, how?

Thanks! My wife is happy to be able to blog again.

TonyRoebuck
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-16
OS OS : Windows XP
Points Points : 25333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by Belahzur on 26th January 2010, 6:11 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by TonyRoebuck on 26th January 2010, 8:39 pm

Thanks. I am downloading now. I found a fix for the wallpaper issue after my post. It worked just as the 2006 forum said. In case someone else needs it, it is found at:

[You must be registered and logged in to see this link.]

I will get to work on MBAM after I finish work.

One question:

I have WildTangent programs (games) installed on the computer for my kids. They always show a false positive. If you remove it, my kids' games do not work. Also, there is a false positive for one of my wife's Broderbund software, Print Shop Deluxe. I also cannot remove it without damage to the program. If they show up in MBAM, what do I do... and will it affect the results you need?

TonyRoebuck
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-16
OS OS : Windows XP
Points Points : 25333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by Belahzur on 27th January 2010, 1:46 am

Doubt MBAM detect those because the MBAM team know of the false positive in WildTangent and leave it, and I highly doubt the printer one will shop up, but if it does, we'll restore it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by TonyRoebuck on 4th February 2010, 7:06 pm

Sorry about the delay. I had an emergency and had to stop restoration of the computer for a while. I will try when I finish work tonight.

TonyRoebuck
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-16
OS OS : Windows XP
Points Points : 25333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Official Intrusion Detection System

Post by Belahzur on 4th February 2010, 8:55 pm

Okay, standing by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum