skip to main content
GET IDEAS
Photos
Stories
Discussions
Houzz TV
Houzz Research
SHOP PRODUCTS
    Shop Latest Trends on Houzz
    Shop Curated Bathroom Vanities
Looking for the perfect gift? Send a Houzz Gift Card!
Houzz Logo Print
Explore Discussions
Computer Help
debo_2006

Computer security hi-jacked - WARNING!!

debo_2006
11 years ago

The culprit is fake security called WINDOWS INSTANT SCANNER. This thing just showed up out of nowhere on my work laptop (Gateway, Vista). It pops up "detected" security messages to get you to buy the program in order to remove all the infected files/programs. It just shut off Windows Essential Security and I can't do anything. Luckily, I just ran SuperAnti Spyware last week which updated itself at that time, so I'm running that now to find the crap and get it gone!!! I switched my laptop Internet connection to OFF hoping that helps this thing to not access my sh*t while I try to get control of computer again. Upon research, I probably should have rebooted in Safe mode to run the anti spyware, but too much time has passed since the start of running it, that I don't want to start over, unless someone thinks it's wise to do. It usually takes 2 hours and I'm already 50 minutes into it.

Upon using my slow desktop to type this and check to see just what this Windows Instant Scanner is, I found it is nothing to play around with. The way it looks is much like the authentic Windows Security alerts, so to someone who's not so 'puter savvy, I can see how they might click on the "Activate It" and purchase it to get rid of this thing. One of the detected messages states there is a keylogger on my computer. Upon research, it's one of the many alerts this program shows to force you to buy it.

Just warning everyone out that that it can suddenly appear and take over your anti-virus. Anyone heard or experienced it yet? I'll let you know how I make out with the SuperAnti Spyware removal, but if anyone has other "clean up" ideas, I'm all ears.

Comments (18)

  • grandms
    11 years ago
    last modified: 9 years ago

    I would also run Malwarebytes in addition to SAS. Be sure to update before running the scan. Also an online AV scanner might be a good idea, too, since your MSE has been shut off. I don't have a link for one of these, but maybe RC or Owbist or someone else can give you a link. If you're not able to clean it up by yourself, or even to make double sure it's gone, a visit to Lanzdown wouldn't be a bad idea.

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    SuperAnti Spyware found the virus and deleted all the files, but when I rebooted, it was still there. Uggg.

  • Related Discussions

    Larry, Has your email been hi-jacked?

    Q

    Comments (25)
    Sorry to hear about your trouble, Larry. I've received nothing fishy from you. I've had my email taken over a couple of times. My Facebook account, too. I was apparently stranded in London with the kids on a last-minute vacation. Yeah, that's something I'd do. Heh. We have Macs and have not had any viruses since making the switch several years ago. I'm a complete computer moron so it has to be pure luck that I've not yet caught one of the rare Mac viruses. I hear they're getting more common. Oh, I did have my debit card number stolen a couple of years back. The bank caught it and was very good about it. I guess I'd been buying up several hundred dollars in fancy underwear in Norway or something and they thought that might be a bit odd for me. Like old age, the internet is not for sissies, huh? Diane
    ...See More

    Friend wants to acess intermet with his computer. Should I let hi

    Q

    Comments (9)
    grandms said: "To answer your question about changing the password, no, only you can do that." My response to that was: "Anyone connected to a network with knowledge of the specific router's sign-on settings (username and password) can make changes." Even by using a smartphone. Could we all be talking about different things? I was talking about signing on to the router and changing the network password. Which I thought OP was focused on because of mention of the WPA protocol. If the OP was talking about the PC password, then of course not. And, of course, a node on a network has no access even to shared files on any PC that's turned off.
    ...See More

