fake security centre, pop-ups, restarts and "digital protection"

Discussion in 'Malware Help (A Specialist Will Reply)' started by Monkey2064, Apr 22, 2010.

  1. Monkey2064

    Monkey2064 Private E-2

    Hey guys, I've got a whole virus fun-bundle pack lol. When I turn my machine on I get a windows security window open says I'm in desperate need of protection and I should buy antispyware products... oh nice of them to put a huge BUY button in there.

    this is accompanied by system tray pops like "Danger: your computer is infected, click here to purchase antivirus software" and other ones along the same lines.

    A program called digital protection also keeps re-installing after each boot. I've zapped it a few times with super-antispyware and I think malwarebytes found an deleted it too but its back.

    Plus three links to porn sites keep appearing on my desktop

    and to top it all off occasionally (once every hourish) I get a popup saying "your system is damaged please restart. yes/no" and you guessed it whatever I do it restarts in about 10 seconds.

    This all started happening yesterday when I got a new C drive and went through re-installing all my programs (yeah I'm pretty sure I've been had by a keygen or something - first time I've had any problems from just installing using working ones - haven't got much choice btw with illegal software, my masters course uses programs which cost literally 000's of pounds so it's this or I'm stuffed lol - hey it's for educational purposes.

    Any help you guys could offer would be great... I'm at the cusp of starting my final masters project and I've really got to get my rig up and running right.

    I've attached al the logs from the Vista cleaning procedure (I'm on a x64 bit OS so there's only 3)

    Thanks!
     

    Attached Files:

    Monkey2064, Apr 22, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to clean out this folder:
    C:\Users\Liam\AppData\Local\Temp

    Reboot after doing that and then run CCleaner again.

    I want to see how you did so run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip
     
    TimW, Apr 22, 2010
    #2
  3. Monkey2064

    Monkey2064 Private E-2

    Alrighty, done.
     

    Attached Files:

    Monkey2064, Apr 22, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet. I am not seeing any malware in your logs. What issues do you have?
     
    TimW, Apr 22, 2010
    #4
  5. Monkey2064

    Monkey2064 Private E-2

    Wohoo, no sign of anything untoward fake security centre has gone aswel as the system tray pop-up. digital protection still here but ill superantispyware that n c if it stays goes. Thanks alot!
     
    Monkey2064, Apr 22, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Apr 22, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is in your add/remove list so just uninstall it. You will continue to be infected as long as you are downloading cracks for games.

    You should read this:
    Warning about Porn, Keygens, Cracks, and other Illegal Software
     
    TimW, Apr 23, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds