Jump to content

Security center virus


Moostang

Recommended Posts

I have some strange virus on my laptop called security center. I tried way too many things to fix it but it's still there. What's happens is it keeps having pop ups and what not. Actually what I'd rather do is wipe the memory if I can still keep the basic programs.
Link to comment
Share on other sites

nope if you wipe the HDD you have to start over from scratch.

 

first I would back up what ever you need to keep file wise. then try this. http://forums.techguy.org/malware-removal-hijackthis-logs/583257-solved-fake-security-center-virus.html

if you still have problems format hdd and start over

Link to comment
Share on other sites

Dang, that does make it tough. Can you use msconfig to find out where it's loading from? It's probably someplace like "C:\Documents and Settings\Username\Application Data\etc."

 

You can try renaming the exe file. Don't delete it just yet, it might not like that and it could take IE or other Windows components with it. Then you can try rebooting and seeing if it will let you back on the internet enough to download the Malwarebytes solution.

 

Do you know what msconfig is?

Link to comment
Share on other sites

This should fix it. I just googled it and pulled the first thing. I would print this or make a notepad file of this on your desktop.

 

Please download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract the content (a folder named SmitfraudFix) to your Desktop.

 

Next, please reboot your computer in Safe Mode by doing the following :

 

* Restart your computer

* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

* Instead of Windows loading as normal, a menu with options should appear;

* Select the first option, to run Windows in Safe Mode, then press "Enter".

* Choose your usual account.

 

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

 

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

 

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

Link to comment
Share on other sites

This should fix it. I just googled it and pulled the first thing. I would print this or make a notepad file of this on your desktop.

 

Please download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract the content (a folder named SmitfraudFix) to your Desktop.

 

Next, please reboot your computer in Safe Mode by doing the following :

 

* Restart your computer

* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

* Instead of Windows loading as normal, a menu with options should appear;

* Select the first option, to run Windows in Safe Mode, then press "Enter".

* Choose your usual account.

 

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

 

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

 

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

It is not allowing me to connect to the internet. How can I get this to my computer?

The only data im worried about losing is all my music files. Will this erase them?

Link to comment
Share on other sites

Hold down the Windows Key and press "R", this should bring up the Run command. Type "msconfig" without the quotes and press Enter. Click on the Startup tab. This shows you the list of processes your computer is kicking off when it starts. See if you can see the Security Center exe in there. It may not be named in an obvious manner, though. You can use the Location column to see exactly where it is and be able to rename it.
  • Upvote 1
Link to comment
Share on other sites

Is there a way just to reset the whole computers memory (without erasing like internet explorer, media player, and the whole vista system)?

 

If so i would just as soon do that. There only four programs i have use for (itunes, internet explorer, media player, and a car audio software) but my computer says that the memory is almost full 30/33GBs. Which i have no clue how.

Link to comment
Share on other sites

How many times does someone have to say GO TO SAFE MODE before you people will go there?

 

You will likely be able to browse the internet in safe mode. If not, go to a different PC, take a thumb drive and download the file to that, then put the file on your PC.

 

Seriously, if you can't figure out these simple tasks, you should really take the PC to someone that knows what they are doing.

Link to comment
Share on other sites

Deleted the program file but still have pop ups that try to connect to the web and I stil can't connect even though it says I'm connected.

You were supposed to just rename it man. Can you go back to where you found it to see if it's back from where you deleted it?

 

It really looks like you are just going to have to get the Malwarebyte's program on a flash drive from another PC and install it while the PC is in Safe Mode. Even still, I'm guessing the Security Center malware is not going to let you install it.

Link to comment
Share on other sites

Is there a way just to reset the whole computers memory (without erasing like internet explorer, media player, and the whole vista system)?

 

If so i would just as soon do that. There only four programs i have use for (itunes, internet explorer, media player, and a car audio software) but my computer says that the memory is almost full 30/33GBs. Which i have no clue how.

No, not really, and even it was possible, you can rest assured the malware is embedded in your Windows system files and it will be restored along with the rest of Windows.

 

The Malwarebytes solution is the easiest way, the surefire 100% way would be to reformat the hard drive, which of course will erase everything. But you have to know what you are doing.

 

Just an FYI...you keep saying "memory" when you mean to say "hard drive" or "disk space". Your memory gets wiped out every time you turn off your PC.

Link to comment
Share on other sites

Use another computer to download the file then throw it on a USB jump drive. You could also back up all your important files on the same drive, then reinstall windows from scratch.

 

Don't forget to load safe mode with networking support!

Link to comment
Share on other sites

Try running this in Safe Mode:

 

http://www.malwarebytes.org/

 

did this

 

Deleted the program file but still have pop ups that try to connect to the web and I stil can't connect even though it says I'm connected.

^^^same problem now.

 

Use another computer to download the file then throw it on a USB jump drive. You could also back up all your important files on the same drive, then reinstall windows from scratch.

 

Don't forget to load safe mode with networking support!

 

Did this, but didnt do it in with networking support. (i will try again with networking support --is it too late though?)

Link to comment
Share on other sites

Ok, so it's my understanding that Malwarebytes has successfully removed Security Center but now you can't access any internet pages even though you are showing as connected.

 

Next you need to fix your Winsock settings:

 

http://support.microsoft.com/kb/811259

 

Are you running XP, Vista, or Windows 7?

Link to comment
Share on other sites

here are the files malwarebytes.org found corrupted.

c:\users\user\appdata\local\microsoft\windows\temporaryinternetfiles\content.ie5\7ttr1uhv\ms307[1].exe

 

c:\users\user\appdata\local\elirmq\yhsxsysquard.exe

 

c:\users\user\appdata\local\temp\pdfupd.exe

 

hkey_current_user\software\avscan

 

hkey_current_user\software\microsoft\windows\currentversion\run\qtmodulk(c:\users\user\appdata\local\elirmq\yhsxsysquard.exe)

Link to comment
Share on other sites

Try these 2 commands:

 

Manual steps to recover from Winsock2 corruption for Windows Vista users

 

Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps:

  1. Click http://support.microsoft.com/library/images/support/kbgraphics/Public/EN-US/VistaStartButton.jpg
    and then click Network.
  2. Click Network and Sharing Center.
  3. In the Network and Sharing Center box, click Diagnose and Repair.

Note You may also access the Network and Sharing Center in Control Panel.

 

Reset Winsock for Windows Vista

 

To reset Winsock for Windows Vista, follow these steps:

  1. Click http://support.microsoft.com/library/images/support/kbgraphics/Public/EN-US/VistaStartButton.jpg
    , type cmd in the Start Search box, right-click cmd.exe, click Run as administrator, and then press Continue.
  2. Type netsh winsock reset at the command prompt, and then press ENTER.
     
    Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.
  3. Type exit, and then press ENTER.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...