    fake security virus got me, help please

    Q

    Comments (29)
    @susieq07, Someone needs to put you in your place. And I'm going to do it! What you are doing is down right wrong. You have not been professionally trained in the removal of malware. If you would have jumped in earlier and told her to boot to Safe Mode and run MBAM this is what would have happened. All programs would have been gone and the malware would have won! Some malware does not even run in Safe Mode. Most of the threats now days installs a rootkit. Tell me..how do you remove a rootkit? If your are as good as you think you are then you would know the answer! If you were a professional then you would know that ASC is bad because it includes a Registry cleaner. A professional would never use that program. Oh an susieq07, Security Tool IS NOT A VIRUS!!! IT IS A ROGUE PROGRAM. Weren't you told that before? There is a really big difference between a Virus and a Rogue program! If you don't know the difference you are doing an injustice to the Seniors you think you are helping!!! See below for definitions of several different types of malware. http://in.answers.yahoo.com/question/index?qid=20110404055408AAZVTKy I'm sorry everybody, but I can not stand around and allow someone who thinks they know what malware is all about take advantage of the uneducated, especially when it involves the elderly. They are the most trusting people in the world. Someone has to protect/educate them to be aware of those who think they know what they say they do. Please accept my apologies. Here is a link that might be useful: Remove Security Tool
    ...See More

    Messed up my computer big-time

    Q

    Comments (57)
    Thought I'd update. Got Windows installed without a hitch, Dell talked me through it. I debated whether to put Win 7 in since I was starting from scratch but worried some of my software might not work Everything went well except I couldn't find drivers for some things such as my wireless adapter so couldn't get on line. Called Linksys and they spent over an hour trying to get the driver in and finally did. That was the best part, finally getting on line and getting hit with a zillion MS updates. I have misplaced or lost some software. We moved here in March and I could not locate my Office disk, wireless mouse/keyboard software and a few other things, might have gotten lost in the move. I'm most concerned about Office 07. I paid for it. Dell says they can't help and I could try contacting MS and see if they would do anything. I haven't moved any of my files back yet. Otherwise, I feel like the computer runs better than when it was new. Things seem different, have to fool with fonts and views, but I'm amazed how effortlessly the machine runs. This computer always seemed to have a few 'glitches' but I was used to it. Now it seems so fast and smooth (of course there isn't much running on it yet.) I don't know how to thank everyone for all the support and help I received. You are the best friends anyone could ever ask for. I guess you can teach an old dog new tricks! Thanks from the bottom of my heart... Jane
    ...See More
  • owbist
    11 years ago
    last modified: 9 years ago

    Then assure yourself that Superantispyware is up to date and run a FULL scan from Safe mode. Tap F8 at startup and select to start in safe mode.

    Might pay to install and run a full scan with Malwarebytes as Grandms suggests but not in safe mode.

    This seems to be scarware and so far I see no recogniseable sites offering a fix as the pest seems to have arrived just today. Not to say the sites listing it are bad but I do not recognise them, nuff said.

    Failing the above I would download the Kaspersky Rescue CD files, burn them to a CD as an .iso and use it to restart your computer assuming your machine is set to seek the CD/DVD player as the first startup option. Then follow the instructions.

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    Yes, when I ran the Superantispyware, it was up to date when it ran. I've been running an updated Malwarebytes for the last hour in safe mode (started well before you saw your post Owbist). It has only found 2 detected objects so far which is odd since there were 1596 with Superantispy.

    Wondering if a system restore to an earlier time is an easy fix or will fix it at all?

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    Update: Just after posting the above message, Malwarebytes finished it's full scan in Safe Mode and deleted the culprit. When I rebooted, MSE was back to working and everything appears to fine from what I can tell.

    If there is anything else I need to do to ensure that nasty virus is gone, let me know.

    Thanks.

  • zep516
    11 years ago
    last modified: 9 years ago

    DDS is a program that will scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer.

    The program will also display information about the computer that will allow us to quickly ascertain whether or not malware may be running on your computer.

    To use DDS, simply download the executable and save it to your desktop or other location on your computer. You should then double-click on the DDS.scr icon to launch the program. DDS will then start to scan your computer and compile the information found into two log files. When DDS has finished it will launch the two Notepad windows that display the contents of these log files. The contents of these log files can then be attached to a reply.

    See link for download

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Here is a link that might be useful: dds

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    Zep, both the link and http opens up my pictures folder.

  • zep516
    11 years ago
    last modified: 9 years ago

    Pretty odd indeed both links work for me, so there's nothing wrong with them. They open a small box right here on this website and you click save file, save it to the desktop. Anyway let me get another link for you. There will be 2 logs produced please post them both, I will look at it if I see an issue we need to send you to Lndz.

