New Life Games Tech Forums

I have had two computers which became infected with the phoney malware "Windows Security Center".  Sometimes I don't know how it finds its way onto a computer, but if it does, it completely hijacks your computer - no other prgrams or the internet work.  It tries to force you to purchase their software program to fix your computer or rmove all these supposed viruses on your computer.  It starts popping up porno web sites on your screen.  It looks so much like a genuine Microsoft product, it is scary. 

Here are the steps to remove the malware.  By the time I figured out how to remove it, it took about 8 hours to undo what it had done to my computer.  Even after I got rid of it, my Internet Explorer needed fixing !

How to Remove Fake “Windows Security Center” Malware from Computer (I was running Windows XP Media Edition)

1.   Unplug networking device to stop internet connection.
2.   Shut off computer (do not log off – just hit the computer’s off button).
3.   Reboot computer – as computer starts to reboot repeatedly hit the  “F8” key to enter into the computer’s “Safe Mode”
4.   Once in Safe Mode, scroll down to Enter Windows without networking
5.   Go to an uninfected computer and download “SuperAnti-Spyware” for free from cnet.com.  Load this file onto an SD card or other portable memory device.
6.   Go back to the infected computer which should now be in “Safe Mode.”  Put in the portable memory device into the computer card reader.  Go to the “Start” menu and using “My Computer,” double click on the new portable drive. 
7.   Copy the Super Anti-Spyware file (drag the file) to the desktop of the infected computer. 
8.   Once copied, double click the file and install the SuperAnti-Spyware program. 
9.   Run a full scan (this can take upwards of an hour).  Once it identifies spyware, remove anything that it has checked off as malware/spyware in order to remove the files.
10.   Reboot the computer.
11.   Check your network status – you may have an internet connection, but are unable to load Internet Explorer.  The malware can also mess up your Internet Explorer, so you need to re-set it.
12.   To reset Internet Explorer, go to “Start,” then “Control Panel,” then “Internet Options” then the “Advanced” tab.  Hit the “Reset” Internet Explorer Button at the bottom of the open dialog box.  Check off the box for “Delete Personal Settings.”  By checking this box, you will NOT lose your internet history or saved favorite sites.  It can, however, change your homepage.  If you installed the SuperAnti-Spyware to your computer, however, a dialog box should pop up asking you whether you want it to change your homepage.  Even if you answer “yes,” you can always go into “Internet Options” on the “General” tab and change your home page to the web address you want in the first box on this tab.

Good Luck !

Thanks for the heads up and the fix! K+ :3-

i had a similiar virus i just did a factory reinstall today on my puter just hit f11 then did a full reinstall i think i got rid of it ....puter runs fine now....

K+

In my job I have reloaded about 5 computers with this, reason that I reloaded is because after I did fix and clean, it came back. Don't know why just did.

When you get the fake windows security scan pop-up window, you cannot "close" the window, it will install the payload.  You need to Ctrl-Alt-Del and kill the internet explorer process, or if you don't want to do that, cut power to your PC.  It's best to not let it in.

thats why I have a MAC - how many malware issues with MACS?  NONE.

Only because no one owns them.  :97- :97- :97-

Seriously, it's not worth the hackers' time to develop malware for the MAC because there aren't enough of them in use -- same for linux users. If everyone switched from PC to MAC, you'd be as inundated with viruses as PCs are now within a couple of years.

It's got nothing to do with the "security" of the MAC operating system.

install AVG its the best security software out there and its free..... it blocks anything that pops up thats a possible infection..... i been using it for over 3 years never had a virus......

I've heard that hackers write this crap to attack windows for their complete hatred of Bill Gates......
He's not real liked in the computer world, unless you draw a paycheck from him.

 :208- :208- :208- :208-

I removed AVG from my wife's PC after her PC was trojanized and connecting back to a machine in Estonia. That crap software wasted 12 hours of my life.

Oh Macs can get a virus, they are rare though.

No one owns a Mac. I hear they have over 10% of the market.
I own one and will always have one.

Except for some special applications, or unusual peripheral and software.
I can not think of anything I cant do on my Mac that a Windows PC can do better than a Mac, other than Windows getting another virus, etc.

