PC VIRUS - XP Security Centre - Help

[L69]

I discovered this last night, it had rebooted my computer and this was popping up from the very start of my desktop opening.

 

I was unable to run Vundo, CCleaner or Spybot and it's disabled my McAfee virus protection. I panicked so I have disabled my internet connection but left the computer running. I tried a scan with a Malware Remover but this programme just disappeared and didn't give me any results.

 

Does anyone know how I can get rid of this virus/malware/trojan?

 

Will it let me do a system restore, maybe to about 3 days ago when I know it worked well?

 

Thank you

 

This virus came from an email titled "Statement of fees 2008/09".

 

This virus came from an email titled "Statement of fees 2008/09".

 

I just run and done a scan with "Malwarebytes’ Anti-Malware" it found many bad things and deleted them but now says the following

 

" files that are required for windows to run properly have been replaced by unrecognised verisons. To maintain system stability windows must restore the original versions of these files. Insert your home XP edition CD rom now"

 

I cant find my CD rom, will my PC restart if I reboot this now without the CD rom?

[Seth]

Welcome to Free PC help L69.

 

Don't worry about that Window's message just yet. Follow these instructions:

 

 

• Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
  It is a combination of the words malicious and software.
  The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
  

 

• Required Cleanup Steps
  
  1. Disable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled
     
  2. Run a Temporary file and cache cleaner (ATF)
     
  3. Run 2 Anti-Malware scanners (Listed Below)
     
  4. Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below)
     
  5. Clear out old System Restore points
     
  6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested.
     

   

The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection speed.

Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.

The ESET online scan should take between 1 to 3 hours.

In most cases, these scans will suffice to clean and disinfect your computer.

Heavily infected systems or slower PCs can take much longer to scan and clean.

 

For best results print the following instructions and bookmark this Web page

To keep this guide printer-friendly, use your cursor to highlight the contents below.

From your browser select File - Print and in the printer dialog box under "Print range"

click the

Selection

choice to print out these instructions for removal of malware.

http://kixhelp.com/wr/images-freepchelp/printer-selection.gif

__________________________________________________

STEP 1

• Disable Spybot Search & Destroys' TEA TIMER: (if installed, if not go to Step 2)
  
  
  1. Run Spybot-S&D in Advanced Mode.
     
     
  2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
     
     
  3. On the left hand side, Click on Tools
     
     
  4. Then click on the Resident Icon in the List
     
     
  5. Uncheck "Resident TeaTimer" and OK any prompts.
     
     
  6. Restart your computer.
     
     
   

__________________________________________________

STEP 2

• Follow these instructions carefully.
  
  
• Download ATF-Cleaner from
  Snapfiles.com
  to remove un-needed temporary files from your computer that may contain malware.
  
  
• You can also download it from
  Majorgeeks.com
  
  
• When you run ATF-Cleaner, check the items as shown below for Main.
  
  
• For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  
  
• NOTE:
  If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  
  
• Then click on "Empty Selected".
  
  

http://kixhelp.com/wr/images-freepchelp/atf-cleaner01.gif

.

http://kixhelp.com/wr/images-freepchelp/atf-cleaner02.gif

__________________________________________________

STEP 3

• Install and run the free version (not the Professional version) of SUPERAntiSpyware from
  SUPERAntiSpyware.com
  
  
  • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
    
    
  • You do not have to send them your e-mail address, just click next.
    
    
  • You can leave the automated check for updates on.
    
    
  • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
    
    
  • DO NOT
    allow SUPERAntiSpyware to protect your Home Page settings.
    
    
  • On the
    Top Left
    select the
    Scan your computer
    button.
    
    
  • Make sure there is a CHECK MARK on all
    Fixed Drives
    .
    
    
  • Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.
    
    
   

__________________________________________________

STEP 4

• Install and run
  Malwarebytes' Anti-Malware
  from
  Malwarebytes - (direct download)
  
  
  • Accept all defaults for the installer
    
    
  • Allow the program to update the definitions
    
    
  • Click on the
    Quick Scan
    and click Next.
    
    
  • If any items are found allow it to clean them and then Reboot your computer.
    
    
   

__________________________________________________

STEP 5

• Run an online scan with ESET from
  Free Virus Scan: Use ESET's Online Antivirus Scanner
  
  
  • You
    must
    use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
    
    
  • If your computer is running Window's Vista, then you
    must first
    start Internet Explorer as an Administrator. To do so, right-click on the
    Internet Explorer
    icon in the Start Menu and select "
    Run as administrator
    " from the popup context menu.
    
    
   
  • Accept the terms and click "Start".
    
    
  • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
    
    
  • Click "Start" to begin the scan.
    
    
  • When completed restart your computer
    
    
   

__________________________________________________

Make sure your internet firewall security is enabled, and then please return to Extreme Tech Support - Free PC Help and tell us how the computer seems to be operating.

At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted.

 

If required this is the download link for TrendMicro™ HijackThis™

Unless instructed to by the Technician helping you then do not download this tool.

 

Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one.

Please follow the instructions here

How to turn off and turn on System Restore in Windows XP

How to turn off and turn on System Restore in Windows Vista

[Guest Wolfeymole]

Also why is it asking for XP when you apparently seem to be running Vista?

[Seth]

Nice catch mate:)

[L69]

I'm XP not Vista - sorry

 

Sorry - I'm running XP NOT Vista - I dont even remeber entering Vista or any of my PC spec.

 

Win XP

SP3

Dell 8400

1GB Ram

[L69]

Thanks

 

Thanks Seth, I'll try this when I get home shortly. I really hope I can clean this mess up.

 

I'll be in touch shortly.

 

Thanks again.

[L69]

Success, I think......

 

I have tried what you suggested and all seems to be ok apart from the fact that my McAfee is finding PUP's and Trojans about every 5 mins. I suppose this is a good thing and its doing its job.

 

McAfee even found the Security Centre trojan that started all of this problem.

[Goku]

Hello and Welcome to FPCH L. :)

 

If you want, you can download an *.iso version of Windows XP (Service Pack 3) from here. After you have downloaded the file completely, please burn the *.iso files on an empty disc using the instructions provided here.

 

After you have done the above, you will have a Windows XP disc. Just insert in the disc when you get the prompt and Windows should automatically restore the required files.

 

Also, it might be a good idea to save the *.iso file for future reference as it might come in useful in plenty of situations. :)

 

Let us know how it goes. Good Luck.

 

-- Goku

[RandyL]

Hi L69;

PUP's (Potentially Unwanted Programs) indicates that you might have dubious software installed. Combine that with the fact you are still detecting Trojans means your system is not clean.

 

Carefully follow the guide. Allow the programs to update.

 

Uninstall any dubious software like P2P file sharing programs first.

 

Follow the last bit of advice about System Restore too.

 

More advancd tools may be needed but I'll let the experts deal with that.

 

Exactly what PUP's and Trojans is Mcafee detecting and what is the location of the infections? That is the file path.

[L69]

Thanks Goku & RandyL

 

I ran a full McAfee virus scan last night before I went to bed and this morning it had found nothing. I thought it was all cleared. Spybot found nothing either.

 

I wish I'd written the names of the files down, I don't remember them, I just recall one being the 'Security Centre' that was blocked. I think some were called dialler's and installers. I'll need to check when I get home. Shall I send you a screen print of the quarantined files?

[RandyL]

I'm not exactly sure what you are saying.

 

After running our suggested scans and your Mcafee scans did it come up clean or quarantine all the files?

 

SpyBot is ok but SuperAntiSpyware is better. Did you run that too per our malware guide?

 

After running all the scans are you still getting infection notices?