Results 1 to 10 of 25

Thread: Bogus "Security Tool" hijacked my PC

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    13

    Default Bogus "Security Tool" hijacked my PC

    Hi, Need help getting started, quick scan of the forums did not show me a thread like this but I am sure I'm not the first to get this.

    About 2/3 through startup my desktop dissapears replaced by a blud background and a professional looking box from the "Security Tool" which claims to have found X number of malware and telling me I should register the product to remove the malware. I also have icons throwing up warnings that name legit programs I have running and labling them as threats trying to send out my credit card info. Sofar anything I try to run has been stopped, spybot, hyjack this, avast, windows defender, all do nothing when I try to run them. Firefox will work but malware removal sites seem to be blocked (like this one).

    I tried the exehelper and malware remover tools mentioned in these frequently in these forums. 2 problems. First most of your instructions start with "drag to desktop. Looks like my desktop is being blocked by a window, I cant get to it. I created a folder on my C: drive and tried to run the files from there, but again no dice. Anything I try running, dosent run and is immediatly flagged as malware which "Security Tool" wil gladly remove if I register the app.

    Any ideas for a first step?

    And no unfortuantely I havent done any of the first steps listed in the "stickies" as I have been unable to do so.

    I am writing this from a different PC.

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and to Safer Networking

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • If you don't know or understand something please don't hesitate to ask
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Absence of symptoms does not mean that everything is clear.


    1 - Download DDS

    Please disable any anti-malware program that will block scripts from running before running DDS.

    Please downloadDDS from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop from Link1
    Link2
    Link3
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.


    2 - Status Check
    Please reply with

    • DDS.txt
    • Attach.txt


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Junior Member
    Join Date
    Oct 2009
    Posts
    13

    Default No luck

    Tried to run dds, and got nothing.

    I am unable to get to my desktop in the usual way, I have to navigate to the desktop folder. I saved dds there and tried to run it. Nothing happened except the "Security Tool Warning" flagged dds.scr as malware. I may have been running TeaTimer, but I cant verify that or shut it off in the conventional way as the "Security Tool" is blocking Spybot, so I cannot verify if Teatimer is running or disable it through the program.

    What do you suggest I try next?

    Thanks in advance, I do appreciate the help.

  4. #4
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TimAndrews

    Letīs try this........

    Download and run Win32kDiag:
    1. Download Win32kDiag from any of the following locations and save it to your Desktop.
    2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
    3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
    4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  5. #5
    Junior Member
    Join Date
    Oct 2009
    Posts
    13

    Default

    Win32kDiag.exe does not run successfully. I see a brief flash of the window and its gone. Logfile created has only 4 lines:

    Running Win32kdiag....
    Logfile.............
    Warning Could not get backup privalages
    Searching 'C:/windows'

    Note, these are done from memory not cut and paste, but the lines were identical to the opening lines of this logfile I have seen others post here. Win32kDiag is being stopped.

    Also note, the above had to be done from memory as any attempt to open the the logfile failed, several editors were tried, only notepad kept the file open for just long enough for me to see the contents.

  6. #6
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TimAndrews

    Letīs try Malwarebytes Anti-Malware .......

    1 - Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it
    • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
    • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
    • If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
    • Right-click on mbam.exe, rename it to myscan and change the .exe extension in the same way as noted above.
    • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.


    With that done run full scan with it and post back its report ,with a fresh HiJackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •