Jump to content

Re-post - PUM.Disabled.SecurityCenter

domer7
 Share

Recommended Posts

  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

domer7

domer7

Posted
  • Author
Posted

Maurice,

We tried to run the MS Fixit tool. A pop-up came up stating "Fixit does not apply to your operating system or application version." Popup box had an OK button. Pressed OK button. Installation Wizard came up with a message saying "MS Fixit failed to process." Three. options offered - 1. Tell us what you think 2. Click for On-Line Help 3rd option ?? and Cancel button. My son pushed the cancel button.

On another note, he noticed his account on this computer appears to have some issue as it takes a long time to load and when it does load, the desktop is blank and there is no task bar. He can access his files through the Task Manager option. He does not use this account that often as he does have a laptop he uses for college. Adminstrator account and my daughters account appear OK and our account is running well.

Based on the failure of the Fixit tool, we did not run MBAM, Should we go ahead and run that scan anyway?

domer7

Link to post
Share on other sites
domer7

domer7

Posted
  • Author
Posted

Hi Maurice,

Sorry for the delay in responding. I am working out of town for the next few months, so I need to determine if I can still work on this remotely.

Since our last communication, MSE detected security risks. We ran an MSE scan Wednesday and found the following:

Item 1

Category: Trojan Downloader ASX/Wimad.CG

Description: This program is dangerous and downloads other programs.

Recommended action: Remove this software immediately.

Items:

containerfile:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Travelers - 100 Years.wma

containerfile:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Traveler\Blues Travelers - 100 Years.wma

file:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Travelers - 100 Years.wma->(ASF_Script_Commands)

file:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Traveler\Blues Travelers - 100 Years.wma->(ASF_Script_Commands)

Item 2

Category: Trojan Downloader ASX/Wimad.AN

Description: This program is dangerous and downloads other programs.

Recommended action: Remove this software immediately.

Items:

containerfile:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Circle Of Defeat.wma

containerfile:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Shadows.wma

file:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Circle Of Defeat.wma->(ASF_Script_Commands)

file:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Shadows.wma->(ASF_Script_Commands)

Item 3

Category: Trojan Downloader ASX/Wimad.DT

Description: This program is dangerous and downloads other programs.

Recommended action: Remove this software immediately.

Items:

containerfile:C:\Documents and Settings\Ilana\Local Settings\Application Data\iMesh\Partials\{EB9F32EE-6331-4D92-A34C-DEEE28B4EC48}.tmp

file:C:\Documents and Settings\Ilana\Local Settings\Application Data\iMesh\Partials\{EB9F32EE-6331-4D92-A34C-DEEE28B4EC48}.tmp->(ASF_Script_Commands)

Item 34

Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommended action: Remove this software immediately.

Items:

containerfile:C:\Documents and Settings\Ilana\My Documents\My Music\iMesh\Red Solo Cup\Toby Keith\- Red Solo Cup - Toby Keith.mp3

file:C:\Documents and Settings\Ilana\My Documents\My Music\iMesh\Red Solo Cup\Toby Keith\- Red Solo Cup - Toby Keith.mp3->(ASF_Script_Commands)

Ran a Malwarebytes scan this morning and it came back clean. What is interesting to me is the files indicated as the container files were downloaded a long time ago - months to years ago - and never found during other scans.

Right now MSE has these quarantined. The host files are also on two other back-up drives used to back up data.

Suggestions?

domer7

Link to post
Share on other sites
domer7

domer7

Posted
  • Author
Posted

One other odd thing that happens is as our desktop is loading, as all of the icons slowly turn from a generic Windows menu appearance to their unique icon, the screen blacks out momentarily then returns to the desktop. I noticed this occurs on both the administrator account and my daughter's desktop.

Google Chrome and Yahoo e-mail seem to be working fine.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Ran a Malwarebytes scan this morning and it came back clean. What is interesting to me is the files indicated as the container files were downloaded a long time ago - months to years ago - and never found during other scans.

Right now MSE has these quarantined. The host files are also on two other back-up drives used to back up data.

Suggestions?

domer7

I noticed most of those are multi-media files. Be extremely careful of where you get these files. Always scan first any file you download before opening or running. Scan first with MBAM then with your antivirus.

Keep those files that were tagged "deleted".

BTW, the MBAM Full scan is much more thorough than a quick scan, and may be why you did not notice those tagged files.

As to your Desktop "refresh" that is not unusual and not caused by malware. That is everyday behavior.

You should look at reducing the items you have on the Desktop. Organize your "stuff" into some kind of folder(s) in your HDD Libraries or Documents heirarchy.

Observe the system for a day or two of "normal usage". And if no malwares are showing up, I will tag this for Closure and cleanups.

Here are some recommended articles on things to cover to speed-up your system:

MS Speed up your pc - Win7 / Vista

http://windows.microsoft.com/en-US/windows/explore/speed-up-your-pc

See Miekiemoes' Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

What to do if your Computer is running slowly

http://www.malwareremoval.com/tutorials/runningslowly.php

Link to post
Share on other sites
domer7

domer7

Posted
  • Author
Posted

Maurice,

Thank you for all your help. The desktop is cluttered as I have kept all of the different tools and logs downloaded and created through this cleanup / repair process. I will move all the log files to a separate folder in My Documents. I will still need to uninstall all of the diagnostic tools.

One item which still concerns me is the Windows Firewall Security message which states "The network connection settings have become corrupted." What does that mean with regards to my computer security? Is that repairable without re-installing Windows?

Finally, I have purchased a new Windows 8 HP Laptop for my use while I am working away from home. Where would you suggest I go to set it up for best security performance?

Thanks again for your help and perseverance with all our issues.

All the best,

domer

Link to post
Share on other sites
domer7

domer7

Posted
  • Author
Posted

Maurice,

Below is the log for a full MBAM scan.

Regards,

domer

MBAM Log 6-2-13

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.02.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Steve & Anita :: HOMEMAIN [administrator]

Protection: Disabled

6/2/2013 11:04:59 AM

mbam-log-2013-06-02 (11-04-59).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 393684

Time elapsed: 1 hour(s), 23 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

The MBAM result is good.

For your contemplated new Windows 8 system, simply make sute it has MBAM PRO & a Antivirus app & follow the Safe practices (as noted below).

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

Locate where you had Combofix.exe and RENAME it to Uninstall.exe and then run it so that it removes itself.

IF in the case Combofix un-install has an issue, skip that step.

    • Download OTC to your desktop and run it
    • Click Yes to beginning the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Delete the following if still present:

RKILL

roguekiller.exe

securitycheck.exe

stinger.exe

MS Safety scanner

RSIT

aswmbr.exe

tdsskiller.exe

jrt.exe

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.