Jump to content

XP Security 2012 Rouge, and constant outgoing connections being detected

Recommended Posts

OK, I have probably already caused more damage than good trying to fix this but here goes anyway.

About 2 weeks ago this rouge XP Security 2012 showed up on my system.

Microsoft Windows XP Home Edition

Version 2002

Service Pack 3


Intel® Pentium® Dual CPU

E2160 @ 1.80GHz

1.79 GHz, 2.00 GB of RAM

Physical Address Extension

Running McAfee Security Center

My system kept getting all the false security pop-ups then over the period of a hour or so ended up having all the .exe file extensions taken over to so that I couldn't run any antivirus or open any programs. I found a website that recommended for me to check my services.msc , and I found almost everything turned off. I turned on the services again then downloaded and ran Malwarebytes. It found a bunch of problems which it repaired, and my problems appeared to go away.

Yesterday, which is a week later, the XP Security 2012, pop ups came back. I tried running Norton Power Eraser from there website, along with McAfee Stinger, spybotsd162, System Repair Engineer , ect ect ect...... each program seamed to find something. This morning I updated Malwarebytes and turned on the protection module, which for some reason had turned off. I have noticed about every 30 seconds or so since that constant outgoing connections are being detected and stopped by Malwarebytes.

OK , maybe its just me but this has given me the impression that I have been doing nothing but tread water for the last week and this rouge is downloading new infections via this connection faster than i can delete them. UHG!!

Where do I go from here I have no Idea but from what I have read on these forums so far you all seam to be pretty sharp when it comes to these things, Please tell me what to download, and which buttons to push, and I am there.

Here is my present situation as of this morning

Malwarebytes' Anti-Malware


Database version: 8293

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/2/2011 8:39:35 PM

mbam-log-2011-12-02 (20-39-34).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Objects scanned: 42490

Time elapsed: 12 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

00:03:08 (null) IP-BLOCK (Type: outgoing)

00:03:11 (null) IP-BLOCK (Type: outgoing)

00:03:17 (null) IP-BLOCK (Type: outgoing)

00:03:26 (null) IP-BLOCK (Type: outgoing)

00:03:29 (null) IP-BLOCK (Type: outgoing)

00:03:35 (null) IP-BLOCK (Type: outgoing)

00:04:11 (null) IP-BLOCK (Type: outgoing)

00:04:14 (null) IP-BLOCK (Type: outgoing)

00:04:19 (null) IP-BLOCK (Type: outgoing)

00:04:20 (null) IP-BLOCK (Type: outgoing)

00:04:22 (null) IP-BLOCK (Type: outgoing)

00:04:28 (null) IP-BLOCK (Type: outgoing)

00:04:34 (null) IP-BLOCK (Type: outgoing)

00:04:37 (null) IP-BLOCK (Type: outgoing)

00:04:41 (null) IP-BLOCK (Type: outgoing)

00:04:43 (null) IP-BLOCK (Type: outgoing)

00:04:44 (null) IP-BLOCK (Type: outgoing)

00:04:49 (null) IP-BLOCK (Type: outgoing)

00:04:50 (null) IP-BLOCK (Type: outgoing)

00:04:52 (null) IP-BLOCK (Type: outgoing)

00:04:58 (null) IP-BLOCK (Type: outgoing)

00:04:59 (null) IP-BLOCK (Type: outgoing)

00:05:02 (null) IP-BLOCK (Type: outgoing)

00:05:08 (null) IP-BLOCK (Type: outgoing)

00:05:08 (null) IP-BLOCK (Type: outgoing)

00:05:10 (null) IP-BLOCK (Type: outgoing)

00:05:10 (null) IP-BLOCK (Type: outgoing)

00:05:11 (null) IP-BLOCK (Type: outgoing)

00:05:13 (null) IP-BLOCK (Type: outgoing)

00:05:14 (null) IP-BLOCK (Type: outgoing)

00:05:17 (null) IP-BLOCK (Type: outgoing)

00:05:19 (null) IP-BLOCK (Type: outgoing)

00:05:20 (null) IP-BLOCK (Type: outgoing)

00:05:20 (null) IP-BLOCK (Type: outgoing)

00:05:21 (null) IP-BLOCK (Type: outgoing)

00:05:23 (null) IP-BLOCK (Type: outgoing)

00:05:24 (null) IP-BLOCK (Type: outgoing)

00:05:29 (null) IP-BLOCK (Type: outgoing)

00:05:30 (null) IP-BLOCK (Type: outgoing)

00:05:32 (null) IP-BLOCK (Type: outgoing)

00:05:33 (null) IP-BLOCK (Type: outgoing)

00:05:35 (null) IP-BLOCK (Type: outgoing)

00:05:36 (null) IP-BLOCK (Type: outgoing)

Link to post
Share on other sites

Hello, and welcome to Malwarebytes, Gatorfan:

Sorry to hear that your computer may be infected.

We cannot review scan logs or work on malware detection/removal in this part of the General MBAM forum.

So, please read the following to get started on the cleaning process:

IMPORTANT NOTE: Please do NOT use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

FOR EXPERT ASSISTANCE with cleaning your system, there are 3 support options:

  • Option 1 -- Free, Expert advice in the Malware Removal Forum
  • Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  • Option 3 -- Premium, Fee-Based Support


As we don't deal with malware removal in this area of the forums, you'll need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware-related problems/infections.

  • First, please print out, read and CAREFULLY FOLLOW the directions here, skipping any steps you are unable to complete.
  • If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  • Then please post a NEW topic in the Malware Removal forum.
  • Please do NOT post in an open topic started by another member in the malware removal forum, even if the problem appears to be similar to yours.
  • When posting your new thread, under "options", make sure to select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you free, one-on-one assistance when one becomes available.

IMPORTANT NOTE: Please do NOT make any further changes to your computer such as (Install/Uninstall programs; use special fix tools; delete files; edit the registry; OR use temp file cleaners, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE: Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

  • o If there is no reply from any experts after 48 hours, you may reply to the topic, asking for help again.
    o You may send a Private Message to a Moderator, asking for assistance.


Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.


If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!


PS: Please use the zMn2t.jpg button instead of other ones when you reply here and at the other forums, so that it will be easier to read. :)

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.