Jump to content

fake security shield (your antivirus is turned off)


sierra53

Recommended Posts

Hey guys, i have this little icon on the lower right corner in my tray  red shield with a white x in the middle...right next to my mccafee shield tells me " your antivirus is turned off ..ect ...warning) 

 

I have mccafee virusscan 8.8 enterprise....i have noticed numerous blocks by a.p.r (access protection rules) but i scan and nothing.   

 

i also have mbam, and chamelon, scanning doesnt find anything, just for the heck of it i downloaded hitmanpro, and spybot s&d and still got nothing....all this has been done in safe mode.  I appologize for the numerous av programs here just i am using a computer where I am not the "IT" guy and i know nothing about mccafee vs8.8 or how to use it...

 

"avancded setup", firefox helped me before and kinda know my issue.   So far my system seems to be ok i can do my job just i know this cant be normal as its never been there before. And mccafee is working yesterday i blocked 2 trojans...(generic.tra..ect)

 

what should i do

 

setup:  windows xp,sp3 32bit, mbam, mbam camelon, spybot s&d, Mccafee vs 8.8 ent., also have dds.

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Kevin...

Link to post
Share on other sites

Hi and thanks for helping. 

 

this tool looks similar to the DDS or the rougekiller i used before.   But here is your attachments you asked for .  

 

I had norton go back...and rencently had to use that so i had a internet connection i think i did somthing wrong and deleted something i shouldnt of.

 

anyway here ya go .

Addition.txt

FRST.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Kevin....

 

 

fixlist.txt

Link to post
Share on other sites

ok i am doing this,   should i not run Rougekiller...it did find some stuff.    I just want to know i really dont want to have a ton of programs on this computer.  This computer is a work computer and some items i have to have on this computer for the manufacures i work for.   

Link to post
Share on other sites

The intention of this forum is not to replace a company's IT department or outsource staff, nor can we anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.

More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.

To prevent any possible loss or corruption of company information, please inform your IT department or Supervisor when a workplace computer has been infected.

It may be in your company's best interest to re-image the machine.

You really should have disclosed that this is a company PC, let me know how you wish to progress.....

Link to post
Share on other sites

Yea we have no IT department.   I am not going to hold you guys responsible for anything that happens to this pc this is all my fault i guess.    IDk  buddy i just come here to a place that has no idea of the equipment they have, no one here has any clue as to what programs were installed nor is there any support (politics, they did not pay for the support )  I just work here.   I been dealing with another issue i had told you about , with a Java issue and had "advancesetup" and "firefox" from this forum before help me out.  

 

I do realize what im getting into here, i guess i could of just easily tell them to send me another computer or use norton go back to go backwards in time to another restore point. That dont fix the problem, somehow i keep getting weird issues....its only my computer and yes its on a network but the server is only to give me the "catalogs" that i need.  This is a auto business.  again a small business...Even the owner here has no clue what he bought im just trying to help them.   I wont ask you guys to always help me with this computer...although i think they should buy into your product and have a actuall IT guy but this place wont spend the money.     I may personally buy the pro version for this computer although i rather not its the companys fault, yet i am suppose to have one of the best AV programs out there.   Yet it has not fixed anything for me yet.

 

So if i cant get back to you, right away it is cuz i am off work....i am trying to do this while im here...i have asked to take this computer home and fix it for them.They dont want that.  These people are all over 50 and dont like computers but we use them everyday,    If you reply i will reply to you on my personal computer but wont be able to run anything till monday.

Link to post
Share on other sites

Ok just follow my instructions I posted in reply #5. Regarding tools/programs we use, we will clean up and remove them all when we`re done. RogueKiller does not install on your system, to remove just delete it also its folder RK_Quarantine....

Link to post
Share on other sites

Ok Kevin, here ya go..    looks like the junkware removal took just removed one registry key...not sure what the key is for but thats what it did.   Actually easy tool to use    so what happens now?  am i free and clear? 

 

i noticed this morning when i booted...the shield showed up...this is before doing all this.  I clicked on it to see what it did and took me to Microsoft security told me my security was turned off....yet mccafee was obviously in the tool tray at the bottom.  

mbam-log-2014-01-27 (07-41-16).txt

JRT.txt

Link to post
Share on other sites

oh...cant edit yet i guess.... this logo eventually went away and my virus status went to green like it was turned on.  Is this just how my mccafee is set up takes a few to get going? Or is there no lasp in protection and again this logo is just a fake sort of thing.   I appologize i dont know much about this program and it was installed with the computer when we got it.  

Link to post
Share on other sites

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:
 
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
 
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,
 
Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any tools/logs left on the Desktop or downloads folder can be deleted.....

 

Next,

 

Run these two next..

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Finally,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

fixlist.txt

Link to post
Share on other sites

FSS indicates no issues, Security Checks log is not correct, can you re-boot your system then run Security Check one more time. Copy and paste the log to your reply, do not attach it...

 

Thanks...

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee VirusScan Enterprise+AntiSpyware Enterprise  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 McAfee VirusScan Enterprise SHSTAT.EXE 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
 

 

this is the log.  

 

 

Link to post
Share on other sites

Not much wrong with that log, only Adobe to update..

 

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system....

 

You can delete those last to tools and there logs, give update on any remaining issues or concerns,,

Link to post
Share on other sites

thank you for your help so i guess this means im ok.   Looks like the onlything i had was the DLC5 toolbar...and from the rougekiller i had some bad "host"   instead of my normal internet.   I been using this through out the day so far so good.   Maybe the shield thing is just cuz there is a lasp in the startup on the mccafee virrusscan, maybe it just dont report to the tray that its on right away?  

 

again thank you Kevin for all your help.

Link to post
Share on other sites

There is nothing wrong with the "Hosts" file, the entry you see in RK log is part of Spybot S&D protection system....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no more concerns are we ok to close out?

 

Take care,

 

Kevin.... ;)

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.