Moostang Posted December 23, 2009 Report Share Posted December 23, 2009 I have some strange virus on my laptop called security center. I tried way too many things to fix it but it's still there. What's happens is it keeps having pop ups and what not. Actually what I'd rather do is wipe the memory if I can still keep the basic programs. Quote Link to comment Share on other sites More sharing options...
Skinner Posted December 23, 2009 Report Share Posted December 23, 2009 nope if you wipe the HDD you have to start over from scratch. first I would back up what ever you need to keep file wise. then try this. http://forums.techguy.org/malware-removal-hijackthis-logs/583257-solved-fake-security-center-virus.html if you still have problems format hdd and start over Quote Link to comment Share on other sites More sharing options...
Earl1647545488 Posted December 23, 2009 Report Share Posted December 23, 2009 Try running this in Safe Mode: http://www.malwarebytes.org/ Quote Link to comment Share on other sites More sharing options...
Moostang Posted December 23, 2009 Author Report Share Posted December 23, 2009 As of now it won't let me connect to the Internet even though the computer says the Internet connection is fine. So as far as downloading anything will be a little hard. I'm typing this on my itouch. Quote Link to comment Share on other sites More sharing options...
Earl1647545488 Posted December 23, 2009 Report Share Posted December 23, 2009 Dang, that does make it tough. Can you use msconfig to find out where it's loading from? It's probably someplace like "C:\Documents and Settings\Username\Application Data\etc." You can try renaming the exe file. Don't delete it just yet, it might not like that and it could take IE or other Windows components with it. Then you can try rebooting and seeing if it will let you back on the internet enough to download the Malwarebytes solution. Do you know what msconfig is? Quote Link to comment Share on other sites More sharing options...
SPL_Josh Posted December 23, 2009 Report Share Posted December 23, 2009 I have the same virus. I will have the internet connected but it wont load any websites. Its also pops up every couple seconds to say "xyz" file is infected Quote Link to comment Share on other sites More sharing options...
unfunnyryan Posted December 23, 2009 Report Share Posted December 23, 2009 Try running this in Safe Mode: http://www.malwarebytes.org/ +1 I've used this on a computer with the same malware installed, it gets rid of it. Get it on a flash drive on another computer or something. Quote Link to comment Share on other sites More sharing options...
87GT Posted December 23, 2009 Report Share Posted December 23, 2009 This should fix it. I just googled it and pulled the first thing. I would print this or make a notepad file of this on your desktop. Please download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract the content (a folder named SmitfraudFix) to your Desktop. Next, please reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; * Select the first option, to run Windows in Safe Mode, then press "Enter". * Choose your usual account. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. Quote Link to comment Share on other sites More sharing options...
SPL_Josh Posted December 23, 2009 Report Share Posted December 23, 2009 Do you know what msconfig is? no:( Quote Link to comment Share on other sites More sharing options...
SPL_Josh Posted December 23, 2009 Report Share Posted December 23, 2009 This should fix it. I just googled it and pulled the first thing. I would print this or make a notepad file of this on your desktop. Please download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract the content (a folder named SmitfraudFix) to your Desktop. Next, please reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; * Select the first option, to run Windows in Safe Mode, then press "Enter". * Choose your usual account. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. It is not allowing me to connect to the internet. How can I get this to my computer? The only data im worried about losing is all my music files. Will this erase them? Quote Link to comment Share on other sites More sharing options...
Earl1647545488 Posted December 23, 2009 Report Share Posted December 23, 2009 Hold down the Windows Key and press "R", this should bring up the Run command. Type "msconfig" without the quotes and press Enter. Click on the Startup tab. This shows you the list of processes your computer is kicking off when it starts. See if you can see the Security Center exe in there. It may not be named in an obvious manner, though. You can use the Location column to see exactly where it is and be able to rename it. 1 Quote Link to comment Share on other sites More sharing options...
Moostang Posted December 24, 2009 Author Report Share Posted December 24, 2009 Deleted the program file but still have pop ups that try to connect to the web and I stil can't connect even though it says I'm connected. Quote Link to comment Share on other sites More sharing options...
SPL_Josh Posted December 24, 2009 Report Share Posted December 24, 2009 Is there a way just to reset the whole computers memory (without erasing like internet explorer, media player, and the whole vista system)? If so i would just as soon do that. There only four programs i have use for (itunes, internet explorer, media player, and a car audio software) but my computer says that the memory is almost full 30/33GBs. Which i have no clue how. Quote Link to comment Share on other sites More sharing options...
t-redjti Posted December 24, 2009 Report Share Posted December 24, 2009 Just had the same malware. Had to reset the system with the disk, luckily i had all my data backed up on disks so i lost nothing. This was the only way i could find to fix the problem. Quote Link to comment Share on other sites More sharing options...
