PDA

View Full Version : persistent infection



mfc007
2008-08-27, 09:00
sorry if am posting in the wrong place

I have windows xp pro sp2....and I have spybot the new one
man I hate spyware and malware


I keep scanning my computer and every time it gets the sames results

Microsoft.WindowsSecurityCenter_disabled
Microsoft.Windows.System

is there any way get them out of my system ?

Zenobia
2008-08-27, 10:57
If you click on Microsoft.WindowsSecurityCenter_disabled,then click the area to the right with the arrows on it,Spybot should give you this description:

Company:
Product: Microsoft.WindowsSecurityCenter_disabled
Threat: Security


Functionality
if the Windows Security Center is disabled this entry will be shown

Description
Malware can disable the Windows Security Center to make your System more vulnerable.

If you have other security software suit installed, this may also deactivate the Windows Security Center to avoid double warning messages.

I also see this description for Microsoft.Windows.System within Spybot:

[Microsoft.Windows.System]
Product=Windows.System
Company=Microsoft
Threat=Changed Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Registry changes about the Windows System.If this Item is beeing found, it does not necessarily mean an infection.Some Malware like CWS and Smitfraud variants change these settings. It is also possible that these settings have been changed by an administrator (if you have one) or by a legitimate software.Windows System Registry changes include Displaysettingmenus and Controlpanel
Privacy=
Description=These Settings can normally not be reversed via the normal Windows User Interface.Some settings pose security risks and some are just annoyances.Also, some settings are redundant, meaning that they can be changed at various positions in the registry thus changing one value may not be enough.

Have you been having any other noticable problems on your computer,besides Spybot detecting those two problems?

drragostea
2008-08-27, 18:33
Will this help (even a tiny bit)? :santa:
http://forums.spybot.info/showthread.php?t=33238
--

Zenobia
2008-08-27, 20:44
Yes.But I need to find out if Security Center was disabled by mfc007,a security app did it,or if malware might be involved.

And also about Microsoft.Windows.System,as well. :)

mfc007
2008-08-28, 02:56
I never disable
Microsoft windows Securety Center
or microsoft windows system

am 100% that is malware, ohh and when I try to go online to do any update for spybot or any other security program it wont let me and when I open internet explorer or FireFox everything looks normal but when I type spybot it will show another website I think my browsers got high jack

mfc007
2008-08-28, 03:23
On my desktop instead of my regular wallpaper I have a blue screen with a message ( warning Spyware detected on you computer! ) and on the bottom
warning! win32/Adware.Virtumonde
warning! win32/PrivacyRemover.M64

I tried to enable security center manually, after I boot my computer the settings go back to disable.
I went to control panel, security center and I click on windows firewall and I get this message ( Due to an unidentified problem , Windows cannot display windows Firewall settings. I also tried to uninstall norton internet securety and I noticed that Norton internet Securety uninstall button is missing on add and remove programs

sorry for my grammar is bad

mfc007
2008-08-28, 03:45
Thanks for the response!

drragostea
2008-08-28, 04:45
This sounds serious. It sounds like a SmitFraud infection too, because it represents the fake 'BSOD' screensavers that it presents the user to or a bio-hazard wallpaper saying "Warning! Your computer is infected!".

The rouge products such as Winfixer, Privacy Remover, XPAntiVirus Pro, and VirusHeat have to do the SmitFraud family.

You'll have to take a visit to the Malware Forums mfc.
_____
Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
______
The infections might also explain why you have a "hijacked" search result and a disabled Security Center.

However, before you go... mfc, have you ran Spybot-SD (latest definitions;27.8.08) in Safe Mode (disconnected from the Internet), to see if you can remove them?

Are you using a firewall? How about a anti-virus/malware program?

Please post back.

mfc007
2008-08-28, 05:51
for Spyware programs I have Spyware Doctor and SpySWeeper and for virus and firewall I have Norton internet securety but I think norton is been desable because when I run full scan it takes only about 2 minutes...man I think if by friday I dont have any luck i'll wipeout all my hard drives....I have two 400gb in raid and two 300gb nomal that is going to take a while to erase.... how can I get the latest update for spybot?

drragostea
2008-08-28, 06:27
Is the Norton subscription free or paid?

I wouldn't suggest you "nuke" or 'wipeout' the drives yet. There's still hope, if you visit the Malware Forums. The instructions are in my previous post.

You simply update Spybot-SD by executing it and click "Check for Updates".
Download the updates that are presented to you and run a full scan in Safe Mode.
--

mfc007
2008-08-29, 07:47
thank you my computer is almost clean but my browsers they keep redirecting me somewhere else every time i try to go spybot website...is there any special program to clean any hijacker

Zenobia
2008-08-29, 08:32
I think your best bet might be to ask for help in the malware removal forums.They can help you best in there.Instructions above. :)

Not sure if this will help you to be able to download Spybot,but you could try.Should be a direct download:
http://spybot-download.net/spybotsd160.exe

From the procedure link posted above:

If you cannot run the Spybot scan at all, please go ahead and post the HJT log along with a note regarding scan/s failure.

drragostea
2008-08-29, 18:26
Yes, the Malware Forums will do.
If Spybot-SD cannot execute (installation or the program) then rename it and see if it works.