Security Protection

Hello, Skysarge

Security Protection is a rogue anti-spyware program.

Step 1:
Please reboot your machine into Safe Mode with Networking. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

Step 2:
Download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 8 different versions. If one of them won't run then download and try to run the other one.

*Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

If you are having problems running Rkill, try downloading one of these renamed copies of RKill.com

• iExplore.exe
• eXplorer.exe
• uSeRiNiT.exe
• WiNlOgOn.exe

Once you've gotten one of them to run then try to immediately run the following.

Step 3:
Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

Step 4:
Now run this: Using Malwarebytes Anti-Malware

Step 5:
Then run this: SUPERAntiSpyware - running & getting a log

Step 6:
Next run this: Using MGtools

Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans

• TDSSKiller log.txt
• Malwarebytes Anti-Malware log
• SUPERAntiSpyware log
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

NOTE:

1. If you have problems downloading on the problem PC, download the tools and the manual updates for Malwarebytes onto another PC and then burn to a CD. Then copy them to the problem PC. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

dr.m

 

Can you get the tools that I suggested running downloaded and ran? If not, is thee another pc you can use to get them burned to disc for transfer to the infected machine?

 

It would be better to disable Avast temporarily while you download and run the tools I recommended.

 

You're welcome.

We'll continue when you're ready.

dr.m

 

At this point your AV, or one of its features, is interferring with running tools to clean your machine. Which product from avast! are you using?

Please refer to this link for disabling avast!'s AutoSandbox:

https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=787&nav=0,615

If the above does not allow you to run the requested tools, we may have to uninstall it for now.

dr.m

 

Sarge

Please keep avast!'s sandbox disabled, for now.

Move on to Step 6: of my instructions in post#2 and attach the scanner logs you were able to get.

Tell me what malware problems you still have.
dr.m

 

Nothing was attached.

 

If you don't know how to change the directory where your downloads are going, you can use "right-click/cut & paste" to move them to the requested directories.

Move MGtools directly onto the desktop as instructed - not here--> C:\Documents and Settings\Sarge\My Documents\Downloads\MGtools.exe

Please attach:
"C:\Documents and Settings\Sarge\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mb853c~1.txt Aug 8 2011 1033 "mbam-log-2011-08-08 (11-23-41).txt"

NOTE: You have SUPERAntiSpyware installed - why haven't you ran it and attached its log?

Step 1:
Please look in Add/Remove Programs (Programs and Features if using Vista or Windows 7) for the following and uninstall if found. If you get any errors just make a note and continue on.

Step 2:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 3:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 4:
Now Copy the bold text below to notepad. (Do not include any space above the word "REGEDIT4")Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" . Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me whether or not you receive a success message about adding the above to the registry. If you do not get a success message, it definitely did not work.

Step 5:
Using Windows Explorer - navigate to and delete:

• C:\jre-6u20-windows-i586-s.exe

Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Step 6:
Please download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Step 7:
Now install the latest Sun Java Runtime Environment

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the below logs to your next reply:

• mbam-log-2011-08-08 (11-23-41).txt
• SAS log.txt
• MBRCheck log.txt
• C:\MGlogs.zip

What malware problems are you still experiencing?