    Here is a link that might be useful: download/dds

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by DK at 18:12:58 on 2012-06-12
    Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.3062.1241 [GMT -4:00]
    . AV: Microsoft Security Essentials *Enabled/Updated* (9765EA51-0D3C-7DFB-6091-10E4E1F341F6)
    SP: Windows Defender *Disabled/Updated* (D68DDC3A-831F-4fae-9E44-DA132C1ACF46)
    SP: Microsoft Security Essentials *Enabled/Updated* (2C040BB5-2B06-7275-5A21-2B969A740B4B)
    . ============== Running Processes ===============
    . C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\DK\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DK\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DK\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\DK\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DK\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\DK\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    . ============== Pseudo HJT Report ===============
    . uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: (18df081c-e8ad-4283-a596-fa578c2ebdc3) - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: (53707962-6f74-2d53-2644-206d7942484f) - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: (72853161-30c5-4d22-b7f9-0bbc1d38a37e) - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: (761497bb-d6f0-462c-b6eb-d4daf1d92d43) - c:\program files\java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: (b4f3a835-0e21-4959-ba22-42b3008e02ff) - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - No File
    TB: (2318C2B1-4965-11D4-9B18-009027A5CD4F) - No File
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: (2670000A-7350-4f3c-8081-5663EE0C6C49) - (48E73304-E1D6-4330-914C-F5F514E3486C) - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: (789FE86F-6FC4-46A1-9849-EDE0DB0C95CA) - (FFFDC614-B694-4AE6-AB38-5D6374584B52) - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: (CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA) - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: (E2883E8F-472F-4FB0-9522-AC9BF37916A7) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
    TCP: Interfaces\(331C4984-7B67-4895-92BF-FBD07719C629) : DhcpNameServer = 192.168.1.1 71.242.0.12
    Filter: text/xml - (807573E5-5146-11D5-A672-00B0D022E945) - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: intu-help-qb5 - (867FCB77-9823-4cd6-8210-D85F968D466F) - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - (FC598A64-626C-4447-85B8-53150405FD57) - c:\windows\system32\mscoree.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: (b5a7f190-dda6-4420-b3ba-52453494e6cd) - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - c:\program files\superantispyware\SASSEH.DLL
    . ============= SERVICES / DRIVERS ===============
    . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 290832]
    R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2011-6-14 281088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 257696]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    . =============== Created Last 30 ================
    . 2012-06-12 20:05:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\(c63b0218-fda0-4f49-a66a-fbbac2d29431)\offreg.dll
    2012-06-12 14:38:15 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    2012-06-12 14:38:15 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\(94e954c4-9303-4459-aace-f4d82ef5da4b)\gapaengine.dll
    2012-06-12 14:36:16 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\(c63b0218-fda0-4f49-a66a-fbbac2d29431)\mpengine.dll
    2012-06-12 01:09:54 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-05-16 22:05:38 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    . ==================== Find3M ====================
    . 2012-05-04 17:57:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 17:57:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
    2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-03-25 17:34:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    . ============= FINISH: 18:13:49.82 ===============

