Jump to content

TROJAN wont let me start Windows Security Centre Service plz Help.


Recommended Posts

Hi,

System information: Windows 7 Home-premium 64x.

I am the beginner in this forum and would like to thank you in advance for your time and assistance to help me solving the following issue.

Last night I mistakenly installed an .exe file, after installation it disappeared and I couldn't find it, after sometime my Windows Security Center service stooped and a flag icon with red cross on it appeared on system icons,I clicked on it and under security it was mentioned that WSCS ( Windows Security Center services) has stopped working. and Under maintenance it was mentioned that messenger plus live has stopped working and is missing some updates.

I, immediately performed a full scan with Malwarebytes anti-malware and it came with the following results :

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.12.27.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

S M Naveed :: SMNAVEED-PC [administrator]

Protection: Enabled

28/12/2012 01:36:47

mbam-log-2012-12-28 (01-36-47).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 351596

Time elapsed: 1 hour(s), 5 minute(s), 8 second(s)

Memory Processes Detected: 1

C:\Windupdt\winupdate.exe (Trojan.MSIL.Gen) -> 1320 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winupdater (Trojan.MSIL.Gen) -> Data: C:\Windupdt\winupdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1

C:\Users\S M Naveed\AppData\Local\Temp\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 4

C:\Windupdt\winupdate.exe (Trojan.MSIL.Gen) -> Delete on reboot.

C:\$Recycle.Bin\S-1-5-21-2314083050-1812539920-3202108154-1000\$RBXO9P3.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\ProgramData\SUS\SUS.01 (Trojan.Ardamax) -> Quarantined and deleted successfully.

C:\Users\S M Naveed\AppData\Local\Temp\dclogs\2012-12-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully.

(end)

Then restarted the system but that flagged icon with red cross came up again after few moments then I ran ESET NOD32 antivirus for full system scan and it did not showed any infected files. Then I restarted the system again and the same problem occurred after sometime.

Finally I restored the system to a previous date, which happened successfully but the problem was still there after the system was restored to a previous date and was updated.

I ran Malwarebytes anti-malware again and this time it came up with this result:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.12.28.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

S M Naveed :: SMNAVEED-PC [administrator]

Protection: Enabled

28/12/2012 19:43:30

mbam-log-2012-12-28 (19-43-30).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 350799

Time elapsed: 1 hour(s), 9 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winupdater (Backdoor.Agent) -> Data: C:\Windupdt\winupdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

___________________________________

Malwarebytes anti-malware needed me to restart the system immediately, I followed but the problem is still there.

Could you please advice me something that what should I do now ?

How much safe I am ?

If Malwarebytes anti-malware says that all malicious files have been quarantined and deleted successfully then why I am this problem again ?

I don't have an external hard-disk to back up all of my data but is it to safe to transfer some of my files from system to an external USB stick ? will those files be not carrying virus with them in my USB ?

Is there anyway this all can be fixed ?

I will be very thankful for your assistance and support.

Link to post
Share on other sites

Hello and welcome, Naveed90: :)

It looks as if you already started a topic in the malware removal section here: http://forums.malwar...howtopic=120132

We don't work on malware problems here in this area.

So, please wait for help over in your other topic.

It's the Christmas holiday week and the forum can be quite busy, so please be patient. :)

A malware expert will help you as soon as possible.

Thanks,

daledoc1

PS It looks as if your version of MBAM is outdated. You can upgrade via the update tab in the program, or you may download the v.1.70 installer directly from this link: http://downloads.mal...am-download.php

Link to post
Share on other sites

Hi:

Not a problem - it can be a bit daunting to find one's way around here for the first time. :)

While you are waiting for help in your other topic, you might want to read this sticky topic: http://forums.malwar...?showtopic=9573

You might also want to update your MBAM to the current version.

I would NOT reply back to your other post or "bump" it until at least 48 hours passes from the time you started it -- the helpers look for topics with "0" replies.

So, if you reply to it, it will appear that you are being helped, and this will only cause delay.

Someone will assist you soon -- most of the malware helpers are volunteers and this tends to be a busy time of the year.

Thanks,

daledoc1

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.