I can even run Windows XP and 7 on it, in VirtualBox or selecting to boot Windows 7.
My Mac did not cost anymore than a decent PC, and it is a Intel Quad Core.
IF you want details you may PM me.

You just made my point. When 80-90% of personal computer users have Macs, the viruses will follow. Sometimes it pays to go against the majority.

Myself- I don't worry about a virus - anything goes bad, I just reboot
Best $30 program I every got - been using it for well over 6 years now :3-

 http://www.faronics.com/

Deep Freeze instantly protects and preserves baseline computer configurations. No matter what changes a user makes to a workstation, simply restart to eradicate all changes and reset the computer to its original state - right down to the last byte. Expensive computer assets are kept running at 100% capacity and technical support time is reduced or eliminated completely. The result is consistent trouble-free computing on a truly protected and parallel network, completely free of harmful viruses and unwanted programs.

While Deep Freeze provides bulletproof protection, its non-restrictive approach also improves user productivity and satisfaction. Placing no restrictions on a user's ability to access all system resources, users avoid the frustration of downtime due to software conflicts, operating system corruption, virus attacks, and many other problems. Users are always assured of computers that are consistently operable and available

It is way easy to write viruses, mal-ware, etc for windows.

it is 1000 times harder to write one for the different flavors of Unix out there, Mac OS X being one of them.

I am sorry but Windows is not a as secure as people would like to think it is.

Microsoft has allways  been

" Hurry up and get the program out and the money coming in,
 we will fix the holes and problems later when the customers
and hackers find them".

Off the top of my head -
Email and calendaring (especially in the enterprise, Exchange or Domino)
Excel
Powerpoint
Visio

If you have need to use any of these applications, you'll still need Windows around.

The problem with Windows has not been as you state, it's the fact that Windows started as a non-networked OS, and was not designed with ANY security. They have been adding security since the advent of networking and NT (we won't discuss 3.11 as there was no real security to speak of), but when your base structure isn't designed with security as a priority, it's hard to add in at a later date.

*nix operating systems have been networked since their beginning in the 60s, so the security framework was designed in from the start, and OS X is based on that model of OS (not actually on Unix), so it is more resistant to the type of attacks that Windows is not.

Foster, if OS X is so secure, why does Apple release security updates that range up to the hundreds of megabytes every cycle? :79-
The fact is, there are security issues with OS X, but few exploits. As their market share grows, the number of exploits will also increase. Google "os x code execution" if you want to see examples of these issues...

Been there, done that, too. @#$$#$ crap!  :7- :7- :72- :72-

LOL....AVG (Free Edition) pure crap runs to many processors for one
Ad shield,email,pop up blocker,and a few others I can't remember off the top of my head
which in turn none of it works not to mention the fake virus alerts it gives at times
and the slower page loads you get.

I did use it along time ago before they added all the stuff that don't work
I now use NOD32 not the best but ranks high on the list.
Free is Free I guess but you should always back up the important stuff
no matter what you have.

Tim


Oh !!! I forgot AVG a poor man's Norton..Blah nuff said

Norton is another company whose products I love to hate... :30- :30- :30- :30- :30-

Norton and Microsoft are notorious for bloatware. I have Norton only because it's free with Comcast, which incidentally I cancelled about 3 years ago

I have MS Office for Mac 2008 Professional, which has Word, Excel, PowerPoint, Entourage (e-mail), and few other programs.
Also have MS Office 2007 Professional on Windows 7 Ultimate. but I have not needed to boot into it.

Mac OS X is based on Open or Free BSD, which is based on unix.
Apple has probably modified many parts of it as they see fit.

And if I need some hardware or program that only works in Windows, I restart the computer in Windows 7.
I have Mac OS X, Windows 7, Open Solaris, and Linux installed on my computer.

Also when have you seen a Windows 7 PC have or use 2 or 3 Quad Core CPU's.

NAV was my AVG. I spent hours going through the registry cleaning up the dozens of turds that company left on my system after it had been "officially" removed.  :37- :37-

Back in the DOS days, the Norton Utilities were one of the best tools around. I taught myself how the FAT file system worked by looking at the FAT tables and the directory structure using the NU suite. I also used to use it as an old hex editor to look at data. I hacked a few video games that way. :89-  But that was a very long time ago, and I have nothing good to say about Norton's current AV/AS (spamware) products.