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    . DDS (Ver_2011-08-26.01)
    . Microsoft� Windows Vista� Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/14/2011 9:30:53 PM
    System Uptime: 6/12/2012 4:29:45 PM (2 hours ago)
    . Motherboard: Gateway : :
    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz : U2E1 : 1333/mhz
    . ==== Disk Partitions =========================
    . C: is FIXED (NTFS) - 298 GiB total, 207.691 GiB free.
    D: is CDROM ()
    E: is Removable
    . ==== Disabled Device Manager Items =============
    . ==== System Restore Points ===================
    . RP405: 5/23/2012 11:07:30 AM - Windows Update
    RP406: 5/24/2012 1:57:24 PM - Windows Update
    RP407: 5/25/2012 5:02:37 PM - Windows Update
    RP408: 5/26/2012 5:59:33 PM - Windows Update
    RP409: 5/27/2012 6:32:30 PM - Windows Update
    RP410: 5/28/2012 7:53:40 PM - Windows Update
    RP411: 5/29/2012 11:27:49 AM - Windows Update
    RP412: 5/30/2012 12:05:57 PM - Windows Update
    RP413: 5/31/2012 12:35:48 PM - Windows Update
    RP414: 6/1/2012 5:13:40 PM - Windows Update
    RP415: 6/2/2012 10:49:47 AM - Windows Update
    RP416: 6/3/2012 6:47:47 PM - Windows Update
    RP417: 6/4/2012 11:25:04 AM - Windows Update
    RP418: 6/4/2012 10:49:10 PM - Windows Update
    RP419: 6/5/2012 4:54:34 PM - Windows Update
    RP420: 6/6/2012 9:34:37 AM - Scheduled Checkpoint
    RP421: 6/6/2012 11:11:02 AM - Windows Update
    RP422: 6/7/2012 10:32:10 AM - Scheduled Checkpoint
    RP423: 6/7/2012 12:15:48 PM - Windows Update
    RP425: 6/7/2012 10:23:25 PM - Microsoft Antimalware Checkpoint
    RP426: 6/8/2012 4:39:47 PM - Windows Update
    RP427: 6/9/2012 4:43:40 PM - Windows Update
    RP428: 6/10/2012 7:42:19 PM - Windows Update
    RP429: 6/11/2012 9:08:02 PM - Windows Update
    RP430: 6/12/2012 10:34:30 AM - Windows Update
    RP432: 6/12/2012 11:29:23 AM - Microsoft Antimalware Checkpoint
    RP433: 6/12/2012 5:35:38 PM - Windows Backup
    . ==== Installed Programs ======================
    . Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.1.3)
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Brother MFL-Pro Suite MFC-490CW
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IHA_MessageCenter
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.1
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Word 2002
    Microsoft Works 2002 Setup Launcher
    Microsoft Works 6.0
    Microsoft Works Suite Add-in for Microsoft Word
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    PaperPort Image Printer
    PDF-XChange Viewer
    PDF Settings
    PHOTOfunSTUDIO 5.0
    QuickBooks
    QuickBooks Pro 2012
    REALTEK RTL8187SE Wireless LAN Driver
    REALTEK USB Wireless LAN Driver
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    ScanSoft PaperPort 11
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Spybot - Search & Destroy 1.4
    SUPERAntiSpyware
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Vz In Home Agent
    WhoCrashed 3.04
    WinRAR 4.01 (32-bit)
    Works Suite OS Pack
    Works Synchronization
    . ==== Event Viewer Messages From Past Week ========
    . 6/6/2012 11:19:35 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document CMO signed.pdf, owned by EC, failed to print on printer Brother MFC-490CW Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 4007636. Number of bytes printed: 3175820. Total number of pages in the document: 3. Number of pages printed: 0. Client computer: \\DK-PC. Win32 error code returned by the print processor: 87. The parameter is incorrect.
    6/12/2012 3:48:39 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/12/2012 2:45:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: (E60687F7-01A1-40AA-86AC-DB1CBF673334)
    6/12/2012 2:25:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: (145B4335-FE2A-4927-A040-7C35AD3180EF)
    6/12/2012 2:20:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
    6/12/2012 2:20:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2012 2:19:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: (9E175B6D-F52A-11D8-B9A5-505054503030)
    6/12/2012 2:19:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: (1BE1F766-5536-11D1-B726-00C04FB926AF)
    6/12/2012 2:19:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: (DD522ACC-F821-461A-A407-50B198B896DC)
    . ==== End Of File ===========================

  • zep516
    11 years ago
    last modified: 9 years ago

    Looks good, clean computer. Lets check for any left overs with Malwarebytes,

    Please download Malwarebytes' Anti-Malware to your desktop click Here
    Double Click mbam-setup.exe to install the application.
    �Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    �If an update is found, it will download and install the latest version.
    �Once the program has loaded, select "Quick Scan", then click Scan
    �The scan may take some time to finish,so please be patient.
    �When the scan is complete, click OK, then Show Results to view the results.
    �Make sure that everything is checked, and click Remove Selected.
    �When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    �The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    �Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    I ran Maywarebytes in safe mode and that's what got rid of the virus (see posts above). Do you want me to run it again?

    Also, the logs I posted are safe, meaning, from that info, people can't learn anything about me or my IP or anything else, right? My quick glance didn't show anything. Just checking.

