Welcome, Guest. Please login or register.
November 21, 2024, 02:33:15 PM

Login with username, password and session length
* Home Help Arcade Login Register
.
+  Forum
|-+  NLG Members who host their own Repair Logs of Various Games.
| |-+  RickHunters Computer Help 101 (Moderator: rickhunter)
| | |-+  Windows Fake "Security Center" Malware
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: 1 [2] Go Down Print
Author Topic: Windows Fake "Security Center" Malware  (Read 24648 times)
rickhunter
SMAA Founder and Chairman
Topic Moderator
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 226
Offline Offline

Gender: Male
Posts: 1456


I Void Warranties


« Reply #25 on: October 25, 2010, 05:44:08 PM »

Also when have you seen a Windows 7 PC have or use 2 or 3 Quad Core CPU's.

I have a Dual Quad Core Xeon Dell Precision workstation, so yes they do exist and it's running windows 7 ultimate.  I also have a pair of Macs.  I'm an equal opportunity technology user and the Mac vs PC argument is not one that will ever end.  To each his own.  I prefer linux since it can be customized to do just about anything and it's open source (i.e. you can add your own crap to the kernel if you are so inclined).  OSX is based on linux but it's definitely "not open" as you aren't even allowed under license to do anything to the kernel files as per the apple license agreement.  OSX is by far the best OS apple has ever marketed and it's a lot easier to develop for it than the old days of MAC OS, which was bloated with stuff and totally in-efficient.  OSX is not more secure than windows, it just doesn't get the attention from malware and virus writers, because it's better to infect 80% of pc's with the same code than 10%.  The object of viruses and malware is to bombard you with ads and or retrieve information from your PC, that's why Macs get "no love" from spam and virus authors.  Once MAC OSX gets more popular, watch out.  Apple is notoriously slow at patching security holes.
Logged

A slot collector is like a coin hopper in a machine that never pays out.  they just keep on accumulating assets.
brichter
Spaced Alien
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 440
Offline Offline

Gender: Male
Posts: 2374



WWW
« Reply #26 on: October 26, 2010, 01:37:01 AM »

I have MS Office for Mac 2008 Professional, which has Word, Excel, PowerPoint, Entourage (e-mail), and few other programs.

Also when have you seen a Windows 7 PC have or use 2 or 3 Quad Core CPU's.


Just saw this reply. There's no feature parity between the 2 versions of Office (Mac vs. Windows).

Office for the Mac is pretty much brain-dead, you can't even color cells, rows, or columns in Excel, and there's no VB support. That makes it a non-starter for any but the most basic user.

I use Parallels when I have to run Windows on the Mac, it takes too long to reboot into windows then back into OS X when I'm done. But for any real power usage, I just run Win7 on my dual quad core tower.
Logged

Thanks,
Bill
stayouttadabunker
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 1039
Offline Offline

Gender: Male
Posts: 13447



« Reply #27 on: October 26, 2010, 03:23:21 AM »

Another one that's gone downhill this year is Ad-Aware. I still have it installed, but the last major release (v8) months back that changed the entire program interface is a kludge. It has become a resource hog, it should be removed by its own standards (it puts up pop-up balloons advertising their for-profit products), and they made the interface too user friendly: They no longer show you the detailed information of what they find, so it's very difficult to make an intelligent decision as to what action to take. It has also given me some false positives. I'll be removing it soon.

I had Ad-Aware for years and loved it but I have to agree that
ever since they changed it last year - it sucks.  loser
I haven't used it in months because of all the junk it tries to do.   muted:60-  frying pan
It's too bad ...it was a very good product at one time... bawling
I'll be removing it soon too... yes
Logged
xkey
Contributing NLG Member
NLG Member 101 to 500 Post
*

Total Karma Storms: 260
Offline Offline

Gender: Male
Posts: 154



WWW
« Reply #28 on: October 26, 2010, 07:01:30 PM »

 bawling :37-This trojan hit a few of our machines in the office today, we were able to manually clean the machine by following these steps

boot into safe mode
start taskmanager and close the process called "hotfix.exe"
search for a file named hotfix.exe, there might be a couple, but the ones that got us where time stamped with todays date and time that the infection started.
delete that file
this also created 2 files jkhkj.bat and mstsc.exe, they were located on the desktop, delete these files
open "regedit" and go to this key
HKEY_USERS\S-1-5-21-1384738610-847602051-1361462980-58697\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
and look for the "entry"  it will have a path to the batch file above, remove that entry and replace with "explorer"
reboot and you should be fine.

jon
Logged

Momma says I need another job to keep this hobby!!
rickhunter
SMAA Founder and Chairman
Topic Moderator
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 226
Offline Offline

Gender: Male
Posts: 1456


I Void Warranties


« Reply #29 on: October 26, 2010, 08:46:11 PM »

Just saw this reply. There's no feature parity between the 2 versions of Office (Mac vs. Windows).

