It's called Windows Security Center...but it's not!

[AdvancedSetup]

You can, but it will come right back without cleaning properly.

I'm assuming that there is a reason I shouldn't just delete that file. Is this correct?

[Maggie]

That's what I figured but thought I'd ask. I'll be patient.

[AdvancedSetup]

Later on tonight please try a manual update of the definition files in the Malwarebytes program.

Then do a Quick Scan and let me know if it finds and cleans it or not and we'll go from there.

[Maggie]

So far so good!

I updated and scanned. It found 5 issues, cleaned all but one which was a delete on reboot. Appears to have fully cleared it. I don't have the full screen Windows Security Center popup, the icon in the system tray, no balloon warnings or automatic restarts. There are a few connections that I wasn't able to make when onsite at my company which I'll go in to try tomorrow but other than that it looks very good!

I can not thank you enough!

M

[Maggie]

There is one item that seems to still be out of whack. The Task Manager. When it opens it doesn't show the normal three or four tab window, it just shows the process window. It's resizeable but can't be closed. Not sure how the virus did that but should I be able to get that back somehow? Reinstalling XP?

[AdvancedSetup]

If it is what I think you're describing just point the mouse to the middle of one of the panes of the Task Manager and DOUBLE CLICK it and it should return back to what you're used to seeing.

There is one item that seems to still be out of whack. The Task Manager. When it opens it doesn't show the normal three or four tab window, it just shows the process window. It's resizeable but can't be closed. Not sure how the virus did that but should I be able to get that back somehow? Reinstalling XP?

[AdvancedSetup]

Okay I think you should again try to reset IE7 back to normal defaults.

Select, TOOLS-Internet Options-Advanced-RESET on the bottom right side section.

Then try to go here and do an online scan with ESET (you'll need to disable your firewall for now)

Free Virus Scan: Use ESET's Online Antivirus Scanner
• You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
  
• Accept the terms and click "Start".
  
• Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
  
• Click "Start" to begin the scan.
  
• When completed restart your computer
  
• Make sure your firewall is re-enabled and return back here and post the log from ESET
  

If IE7 can not run the scan then we may need to try some fixes for IE

[Maggie]

If it is what I think you're describing just point the mouse to the middle of one of the panes of the Task Manager and DOUBLE CLICK it and it should return back to what you're used to seeing.

Ok. that was too easy! That did it. I didn't realize that worked that way.....just ignorance on my part!

[Maggie]

Here's the eSet log. Apparently there still was/is stuff out there. Amazing.

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3050 (20080423)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.064 (20070717)

# EOSSerial=97a598fd76b2e64ba237313806631cad

# end=finished

# remove_checked=true

# unwanted_checked=true

# utc_time=2008-04-24 08:39:17

# local_time=2008-04-24 04:39:17 (-0500, Eastern Daylight Time)

# country="United States"

# osver=5.1.2600 NT Service Pack 2

# scanned=431428

# found=4

# scan_time=3008

C:\Documents and Settings\colforma\Application Data\pcturboproinstaller[1].exe probably a variant of Win32/Adware.WinFixer application (unable to clean - deleted) 00000000000000000000000000000000

C:\Documents and Settings\colforma\Application Data\Sun\Java\Deployment\cache\6.0\29\6eee775d-500c0fb8 Java/TrojanDownloader.OpenStream.NAB trojan (deleted) 00000000000000000000000000000000

C:\Documents and Settings\colforma\Application Data\Sun\Java\Deployment\cache\6.0\29\6eee775d-500c0fb8

[AdvancedSetup]

Difficult to say how or where it got onto the box.

I would recommend though that maybe you install SpywareBlaster SpywareBlaster 4.0

get all it's updates and then apply all its security settings.

Uninstall any old versions of JAVA, FLASH, or QuickTime and then visit their sites and install the latest versions if you use these plugins as often Malware can get on the system from bugs in these plugins.

Keep your Antivirus up to date at all times and probably scan your system with Malwarebytes at least about once a week after getting updates.

You seem to have a grasp of what's going on so I won't write out a laundry list.

Unless you have some other issue we can help you with it looks like you should be okay according to the logs.

Thank you for using Malwarebytes and tell your friends

[Maggie]

I can't thank you enough for all your help!

[JeanInMontana]

Since this topic has been resolved it will now be closed. Thanks to AdvancedSetup for your help it is much appreciated.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.