Another one that's gone downhill this year is Ad-Aware. I still have it installed, but the last major release (v8) months back that changed the entire program interface is a kludge. It has become a resource hog, it should be removed by its own standards (it puts up pop-up balloons advertising their for-profit products), and they made the interface too user friendly: They no longer show you the detailed information of what they find, so it's very difficult to make an intelligent decision as to what action to take. It has also given me some false positives. I'll be removing it soon.

I have a Dual Quad Core Xeon Dell Precision workstation, so yes they do exist and it's running windows 7 ultimate.  I also have a pair of Macs.  I'm an equal opportunity technology user and the Mac vs PC argument is not one that will ever end.  To each his own.  I prefer linux since it can be customized to do just about anything and it's open source (i.e. you can add your own crap to the kernel if you are so inclined).  OSX is based on linux but it's definitely "not open" as you aren't even allowed under license to do anything to the kernel files as per the apple license agreement.  OSX is by far the best OS apple has ever marketed and it's a lot easier to develop for it than the old days of MAC OS, which was bloated with stuff and totally in-efficient.  OSX is not more secure than windows, it just doesn't get the attention from malware and virus writers, because it's better to infect 80% of pc's with the same code than 10%.  The object of viruses and malware is to bombard you with ads and or retrieve information from your PC, that's why Macs get "no love" from spam and virus authors.  Once MAC OSX gets more popular, watch out.  Apple is notoriously slow at patching security holes.

Just saw this reply. There's no feature parity between the 2 versions of Office (Mac vs. Windows).

Office for the Mac is pretty much brain-dead, you can't even color cells, rows, or columns in Excel, and there's no VB support. That makes it a non-starter for any but the most basic user.

I use Parallels when I have to run Windows on the Mac, it takes too long to reboot into windows then back into OS X when I'm done. But for any real power usage, I just run Win7 on my dual quad core tower.

I had Ad-Aware for years and loved it but I have to agree that
ever since they changed it last year - it sucks.  :52-
I haven't used it in months because of all the junk it tries to do.   :58-:60-  :30-
It's too bad ...it was a very good product at one time... :8-
I'll be removing it soon too... :89-

 :8- :37-This trojan hit a few of our machines in the office today, we were able to manually clean the machine by following these steps

boot into safe mode
start taskmanager and close the process called "hotfix.exe"
search for a file named hotfix.exe, there might be a couple, but the ones that got us where time stamped with todays date and time that the infection started.
delete that file
this also created 2 files jkhkj.bat and mstsc.exe, they were located on the desktop, delete these files
open "regedit" and go to this key
HKEY_USERS\S-1-5-21-1384738610-847602051-1361462980-58697\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
and look for the "entry"  it will have a path to the batch file above, remove that entry and replace with "explorer"
reboot and you should be fine.

jon

Office 2011 for Mac just came out.  That is supposed to be nearly identical to the Windows version.  I ordered a 3 pack license today to use here at the office for the Mac Folks.  It has outlook which is a big plus when migrating, the old entourage totally ?#?#$?@?#$?.

From the first review I saw on Google:

Sadly there is a pretty big weak link in Office 2011: Outlook. It seems that Microsoft simply sacrificed brains for beauty. Don’t get us wrong. It’s definitely the best and most powerful email client we’ve ever used on OS X, but after using it for 10 minutes we honestly gave up on it. Why? Because it simply requires more work to get simple tasks done than on the Windows version. It sucks to say it, but given the choice between using the new Outlook for Mac and virtualizing Outlook for Windows, we’d go with the latter any day.

You'll need Exchange 2010 if you want to have server-side rules, and I've heard there's no compatibility with Exchange 2003 so at least 2007 is required. Let me know how it goes, I'll use your experience to help decide if I'm going to upgrade...

I still don't have it, but one of the major issues for my situation has been the migration of PC to Macs in regards to e-mail.  The outlook PST file was not supported on entourage, and all the import programs do not import addresses that are not standard US addresses right.  So for this alone it is worth it on my end.  When I get it, I'll post my experiences with it.  I already knew about the exchange issues, we have since migrated out of exchange here so that will not apply anymore.