Office for the Mac is pretty much brain-dead, you can't even color cells, rows, or columns in Excel, and there's no VB support. That makes it a non-starter for any but the most basic user.

I use Parallels when I have to run Windows on the Mac, it takes too long to reboot into windows then back into OS X when I'm done. But for any real power usage, I just run Win7 on my dual quad core tower.

Office 2011 for Mac just came out.  That is supposed to be nearly identical to the Windows version.  I ordered a 3 pack license today to use here at the office for the Mac Folks.  It has outlook which is a big plus when migrating, the old entourage totally ?#?#$?@?#$?.
Logged

A slot collector is like a coin hopper in a machine that never pays out.  they just keep on accumulating assets.
brichter
Spaced Alien
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 440
Offline Offline

Gender: Male
Posts: 2374



WWW
« Reply #30 on: October 27, 2010, 01:41:26 AM »

Just saw this reply. There's no feature parity between the 2 versions of Office (Mac vs. Windows).

Office for the Mac is pretty much brain-dead, you can't even color cells, rows, or columns in Excel, and there's no VB support. That makes it a non-starter for any but the most basic user.

I use Parallels when I have to run Windows on the Mac, it takes too long to reboot into windows then back into OS X when I'm done. But for any real power usage, I just run Win7 on my dual quad core tower.

Office 2011 for Mac just came out.  That is supposed to be nearly identical to the Windows version.  I ordered a 3 pack license today to use here at the office for the Mac Folks.  It has outlook which is a big plus when migrating, the old entourage totally ?#?#$?@?#$?.

From the first review I saw on Google:

Sadly there is a pretty big weak link in Office 2011: Outlook. It seems that Microsoft simply sacrificed brains for beauty. Don’t get us wrong. It’s definitely the best and most powerful email client we’ve ever used on OS X, but after using it for 10 minutes we honestly gave up on it. Why? Because it simply requires more work to get simple tasks done than on the Windows version. It sucks to say it, but given the choice between using the new Outlook for Mac and virtualizing Outlook for Windows, we’d go with the latter any day.

You'll need Exchange 2010 if you want to have server-side rules, and I've heard there's no compatibility with Exchange 2003 so at least 2007 is required. Let me know how it goes, I'll use your experience to help decide if I'm going to upgrade...
Logged

Thanks,
Bill
rickhunter
SMAA Founder and Chairman
Topic Moderator
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 226
Offline Offline

Gender: Male
Posts: 1456


I Void Warranties


« Reply #31 on: October 27, 2010, 02:40:55 PM »

I still don't have it, but one of the major issues for my situation has been the migration of PC to Macs in regards to e-mail.  The outlook PST file was not supported on entourage, and all the import programs do not import addresses that are not standard US addresses right.  So for this alone it is worth it on my end.  When I get it, I'll post my experiences with it.  I already knew about the exchange issues, we have since migrated out of exchange here so that will not apply anymore.
Logged

A slot collector is like a coin hopper in a machine that never pays out.  they just keep on accumulating assets.
brichter
Spaced Alien
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 440
Offline Offline

Gender: Male
Posts: 2374



WWW
« Reply #32 on: October 27, 2010, 04:19:09 PM »

I still don't have it, but one of the major issues for my situation has been the migration of PC to Macs in regards to e-mail.  The outlook PST file was not supported on entourage, and all the import programs do not import addresses that are not standard US addresses right.  So for this alone it is worth it on my end.  When I get it, I'll post my experiences with it.  I already knew about the exchange issues, we have since migrated out of exchange here so that will not apply anymore.

So, there is an application that converts .pst to .rge, which works with Erage. It's called Emailchemy.

As far as converting to Mail.app, not sure if Emailchemy (or some other application) will do that, but one solution is to create a temp folder on the Ecxchange server with Outlook, and copy portions of the pst contents to the Exchange server, then back to a local file in Mail.app.

