Jump to content

"Windows Vista Security 2012" wont let me open Malwarebytes


Recommended Posts

My laptop exited firefox and "Windows Security Center" popped up and then a "Vista Security 2012" came up. I restart my laptop in safe mode then hopped on my Mac to look for solutions.

I ended up on here: http://www.malwarehelp.org/fake-windows-security-center-analysis-and-removal-2009.html?replytocom=4039

I figured kaspersky would take care of it. So I dld Kaspersky and did all the settings/programs the website suggested ran the scan for a few hours and it found some files to disinfect and some to delete. (YAY! Right?) So I continued on as the website suggested and to start Malwarebytes' scan. I clicked Malwarebytes and sure enough "Windows Security Center" pops up instead of Malwarebytes...

On retrospect the guide was for dealing with "Vista Virus 2009" rather than 2012. What do I do? I already have Malwarebytes on my computer...I just cant access it. I dont know if I want to uninstall/reinstall MWBs, it has already taken care of some malware and 'saved' the previous malware's profile (or w/e).

Link to post
Share on other sites

DLd the exehelper on mac, usbed it to the PC in safe mode.

Was able to run mbam.exe in safe mode...currently found the 4 files. Now I can open all types of files. I am gonna reboot in normal mode and do a long scan (for justincase). Once that gets done I will reconnect that PC and bring the logs....a few quick questions tho

1) So what should I make of the kaspersky? Just antiquated version, uninstall?

2)It was only like 10 days since last mbam updated and it didnt 'catch' this malware...Im on the road a lot how often am I gonna need to update so I can be protected. MBAM says an ounce of prevention > a pound of correction. Did I just get a version of a malware that was developed within a week?

Thanks Charlie.

Link to post
Share on other sites
1) So what should I make of the kaspersky? Just antiquated version, uninstall?

It's not on any of my computers nor any that I touch.

2)It was only like 10 days since last mbam updated and it didnt 'catch' this malware...Im on the road a lot how often am I gonna need to update so I can be protected. MBAM says an ounce of prevention > a pound of correction. Did I just get a version of a malware that was developed within a week?

I have my MBAM set to update every hour and it usually does.

10 days is a life time when it come to malware.

Post the logs when you get done, MrC

Link to post
Share on other sites

So MBAM is set up with default settings...I switched the "General Settings > Warn if outdated" down to 1 day. I guess thats about as good as it gets on the free version...I will get the full version the next paycheck after the holidays, for the realtime protection.

Attachments enclosed.

Thanks MrC!

Extras.Txt

OTL.Txt

Link to post
Share on other sites

Well crap.

Microsoft Security Essentials is red and "at risk" I open from tray.

"Security Essentials isn't monitoring your computer because the program's service stopped. You should restart now.

Real-time protection: Off

Virus and spyware definitions: Out of date"

I clicked the "Start Now" button and "The specified service does not exist as an installed service."

Link to post
Share on other sites
So MBAM is set up with default settings...I switched the "General Settings > Warn if outdated" down to 1 day. I guess thats about as good as it gets on the free version...I will get the full version the next paycheck after the holidays, for the realtime protection.

Yes the free versions doesn't give you realtime protection, you have to buy the pro version to get that. I believe only about $25.00 for it and that's it..you're set for life.

There's Microsoft Security Essentials that you can use that provides realtime protection also and it's free.

I'll look over your logs and get back to you shortly, MrC

Link to post
Share on other sites

This is what my Essentials is doing tome after the fix.

mcw4tz.gif

103y51l.gif

I know yall arent MS but advice would be appreciated if its part of the malware or just simply turned off Essentials. If Im reading it right, it uninstalled it.

Link to post
Share on other sites

Relax....

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Ok did the combofix.

I had the rootkit zero access.

MrC, should I continue the instructions on on the combofix link you gave me with the manual "windows recovery"? Or is that only if my OS was disturbed? I guess I dont know if the "automatic install of Recovery Console" occurred.

BTW, thanks for the help.

ComboFix.txt

Link to post
Share on other sites

Im not sure if combofix is able to finish...

Its stuck on the bluescreen where it says it "should take less than 10mins or sometimes twice as long". Then a popup came up saying my system has a "rootkit zero access, it messes with the tcp/ip stack" and I should restart if I cannot access internet. Is it safe to restart with combofix up?

Link to post
Share on other sites

Im not sure if combofix is able to finish...

Its stuck on the bluescreen where it says it "should take less than 10mins or sometimes twice as long". Then a popup came up saying my system has a "rootkit zero access, it messes with the tcp/ip stack" and I should restart if I cannot access internet. Is it safe to restart with combofix up?

Ignore that and/or delete. Sorry.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8365

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

12/13/2011 10:43:52

mbam-log-2011-12-13 (10-43-52).txt

Scan type: Quick scan

Objects scanned: 175082

Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I couldnt find where the mbam txt is saved or I would have made it an attachment. Thanks so much Mr C

Link to post
Share on other sites

OK, when you're sure everything's OK......

Please uninstall ComboFix:

Click on the Start button and then in the Search field enter combofix /uninstall

Please note that there is a space between combofix and /uninstall.

Once you have typed this in, press Enter on your keyboard.

A Open File security warning will appear asking if you are sure you want to run ComboFix.

Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

----------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

-----------------------

Java 6 Update 23

Your Java is out of date, older versions are vulnerable to malware, please update it.

Control Panel > Java > update tab > update it.

----------------------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Problem with combofix.

When it was up and running it disabled my MS Essentials. The moment I uninstalled combo fix, the red MS Essentials popped back in the tray and its still doing the same stuff I captured on the screenshots.

So I dont know if I need to reinstall MS Essentials or what.

I did update java and took care of OTL as described.

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

C:\Program Files\Viewpoint\Common\ViewpointService.exe

http://www.systemlookup.com/search.php?type=filename&search=ViewpointService.exe&s=

I would uninstall this.

-----------------------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/12/12 16:40:32 | 000,010,408 | -HS- | M] () -- C:\Users\Sean\AppData\Local\cvuvou5f8wft3cai2ypk8k370q1c
    [2011/12/12 16:40:32 | 000,010,408 | -HS- | M] () -- C:\ProgramData\cvuvou5f8wft3cai2ypk8k370q1c
    [2011/06/06 05:14:13 | 000,012,308 | -HS- | C] () -- C:\Users\Sean\AppData\Local\fng62ln35c0eawwgu17g61o070
    [2011/06/06 05:14:13 | 000,012,308 | -HS- | C] () -- C:\ProgramData\fng62ln35c0eawwgu17g61o070
    [2011/06/04 01:27:45 | 000,000,144 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\6yc6z9g44.bat
    [2011/04/14 21:53:54 | 000,011,590 | -HS- | C] () -- C:\Users\Sean\AppData\Local\2053191695
    [2011/04/14 21:53:54 | 000,011,590 | -HS- | C] () -- C:\ProgramData\2053191695
    [2011/04/01 01:07:40 | 000,013,672 | -HS- | C] () -- C:\ProgramData\858m54lg1j02n28200m7e3n8w8484bi1w5bc

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

You have Viewpoint Media Player on the system, listed in your control panels add/remove programs:

"ViewpointMediaPlayer" = Viewpoint Media Player

ViewpointService.exe is loaded as a service:

SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

You can just stop the service if you want, it's up to you. My job is to alert you about it.

Link below explains how to do it:

http://junkypc.com/disable-services-in-windows-vista-you-will-never-use/

------------------------------------------------

Uninstall MSE and download a fresh copy and try to install it, let me know...MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.