Nitrousbird Posted December 24, 2009 Report Share Posted December 24, 2009 How many times does someone have to say GO TO SAFE MODE before you people will go there? You will likely be able to browse the internet in safe mode. If not, go to a different PC, take a thumb drive and download the file to that, then put the file on your PC. Seriously, if you can't figure out these simple tasks, you should really take the PC to someone that knows what they are doing. Quote Link to comment Share on other sites More sharing options...
Earl1647545488 Posted December 24, 2009 Report Share Posted December 24, 2009 Deleted the program file but still have pop ups that try to connect to the web and I stil can't connect even though it says I'm connected. You were supposed to just rename it man. Can you go back to where you found it to see if it's back from where you deleted it? It really looks like you are just going to have to get the Malwarebyte's program on a flash drive from another PC and install it while the PC is in Safe Mode. Even still, I'm guessing the Security Center malware is not going to let you install it. Quote Link to comment Share on other sites More sharing options...
Earl1647545488 Posted December 24, 2009 Report Share Posted December 24, 2009 Is there a way just to reset the whole computers memory (without erasing like internet explorer, media player, and the whole vista system)? If so i would just as soon do that. There only four programs i have use for (itunes, internet explorer, media player, and a car audio software) but my computer says that the memory is almost full 30/33GBs. Which i have no clue how. No, not really, and even it was possible, you can rest assured the malware is embedded in your Windows system files and it will be restored along with the rest of Windows. The Malwarebytes solution is the easiest way, the surefire 100% way would be to reformat the hard drive, which of course will erase everything. But you have to know what you are doing. Just an FYI...you keep saying "memory" when you mean to say "hard drive" or "disk space". Your memory gets wiped out every time you turn off your PC. Quote Link to comment Share on other sites More sharing options...
AWW$HEEET Posted December 24, 2009 Report Share Posted December 24, 2009 + 1 million on malwarebytes. Its a good, free utility, and in my case has erradicated nearly every virus that has stood in my way. Quote Link to comment Share on other sites More sharing options...
87GT Posted December 24, 2009 Report Share Posted December 24, 2009 Use another computer to download the file then throw it on a USB jump drive. You could also back up all your important files on the same drive, then reinstall windows from scratch. Don't forget to load safe mode with networking support! Quote Link to comment Share on other sites More sharing options...
SPL_Josh Posted December 24, 2009 Report Share Posted December 24, 2009 Try running this in Safe Mode: http://www.malwarebytes.org/ did this Deleted the program file but still have pop ups that try to connect to the web and I stil can't connect even though it says I'm connected. ^^^same problem now. Use another computer to download the file then throw it on a USB jump drive. You could also back up all your important files on the same drive, then reinstall windows from scratch. Don't forget to load safe mode with networking support! Did this, but didnt do it in with networking support. (i will try again with networking support --is it too late though?) Quote Link to comment Share on other sites More sharing options...
KillJoy Posted December 24, 2009 Report Share Posted December 24, 2009 I did not read all of the replies.... This application is Spyware. KillJoy Quote Link to comment Share on other sites More sharing options...
Earl1647545488 Posted December 24, 2009 Report Share Posted December 24, 2009 Ok, so it's my understanding that Malwarebytes has successfully removed Security Center but now you can't access any internet pages even though you are showing as connected. Next you need to fix your Winsock settings: http://support.microsoft.com/kb/811259 Are you running XP, Vista, or Windows 7? Quote Link to comment Share on other sites More sharing options...
SPL_Josh Posted December 24, 2009 Report Share Posted December 24, 2009 vista. Quote Link to comment Share on other sites More sharing options...
SPL_Josh Posted December 24, 2009 Report Share Posted December 24, 2009 here are the files malwarebytes.org found corrupted. c:\users\user\appdata\local\microsoft\windows\temporaryinternetfiles\content.ie5\7ttr1uhv\ms307[1].exe c:\users\user\appdata\local\elirmq\yhsxsysquard.exe c:\users\user\appdata\local\temp\pdfupd.exe hkey_current_user\software\avscan hkey_current_user\software\microsoft\windows\currentversion\run\qtmodulk(c:\users\user\appdata\local\elirmq\yhsxsysquard.exe) Quote Link to comment Share on other sites More sharing options...
Earl1647545488 Posted December 24, 2009 Report Share Posted December 24, 2009 Try these 2 commands: Manual steps to recover from Winsock2 corruption for Windows Vista users Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps: Click http://support.microsoft.com/library/images/support/kbgraphics/Public/EN-US/VistaStartButton.jpg and then click Network.Click Network and Sharing Center.In the Network and Sharing Center box, click Diagnose and Repair. Note You may also access the Network and Sharing Center in Control Panel. Reset Winsock for Windows Vista To reset Winsock for Windows Vista, follow these steps: Click http://support.microsoft.com/library/images/support/kbgraphics/Public/EN-US/VistaStartButton.jpg , type cmd in the Start Search box, right-click cmd.exe, click Run as administrator, and then press Continue.Type netsh winsock reset at the command prompt, and then press ENTER. Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.Type exit, and then press ENTER. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.