Windows security center pop up

[Markup]

Hi There

I wonder if anyone could help me? I have the most annoying windows security
center pop up (about 500x600 pixels) appearing on my screen every few minutes
telling me that I have no virus protection ( I have ) and asking me to go
along to a choice of two paid for virus protection program retailers, one of
which caused no end of trouble with a machine recently.

I did consent to this, did not ask for it and nor do I want it but I cannot
find a way of removing it from my machine.

I have opened the security center and changed the way it notifies me to no
avail. I have also ran START>RUN>SERVICES.MSC and disabled the security
center - no joy there either.

Can anyone help me please I am not very technically minded at all, just
extremely frustrated.

Thanking you,
Mark

 

[Nonny]

Hi There

I wonder if anyone could help me? I have the most annoying windows security
center pop up (about 500x600 pixels) appearing on my screen every few minutes
telling me that I have no virus protection ( I have ) and asking me to go
along to a choice of two paid for virus protection program retailers, one of
which caused no end of trouble with a machine recently.

I did consent to this, did not ask for it and nor do I want it but I cannot
find a way of removing it from my machine.

Your system is no doubt infested with malware.

Download and run AT LEAST TWO of the following:

Spybot Search and Destroy: http://www.safer-networking.org/index2.html

Superantispyware: http://www.superantispyware.com/

Ad-ware: http://lavasoft.com/products/ad_aware_free.php

 

[MowGreen [MVP]]

The popups signify that the system is already infected. The scamware is
what infects the system and then insists that you must pay to remove it.
Nice, huh ?
Suggest you seek assistance at a reputable anti-malware forum for this
issue. Please read the guidelines of the forum of your choice prior to
posting there:

http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

 

[Markup]

Thank you for your help friends, I shall go along to the dedicated forum(s)
shortly.

I had actually posted the above in the wrong forum last night and only
realised today that I had done so. In the meantime I have been delving as
deep as my technical knowledge allows and ran a scan and destroy program that
identified dozens and dozens of threats. It removed the majority but left me
with 14 TROJAN type files that it identified but could not delete.

I then went through the files deleting them by hand and am now left with
nine instances of a Trojan VX 15 that is named winload.exe. They are all
buried in the system32 folder and try as I might I cannot delete them
manually, nor can the program that detected them for me in the first place.

I notice too that after trying to delete them manually I can now no longer
access the internet on the machine. I have to keep trying though as I just
cannot do without the machine.

Thanks again for your guidance,
Mark

 

[Nonny]

Thank you for your help friends, I shall go along to the dedicated forum(s)
shortly.

I had actually posted the above in the wrong forum last night and only
realised today that I had done so. In the meantime I have been delving as
deep as my technical knowledge allows and ran a scan and destroy program that
identified dozens and dozens of threats. It removed the majority but left me
with 14 TROJAN type files that it identified but could not delete.

I then went through the files deleting them by hand and am now left with
nine instances of a Trojan VX 15 that is named winload.exe. They are all
buried in the system32 folder and try as I might I cannot delete them
manually, nor can the program that detected them for me in the first place.

I notice too that after trying to delete them manually I can now no longer
access the internet on the machine. I have to keep trying though as I just
cannot do without the machine.

You may very well end up formatting and reinstalling.

 

[MowGreen [MVP]]

Some of the malware may emebed themselves in what is known as the
winsock stack.
See if you can run an Elevated Command Prompt [locate command.exe, or
command, from Start Search, right click it, choose 'Run as
administrator']. If cmd has been disabled by the malware suggest you
boot to Safe Mode and run either, or preferrably both, Superantispyware
and Spybot from within that mode. Then reboot to normal Windows mode,
open an Elevated Command Prompt, at the prompt enter the following,
pressing Enter after each command

netsh winsock reset
exit

Restart the system and see if connectivity is restored.
Seems fairly stupid for the malware creators to knock a system off of
the net when they pWn it.

Was UAC completely disabled ?

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

 

[Mick Murphy]

Scan your System in Safe mode with your Anti-virus and Spybot Search & Destroy
All info below.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.5.2 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode, then hit ENTER.
RESCAN your computer with Avast and Spybot S & D while in Safe Mode.

 

[Markup]

MowGreen & Mick

Thank you very much for your help, I am now showing a clean bill of health
and am praying like dickens that it remains that way.

I had a devil of a time trying to get into safe mode but once I did realised
that it was my own lack of knowledge that was barring me.

Strange thing is, there are a couple of instances in my files of the
winload.exe still being present but not registering as the Trojan VX 15 and
all seems to be working well so I am assuming that it is a correct file that
the virus just replicated - here's hoping anyway.

Again, thank you so much for your time and help.

Best regards to you both,
Mark

 

[MowGreen [MVP]]

YW, Mark. You can scan all instances of winload.exe to see if any are
'imposters' or still infected here: http://www.virustotal.com/
Recommend you getting a 'second opinion' to determine if the system is
finally cleaned up.
Using Internet Explorer, you can also run an in-depth scan of the system
here: http://www.kaspersky.co.uk/virusscanner
or here
http://usa.kaspersky.com/products_services/free-virus-scanner.php

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============