Yup, we've been hacking around with Macs in a Winblows world for quite a while here... Crazy rotflmao
Logged

Thanks,
Bill
rickhunter
SMAA Founder and Chairman
Topic Moderator
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 226
Offline Offline

Gender: Male
Posts: 1456


I Void Warranties


« Reply #33 on: October 27, 2010, 04:47:17 PM »

Yes, that was one of the options, and for the most part getting the e-mails correcty has not been the issue, it's been the other things in outlook like contacts and addreses, specially those that don't adhere to standard US format.
Logged

A slot collector is like a coin hopper in a machine that never pays out.  they just keep on accumulating assets.
uniman
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 695
Offline Offline

Gender: Male
Posts: 1830



« Reply #34 on: October 29, 2010, 02:31:04 AM »

I get home from work today to find our computer now has the "Security Tools" virus. We (wife and I) are running XP Home Edition. This popup shit only appears on the wife's logon. I can logon and surf the net with no problem. After reading up on the Security Tools virus I logon and look in the All Users - Application Files for this piece of shit. Did the Show All Hidden Files and Hidden Extension settings. I found no new files or any files that were just random numbers. Since it only affects the Mrs, I looked in her Application Files too.
Then I clicked on my Malwarebytes program and attempted to update my older version. Kept getting "cannot find - check firewall settings". I shutoff the firewall, popup blockers, lowered the security settings and still could not update. So I downloaded the latest version. When I installed it received an error message, but it did seem to install. When I opened Malware it does look slightly different so assuming it installed. Currently running it on my login and so far nothing detected after 25 minutes. I suspect it will find nothing.

Any ideas????
Logged
proten
Contributing Gold NLG Member
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 210
Offline Offline

Gender: Male
Posts: 1130



« Reply #35 on: October 29, 2010, 02:41:43 AM »

Try booting in Safe Mode with networking  (F8) at boot up
Then run the update again

Paul
Logged

One step at a time.
uniman
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 695
Offline Offline

Gender: Male
Posts: 1830



« Reply #36 on: October 29, 2010, 02:45:50 AM »

I was thinking the same thing.
Download latest version of Malwarebytes on my laptop.
Save to a stick.
Start XP computer in Safe Mode.
Run Malwarebytes.
Will try tomorrow.
Logged
StatFreak
rotaredoM etiS GLN labolG
Global NLG Site Moderator
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 756
Offline Offline

Gender: Male
Posts: 8549


Warning! Spammers will be eaten, with relish!


« Reply #37 on: October 29, 2010, 03:08:57 AM »

I was thinking the same thing.
Download latest version of Malwarebytes on my laptop.
Save to a stick.
Start XP computer in Safe Mode.
Run Malwarebytes.
Will try tomorrow.

That sounds like the best plan. You might also search the registry for the entries that xkey mentioned. You'll have to substitute your wife's GUID in the path (where it starts S-1-5-21...)

If it happened recently, you could do a global search of the entire drive for all files created/modified after the date of infection, and you might also try using system restore to restore to a point prior to the infection.
Logged

I found myself at NLG garfield  ..but got lost again on the way home. Scratch Head 2
If found, please email me to myself. Thanks. yes
       Executive member in good standing of Rick's SMAA.                              Ehhh...What's Up Doc?
uniman
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 695
Offline Offline

Gender: Male
Posts: 1830



« Reply #38 on: October 29, 2010, 03:30:14 AM »

I was thinking the same thing.
Download latest version of Malwarebytes on my laptop.
Save to a stick.
Start XP computer in Safe Mode.
Run Malwarebytes.
Will try tomorrow.

That sounds like the best plan. You might also search the registry for the entries that xkey mentioned. You'll have to substitute your wife's GUID in the path (where it starts S-1-5-21...)

If it happened recently, you could do a global search of the entire drive for all files created/modified after the date of infection, and you might also try using system restore to restore to a point prior to the infection.
I don't have the guts to dig into the registry, but I did do this;
I logged as my wife and then switched users as it was loading.
Then on my login I opened Task Mgr and found the little bastard was named 314616586.EXE-O5CD03AC
Shut it down and returned to the wife's login.
Found the file in C;\Windows\Prefetch
Removed the EXE extension.
When I logged back on to her side it created another one!
So tomorrow I'll run Malware in safe mode and see what happens.
Logged
proten
Contributing Gold NLG Member
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 210
Offline Offline

Gender: Male
Posts: 1130



« Reply #39 on: October 29, 2010, 03:35:14 AM »

You can also go to "Start - Run"
Then type in "MSCONFIG"
That will take you to the system configuration.
then look for the  program that's
causing the problem.
Logged

One step at a time.
staz
Contributing NLG Member
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 156
Offline Offline

Posts: 1567



« Reply #40 on: October 29, 2010, 03:43:57 AM »

is the free version of Malwarebytes any good? Scratch Head i was thinking of downloading it.....
Logged
uniman
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 695
Offline Offline

Gender: Male
Posts: 1830



« Reply #41 on: October 29, 2010, 04:00:08 AM »

The free Malwarebytes has saved me on three occasions now. I should cough up the $25 and get the full version.