  • zep516
    11 years ago
    last modified: 9 years ago

    No don't run Malwarebytes again, those logs you posted are safe. I'd like to see the Malwarebytes log.

    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. I want to see what it removed, and what it fixed.

    Joe

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.12.08

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    DK :: DK-PC [administrator]

    6/12/2012 2:32:15 PM
    mbam-log-2012-06-12 (14-32-15).txt

    Scan type: Full scan
    Scan options enabled: Memory : Startup : Registry : File System : Heuristics/Extra : Heuristics/Shuriken : PUP : PUM
    Scan options disabled: P2P
    Objects scanned: 484369
    Time elapsed: 1 hour(s), 13 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:Inspector (Rogue.FakeAV) -> Data: C:\Users\DK\AppData\Roaming\Protector-jivo.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\DK\AppData\Roaming\Protector-jivo.exe (Rogue.FakeAV) -> Quarantined and deleted successfully.

    (end)

  • zep516
    11 years ago
    last modified: 9 years ago

    I expected more then that maybe not though. When you get time would your run the Malwarebytes scan in regular Normal mode just to be sure and see if it finds anything. If it does post the log. If it does not find anything then no need to post log just tell me the log is clean or does not show anything.

    How is the computer running?

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    Computer is running great, fast. No problems at all.

  • zep516
    11 years ago
    last modified: 9 years ago

    Good! I guess the Rogue.FakeAV) didn't get time to call all it's friends to the party. Run the Malwarebytes scan. You should be good to go!

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    LOL, I agree - no party here, at least that kind anyway.

    I just ran a quick scan of Malwarebytes and all was clean. I'll run another complete scan tomorrow morning. I'll post with the outcome.

    Thanks for your help, Mike. It's nice knowing there are helpful people like you out there.

  • debo_2006
    Original Author
    11 years ago
    last modified: 9 years ago

    Thanks to grandms and Owists as well. Don't want to forget anyone that helped/gave suggestions. Much appreciated.

Related Stories
PETSHow to Help Your Dog Be a Good Neighbor
By Alison Hodgson
Good fences certainly help, but be sure to introduce your pup to the neighbors and check in from time to time
Full Story
163
LIFEHow Your Landscaping Can Keep Burglars Away
By Julie Kim
Prevent home break-ins with strategic landscaping and good practices instead of menacing — and maybe less effective — measures
Full Story
114
PETSHouzz Call: Send in the Dogs
By Sheila Schmitz
Have the greatest dog in the world? Share your best design photo featuring the dog you live or work with
Full Story
780
HOME TECHFacebook Meets Fido: Pet Connections for the Digital Age
By Mike Elgan
Three new products let you communicate with your dog or cat while you're at work
Full Story
53
ORGANIZING7-Day Plan: Get a Spotless, Beautifully Organized Home Office
By Laura Gaskill
Start your workday with a smile in a home office that’s neat, clean and special to you
Full Story
114
FUN HOUZZBinge on the Design of ‘House of Cards’
By Becky Harris
Pull up a seat to Netflix’s addictive political drama for sets and fashions rife with intrigue
Full Story
165
FLOORS5 Benefits to Concrete Floors for Everyday Living
By Natalie Myers
Get low-maintenance home flooring that creates high impact and works with home styles from traditional to modern
Full Story
247
THE HARDWORKING HOME6 Smart Ways to Work Your Square Footage
By Buckenmeyer Architecture
The Hardworking Home: From Juliet balconies to movable walls, here’s how to make a home of any size feel more open, flexible and fun
Full Story
98
LANDSCAPE DESIGNDitch the Ordinary Ditch: Create a Realistic Dry Creek Bed
By Jay Sifford Garden Design
Here’s how to turn your water runoff system into an eye-catching accent for your landscape
Full Story
83
KITCHEN DESIGNKitchen Counters: Stunning, Easy-Care Engineered Quartz
By Ivon Street Studio
There's a lot to like about this durable blend of quartz and resin for kitchen countertops, and the downsides are minimal
Full Story
289
Sponsored
More Discussions
Hard drive removal
5
sound missing on Dell
3
Problems with Outlook 2013
0
Upgrading Windows 11 from Home to Pro
2
Any suggestions for a very secure non-web-based email?
3