So, there is an application that converts .pst to .rge, which works with Erage. It's called Emailchemy.

As far as converting to Mail.app, not sure if Emailchemy (or some other application) will do that, but one solution is to create a temp folder on the Ecxchange server with Outlook, and copy portions of the pst contents to the Exchange server, then back to a local file in Mail.app.

Yup, we've been hacking around with Macs in a Winblows world for quite a while here... :200- :72-

Yes, that was one of the options, and for the most part getting the e-mails correcty has not been the issue, it's been the other things in outlook like contacts and addreses, specially those that don't adhere to standard US format.

I get home from work today to find our computer now has the "Security Tools" virus. We (wife and I) are running XP Home Edition. This popup shit only appears on the wife's logon. I can logon and surf the net with no problem. After reading up on the Security Tools virus I logon and look in the All Users - Application Files for this piece of shit. Did the Show All Hidden Files and Hidden Extension settings. I found no new files or any files that were just random numbers. Since it only affects the Mrs, I looked in her Application Files too.
Then I clicked on my Malwarebytes program and attempted to update my older version. Kept getting "cannot find - check firewall settings". I shutoff the firewall, popup blockers, lowered the security settings and still could not update. So I downloaded the latest version. When I installed it received an error message, but it did seem to install. When I opened Malware it does look slightly different so assuming it installed. Currently running it on my login and so far nothing detected after 25 minutes. I suspect it will find nothing.

Any ideas????

Try booting in Safe Mode with networking  (F8) at boot up
Then run the update again

Paul

I was thinking the same thing.
Download latest version of Malwarebytes on my laptop.
Save to a stick.
Start XP computer in Safe Mode.
Run Malwarebytes.
Will try tomorrow.

That sounds like the best plan. You might also search the registry for the entries that xkey mentioned. You'll have to substitute your wife's GUID in the path (where it starts S-1-5-21...)

If it happened recently, you could do a global search of the entire drive for all files created/modified after the date of infection, and you might also try using system restore to restore to a point prior to the infection.

I don't have the guts to dig into the registry, but I did do this;
I logged as my wife and then switched users as it was loading.
Then on my login I opened Task Mgr and found the little bastard was named 314616586.EXE-O5CD03AC
Shut it down and returned to the wife's login.
Found the file in C;\Windows\Prefetch
Removed the EXE extension.
When I logged back on to her side it created another one!
So tomorrow I'll run Malware in safe mode and see what happens.

You can also go to "Start - Run"
Then type in "MSCONFIG"
That will take you to the system configuration.
then look for the  program that's
causing the problem.

is the free version of Malwarebytes any good? :103- i was thinking of downloading it.....

The free Malwarebytes has saved me on three occasions now. I should cough up the $25 and get the full version.

I just tried downloading it again and this time it loaded without errors! Running a scan and it has detected 5 infected objects so far! So it's looking good.

I bet the Sprint SmartView aircard was the cause of the incomplete download and not the virus/malware.

Would rather have this thing beat before I call it a night!

i just ran it too it found nothing, so thats a good thing......

Jim,

I hope that got got it beat! Those things are a bitch.... I feel that virus makers should get the death penalty, immediate, and no appeals! :37- :106- :107- :107- :107- :107- :107- :107-

CaptainHappy :95-

Things are looking ok now!
Malwarebytes found 4 bad files, 2 bad registry files, and 1 bad memory file. One I had already deleted, so the total would have been 8.
 This crap is just a big pain in the rear!
Thanks for all the replies!!  :89-

Here is the scan log, I replaced my wife's name with "wife". She likes her privacy, sort of like Mrs. Columbo. (anyone remember that?)


Scan type: Full scan (C:\|F:\|)
Objects scanned: 222200
Time elapsed: 54 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\temp\_ex-08.exe (Spyware.Passwords) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\DownloadWare (Adware.DownloadWare) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniffer (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\_ex-08.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\wife\Local Settings\Application Data\314616586.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\wife\Local Settings\temp\0.4191665775512726.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\wife\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

why dont you just do a complete factory reinstall?