I just tried downloading it again and this time it loaded without errors! Running a scan and it has detected 5 infected objects so far! So it's looking good.

I bet the Sprint SmartView aircard was the cause of the incomplete download and not the virus/malware.

Would rather have this thing beat before I call it a night!
Logged
staz
Contributing NLG Member
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 156
Offline Offline

Posts: 1567



« Reply #42 on: October 29, 2010, 04:20:10 AM »

i just ran it too it found nothing, so thats a good thing......
Logged
CaptainHappy
NLG Site Administrator
NLG Site Administrator
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 622
Offline Offline

Gender: Male
Posts: 3203


I haven't met a Jackpot that I didn't like!!!


« Reply #43 on: October 29, 2010, 06:25:28 AM »

The free Malwarebytes has saved me on three occasions now. I should cough up the $25 and get the full version.

I just tried downloading it again and this time it loaded without errors! Running a scan and it has detected 5 infected objects so far! So it's looking good.

I bet the Sprint SmartView aircard was the cause of the incomplete download and not the virus/malware.

Would rather have this thing beat before I call it a night!

Jim,

I hope that got got it beat! Those things are a bitch.... I feel that virus makers should get the death penalty, immediate, and no appeals! hissy fit advisory angry-kitty angry-kitty angry-kitty angry-kitty angry-kitty angry-kitty

CaptainHappy CaptainHappy
Logged

  Come sail away, Come sail away Come sail away with me..
uniman
Senior Full time Member.
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 695
Offline Offline

Gender: Male
Posts: 1830



« Reply #44 on: October 29, 2010, 01:01:31 PM »

Things are looking ok now!
Malwarebytes found 4 bad files, 2 bad registry files, and 1 bad memory file. One I had already deleted, so the total would have been 8.
 This crap is just a big pain in the rear!
Thanks for all the replies!!  yes

Here is the scan log, I replaced my wife's name with "wife". She likes her privacy, sort of like Mrs. Columbo. (anyone remember that?)


Scan type: Full scan (C:\|F:\|)
Objects scanned: 222200
Time elapsed: 54 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\temp\_ex-08.exe (Spyware.Passwords) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\DownloadWare (Adware.DownloadWare) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniffer (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\_ex-08.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\wife\Local Settings\Application Data\314616586.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\wife\Local Settings\temp\0.4191665775512726.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\wife\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Logged
staz
Contributing NLG Member
Sr.Tech NLG Member 1000+ Post
*

Total Karma Storms: 156
Offline Offline

Posts: 1567



« Reply #45 on: October 29, 2010, 01:47:38 PM »

why dont you just do a complete factory reinstall?
Logged
Pages: 1 [2] Go Up Print 
« previous next »
Jump to:  


If you find this site helpful, Please Consider Making a small donation to help defray the cost of hosting and bandwidth.



Newlifegames.com    Newlifegames.net    Newlifegames.org
   New Life Games    NewLifeGames  NLG  We Bring new Life to old Games    1-888-NLG-SLOTS
Are all Copyright and Trademarks of New Life Games LLC 1992 - 2021


FAIR USE NOTICE:

This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner.
We make such material available in an effort to advance awareness and understanding of the issues involved.
We believe this constitutes a fair use of any such copyrighted material as provided for in section 107 of the US Copyright Law.
In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those
who have expressed a prior interest in receiving the included information for research and educational purposes.

For more information please visit: http://www.law.cornell.edu/uscode/17/107.shtml.

If you wish to use copyrighted material from this site for purposes of your own that go beyond fair use,
you must obtain permission directly from the copyright owner.

NewLifeGames.net Web-Site is optimized for use with Fire-Fox and a minimum screen resolution of 1280x768 pixels.


Powered by SMF 1.1.20 | SMF © 2013, Simple Machines
Loon Designed by Mystica
Updated by Runic Warrior
Page created in 0.105 seconds with 20 queries.