• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 679
  • Last Modified:

2011 Vista Security Alert again

Similar problem to this post:

http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/Q_26956561.html

I tried to run malwarebytes but the fake alert pops up. I uninstalled malwarebytes and tried to reinstall (I can get onto the internet this time). But the RKill file wont save without a pop up:

"You'll need to provide administrator permission to copy this file"

This has the security shield on it so guessing it might be fake as well. I hit continue then try again and it wont save. I try to run RKill from bleepingcomputer.com but nothing happens. The malwarebytes mbam-setup file does save but clicking on it just brings up the vista alert pop-up.

Is there some way I can get the RKill file onto the PC successfully so I can try to re-run the malwarebytes/RKill  process and rid the rogue/alerts?
0
eire2008
Asked:
eire2008
  • 5
  • 3
  • 3
1 Solution
 
rpggamergirlCommented:
Get the renamed RKill and dowload into a USB using a clean PC(another PC), so with MalwareBytes.
In Vista you need to rightclick and "Run as Administrator" for the tools to run.
After running the renamed RKill, do not reboot and run MalwareBytes.

http://www.bleepingcomputer.com/download/anti-virus/rkill

Also download these tools in case you need them.
TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
rpggamergirlCommented:
Also check this tutorial out... you may need to run the FixNCR.reg file first.
http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
0
 
databoksCommented:
rpggamergirl posted the right solution to fix this problem.

0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
eire2008Author Commented:
I forgot to mention I dowloaded RKill onto a USB from a different PC and I couldnt transfer it to the infected PC. IF I try to drag/drop it says: "You need permission to perform this action". If I try to right-click and send to Desktop, "Windows could not create the shortcut." If I try to right-click and send to New compressed folder, "File not found or no read permission." Actually under properties on the RKill file on the USB, it says there was a scan result TROJ_GEN.... Could the file on the USB be infected also, even if I just moved it from a clean PC?  

I still have the old RKill file on the infected PC (moved it from recycle bin to desktop) but it also has the scan result TROJ_GEN.... When I click on it, "Windows cannot access the specified device..." Is there a way to run that file "as administrator"? Or it seems like it is infected so not sure what to do with it.

Another thought: I havent run a scan with my AV since it didnt pick anything up the last time this happened. Its strange "properties" shows "scan result TROJ_GEN.... " on the RKill file.

I downloaded and ran FixNCR.reg and that seemed to go well - no pop-ups. But still the same message when I tried to save RKill. I opened IE with "Run as Administrator" and tried to get RKill. The original message did not pop up this time but the second message (now the first/only) still did :

"You need permission to perform this action"

Then I hit Try again and the same message pops up repeatedly. I havent tried TDSSKiller or ComboFix yet.

I transferred MalwareBytes setup again. That now responds when I click on it on the infected PC without any fake pop-ups; seems to function properly. Im hesitant to install and scan with the RKill not running still, but it may be worth a try. Is it recommended to install/run the MalwareBytes without running RKill or if the RKill file is not functioning/infected?
0
 
rpggamergirlCommented:
You can also rename mbam.exe(in its directory) after you installed Malwarebytes to stop the nasties blocking it when you run it.

"Is it recommended to install/run the MalwareBytes without running RKill or if the RKill file is not functioning/infected?"

Yes usually you can install and run Malwarebytes even without RKill(with some infections) but sometimes RKill is needed to kill malware processes, you can try instlaling it and see if it does.
If it doesn't then use TheKiller, it's the same tool as RKill.


•Download TheKiller.
http://www.osvemu.com/thekiller/explorer.exe

•Note that TheKiller is renamed as explorer.exe
•Do not restart your system after this step..... then continue on with MalwareBytes.

0
 
databoksCommented:
Start the computer in safe mode and try running rKill again.
0
 
databoksCommented:
If you have attached the USB on the attached computer then there should be no problems in running it directly from the USB drive.

Try run the RKill.exe directly from the USB drive.
0
 
eire2008Author Commented:

I ran the malwarebytes scan and havent gotten any pop-ups in a couple days. There is now a Windows Security Shield on the desktop malwarebytes icon, as detailed in the posts below:



http://www.bleepingcomputer.com/forums/topic178789.html

http://forums.malwarebytes.org/index.php?showtopic=78140

http://forums.techguy.org/windows-7/943265-solved-sheild-corner-malwarebytes-64-a.html

http://social.technet.microsoft.com/Forums/en-NZ/Forefrontclientalert/thread/ea819a43-de28-4e12-8470-94a0aba7bc65


The icon on the infected PC has the shield, but not the icon on the clean PC, which seems strange. Have there been any examples where the shield on the icon proves to be sign of a of virus infection?
0
 
rpggamergirlCommented:
If the infected PC is Vista then that shield in Mbam is normal.
The little shield indicates that the program requires full administrative privileges to function.

The clean PC, is it XP? then MalwareBytes icons won't have a shield on it.
0
 
eire2008Author Commented:
Huge help! thank you!
0
 
rpggamergirlCommented:
You're welcome, thanks!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now