FAKE Windows Security Alert........HELP!

[MarkyG]

Cant seem to get rid of it, got as far as it loading and not being able to show anything as the main part of it has gone, but cant get rid of it fully!

Tried:

AVG
SpyBot
SuperAntiSpyware
McAfee Stinger

and all say it is removed, then it pops straight up again. Tried in safe mode also and no joy.

Anyone able to help?

If not, clean install it is.........again, for the 7th time this week!!!

[grantlowery]

if you run task manager you should be able to see the processes the virus is running, sure they have a star next to them, Kill them off and then you should be able to get to the root of the virus...dont know where it will be, probally somewere in programme files.

If this doesnt get round it, formatting is the next best thing im affriad.

[MarkyG]

I'm not too bothered about reinstalling, it only takes around 25mins from formatting the hdd to get windows xp pro on my system

not too sure about the name with asterisk after them being the virus, as i dont think mine is showing anything after any suspicious .exe names. will give it a check and post back....

[DarylVTR]

i cant remeber the bloody name of the program to remove it now.... il have a quik look

[DarylVTR]

i think its this..... try it.

http://download.bleepingcomputer.com...a/ComboFix.exe

[chapperlin]

Follow this guide-

http://forums.majorgeeks.com/showthread.php?t=35407

Helped me out recently when my gf downloaded malware off facebook

[MarkyG]

i shall give that a try, found a similar guide but was completely unreadable and hard to figure out. this one is much easier, will be doing this tonight when i get home from work. failing that, a clean install! lol

[neilandhisvtr]

always always always install spybot with the teatimer system protection from the word go.

[MarkyG]

Spybot is a good program yes, but it cant remove all mal/spy/ad ware. Never installed the teatimer as it doesnt pick up everything. Although i installed it in my latest clean boot and it didnt pick up this fake windows security alert whatsoever on my system!

[neilandhisvtr]

Quote:

Originally Posted by themarkyg

Spybot is a good program yes, but it cant remove all mal/spy/ad ware. Never installed the teatimer as it doesnt pick up everything. Although i installed it in my latest clean boot and it didnt pick up this fake windows security alert whatsoever on my system!

itll prompt you for every system settings change including startup items so it should of (providing you dont click allow to everything) blocked it..

[MarkyG]

i got a couple of windows, but i knew what i was allowing, this windows security faker just started popping up, nothing tried to pick it up.

gonna try this majorgeeks guifde, if that fails, clean install. doesnt take long on my system anyway so will probably do that. Messenger Plus! is a nice bit of software for letting in all unknown stuff quite often, so i will steer clear of that!!

[neilandhisvtr]

funny, running spybot and avast over here and i was purposely opening files that had malware attached yesterday.. just scanned my system, all clean.

something isnt set up properly or enabled by the sound of it. or something slipped in on the back of another seemingly legit package.

[MarkyG]

in all honesty i dont think i got spyware on there in the beginning of installing all my programs, first thing that went on was AVG, then i think messenger plus, so that could be why! have double checked all the settings and everything is ok. managed to get rid of the main part of the popup window, now it just syas it cant connect to the webpage. so ive got that bit clear, jsut the window to sort now!

[SAJosh]

I had similar crap at work the other week, it attached itself to explorer.exe and winlogon.exe which are a bastard since you can't end winlogin.exe

1. Download windows defender
http://www.microsoft.com/windows/pro...r/default.mspx

2. Full scan using windows defender

3. Download spybot search and destroy, run it in safe mode

windows defender was the only one that picked it up for me - this tool:
HiJackThis [ http://www.majorgeeks.com/download3155.html ]

Lets you see and end a load of processes but only do it if you know what your ending/changing/removing etc

[MarkyG]

The majorgeeks thread majorly (no pun intended) worked, all clean now and working fine, although its long winded, only really need to disable system restore, scan, remove, enable s/r and reboot.

all working now though

[neilandhisvtr]

tbh i normally diable system restore, its a waste of disk space. and 9/10 borks the system more than it fixes imo. but then i have a disk image of a fresh build and all my files are backed up.. hehe

[MarkyG]

hehe, i used to ghost straight onto my hdd, but its quicker for me jsut to do a clean install, sys restore is now fully disabled and wont be enabling it again. complete waste of time, especially when problems get fixed then it restores them on reboot without any reason at all!