fake windows security center

Help! Since 2 days I have this fake Microsoft Windows Security center telling me to download and purchase SystemErrorFixer, SystemDefender and SysCleaner. And now a little error box keeps popping up telling me there is a potential virus. Also, my PC reboots 3 times a day automatically, after a warning wihch is obviously fake.

Spybot has deleted this malware but 1 hour later it was back! Spybot, ADaware and Mc Afee report a clean pc, which is not!



HELP!!!

 

Hi Ronald12,
Welcome to Major Geeks!

Then kind of symptoms you describe are best handled as follows: Please go to the READ & RUN ME FIRST and follow the instructions. You will get some relief as you go. When you're finished, please attach the requested logs so we can see which files still need to be removed.

Thanks.
abri

 

The problem is still there after running the entire cleaning procedure.

Hijack log is attached!

Thanks.

 

Here are some of the request logs. Spybot and SuperAntiSpamware didn't found any errors, so no log was saved.

Here are combofix.xt and mglogs.zip. It is in Dutch.

 

Hi ronald12,

You did not run ComboFix as requested and it was not renamed. Please be sure to follow instructions properly.

You need to attach the log from Malwarebytes Anti-Malware.

There's some malware left. Please don't use your computer too much until I can post a fix to you. I'll do that tomorrow.

abri

 

Hi ronald12,


Please begin by closing all your browser windows and running CCleaner at the default setting with the Windows tab as the one on top. Then return here for the rest of the instructions.

1) Please disable your guest account if this hasn't already been done.

2) Go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 5

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: {7e230ff1-7c7b-8fbb-b154-8b3fbea99280} - {08299aeb-f3b8-451b-bbf8-b7c71ff032e7} - C:\WINDOWS\System32\lpwjfckv.dll (file missing)
O2 - BHO: (no name) - {12B6CF49-9785-43C2-8D2C-3D71C9E9AEEB} - (no file)
O2 - BHO: (no name) - {2C2192A8-89A8-4D85-BC9C-78F8D82EFE07} - (no file)
O2 - BHO: (no name) - {85C4AA1B-CA56-45F3-90F1-6C49837C299F} - (no file)
O2 - BHO: (no name) - {87B41CCA-FDCB-4D62-9480-32B1CF5383DE} - (no file)
O2 - BHO: (no name) - {8FCE476E-3352-4763-9DDE-10AD75572896} - (no file)
O2 - BHO: (no name) - {C6A05EC8-11D5-4778-93A8-11960E2A8D6D} - (no file)
O2 - BHO: (no name) - {EC775011-7274-4685-A139-908F2F4CEC9A} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!hxxp://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O20 - Winlogon Notify: bspyjfsd - C:\WINDOWS\SYSTEM32\bspyjfsd.dll


After you click fix, just close hijackthis.


6) Download and install Erunt. Use it to create a backup of your registry.

7) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

8) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the 'Execute' button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

9) Now run CCleaner at the default setting with the Windows tab as the top one.

10) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri