Jump to content

Win 7 Internet Security 2012 Questions


Recommended Posts

I am not sure if anyone else has this problem but here it is.

working on my windows 7 Dell Desktop 64 Bit

It caught the Win 7 Internet security 2012.

I loaded my ERD made from Microsoft Desktop Optimization pack 2012 which allows me to get in the computer system while its not running.

I used a program called Total Commander which allows me to view all files including hiding ones.

I found all the standard files associated with the win 7 virus.

Deleted them and empty the recycle.

Files were located in profiles and also program data folder.

Removed all that Beepingcomputers listed for this virus. Also edit the registry of all remnants.

Booted into regular mode, updated Malwarebytes and did a full scan, it found 2 more.

Next i installed Microsoft security essentials and it found 4 more that malwarebytes did not find. Deleted those and rebooted.

Went on web to google and within 5 minutes, Win 7 Internet security 2012 was back.

I went to bleepingcomputer and downloaded their register fix and ixplorer and all. It stopped it initially. That removed the scanning and stopped the processes.

I than scanned with MWB and it found 2 more. Deleted and rebooted.

Did an update with Microsoft security and did another scan, it found 2 more. Deleted and rebooted.

Did an SFC /scannow to make sure all files were ok. No Problems.

Rebooted and updated and rescanned with MWB. Nothing was found.

Just let the system set and a windows popped up saying webpage out of memory at point 43 or something like that.

About 5 minutes later again Win 7 Internet security 2012 was back. (I had not surfed or even brought up Internet explorer.)

I then rebooted in safe mode with networking and ran Combofix. It found several and deleted those

I have also ran the below:

Tddskiller

Kaspersky Virus Removal 2011

Microsoft Rootkit REmoval

Sophos Rootkit Removal

Trend Micro Rootkit Removal

None of these finds anything.

Yey 5 times now after cleaning, that same Win 7 Virus comes back

Can anyone tell me where its hiding?

Thanks

Bill

Link to post
Share on other sites

Please do not run ComboFix without the aid of a trained helper. It can damage your computer if not careful and should NEVER be used as a standard cleanup tool

Sorry to hear that your computer may be infected.

We cannot review scan logs or work on malware detection/removal in this part of the General MBAM forum.

So, please read the following to get started on the cleaning process:

IMPORTANT NOTE: Please do NOT use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

FOR SELF-HELP INFO:

  • Excellent, self-help troubleshooting info for getting MBAM to run on an infected machine can be found here.
  • And there are specific, self-help malware removal instructions here.

FOR EXPERT ASSISTANCE with cleaning your system, there are 3 support options:

  • Option 1 -- Free, Expert advice in the Malware Removal Forum
  • Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  • Option 3 -- Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in this area of the forums, you'll need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware-related problems/infections.

  • First, please print out, read and CAREFULLY FOLLOW the directions here, skipping any steps you are unable to complete.
  • If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  • Then please post a NEW topic in the Malware Removal forum.
  • Please do NOT post in an open topic started by another member in the malware removal forum, even if the problem appears to be similar to yours.
  • When posting your new thread, under "options", make sure to select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
    One of the expert helpers there will give you free, one-on-one assistance when one becomes available.

IMPORTANT NOTE: Please do NOT make any further changes to your computer such as (Install/Uninstall programs; use special fix tools; delete files; edit the registry; OR use temp file cleaners, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE: Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

o If there is no reply from any experts after 48 hours, you may reply to the topic, asking for help again.

Or

o You may send a Private Message to a Moderator, asking for assistance.

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

Buttons

PS: Please use the zMn2t.jpgbutton instead of other ones when you reply here and at the other forums, so that it will be easier to read.

NOTE: If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do, in order to ensure that you receive prompt assistance.

Link to post
Share on other sites

  • 2 weeks later...

Can anyone tell me where its hiding?

Where I have found it hiding is in %localappdata%.

That location varies by user, but if you do

cd %localappdata%

in a command window, it will take you to that subdirectory. All of them I've seen were 3-letter filename.exe files. e.g. iot.exe, alg.exe, et al.

I'm wondering why MSSE's real-time protection hasn't been updated to catch it yet.

Even after you've cleaned it up following instructions in the malware removal forum, the Firewall, Defender and Base Filtering Engine services are all still missing from the services.msc snap-in.

Link to post
Share on other sites

eusa_hand.gifPlease stop self-diagnosing and please get guided expert help, as noted by Buttons above.

The latest variant of your rogue makes changes to your system so that the firewall is out of commission, and some Windows services to be non-functional.

It can be fixed but requires expert help and a battery of diagnosis & fixes to insure all of the rogue is gone & to re-enable Win services properly.

To benglish60, if you were being helped one-on-one at BleepingComputer, go back there & seek further help.

If you were just doing it all on your own, I'd urge you to STOP , get expert help.

N.B. We do not diagnose or provide fixes for specific rogue malwares in the General forum, with the possible exception when we know that MBAM will renove infection in all aspects.

This sub-forum is for questions on MBAM Anti-Malware.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.