Displaying Virus Alert wallpaper in windows xp
In my laptop virus alert wallpaper is displaying and System security 2009 automatically installed. System security 2009 showing that my laptop is infected with virus it ask me to scan after scan it showing many viruses. when i try to clean all virus it ask me to activate the system security 2009.
I am using Mcafee virus scan it has catched some Fake Trojan virus . Now macfee also infected onaccess scan has been disabled automatically.
I have attached hijackthis log file and wallpaper screen shot.
hijackthis.log
virus.JPG
I am using Mcafee virus scan it has catched some Fake Trojan virus . Now macfee also infected onaccess scan has been disabled automatically.
I have attached hijackthis log file and wallpaper screen shot.
hijackthis.log
virus.JPG
LANm0nk3y
Remove System security 2009 from your system. Download spybot search and destroy, and also adaware. Reboot your system in safemode with networking. Insall those two, and update the definitions. Scan them there, another one you should try is http://malwarebytes.org/.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Smitfraudfix deals with Desktop Hijacks, or you can also try Combofix and MalwareBytes as already suggested.
1. Please download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/
2. Please download ComboFix by sUBs:
http://download.bleepingco
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcompute
If you want to manually delete the files as well as fixing the Hijackthis entries as already suggested, you need to delete the folder not just the .exe.
C:\Documents and Settings\All Users\Application Data\17167654 <-- this folder
C:\Documents and Settings\All Users\Application Data\97177646 <-- this folder
Or just use aboe scanners to remove the reg entries and directories as often than not there will be files that aren't showing in the log.
1. Please download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/
2. Please download ComboFix by sUBs:
http://download.bleepingco
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcompute
If you want to manually delete the files as well as fixing the Hijackthis entries as already suggested, you need to delete the folder not just the .exe.
C:\Documents and Settings\All Users\Application Data\17167654 <-- this folder
C:\Documents and Settings\All Users\Application Data\97177646 <-- this folder
Or just use aboe scanners to remove the reg entries and directories as often than not there will be files that aren't showing in the log.
ASKER
Hi rpggamergirl,
I already tried with combofix but no improvement.......
I already tried with combofix but no improvement.......
Hi rajasekarramasamy,
Have you tried my solution? Any additional guidance you need?
Have you tried my solution? Any additional guidance you need?
ASKER
Hi xmachine,
I followed your steps it works great!. I have attached new hijackthis log file.
New-hijackthis.log
I followed your steps it works great!. I have attached new hijackthis log file.
New-hijackthis.log
The new hijackthis.log doesn't contain any malicious entry anymore. Congrats dude ... your system is clean :)
Has this been resolved?
If not... just attach the combofix log so we can check to make sure it's clean, since a clean Hijackthis log doesn't necessarily mean a clean system as some nasties can still hide from the hijackthis scan.
If not... just attach the combofix log so we can check to make sure it's clean, since a clean Hijackthis log doesn't necessarily mean a clean system as some nasties can still hide from the hijackthis scan.
rpggamergirl is right, so let's do some more advanced testing.
Please do the following:
1) Download & run GMER (rootkit scanner) from (http://www2.gmer.net/gmer.zip)
2) Start GMER, select all options on the right side, after scanning is finished, click on save. Attach the log file here
3) Visit Symantec Online virus scan page to do addition check-up
http://security.symantec.com
Select "Symantec Security Check" on the right side
Please do the following:
1) Download & run GMER (rootkit scanner) from (http://www2.gmer.net/gmer.zip)
2) Start GMER, select all options on the right side, after scanning is finished, click on save. Attach the log file here
3) Visit Symantec Online virus scan page to do addition check-up
http://security.symantec.com
Select "Symantec Security Check" on the right side
ASKER
Hi rpggamergirl,
I have attached combofix log.
After i followed the xmachine steps desktop wallpaper and system security 2009 has been removed.
combofix-log.txt
I have attached combofix log.
After i followed the xmachine steps desktop wallpaper and system security 2009 has been removed.
combofix-log.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.