Solved

How to remove Security Protection

Posted on 2011-09-07
9
459 Views
Last Modified: 2012-05-12
This computer is infected with a Rogue named "Security Proytection." I ran Rogue Killer and it picked it up and stopped it, I thought. When I went to run Malwarebytes, it starts the scan then shuts down after less than a minute. I tried both in safe mode and regular. The file association with the shortcut seems to be broken after that brief run. I went to properties>find target and tried to run from there , bubt no joy. I installed HiJackThis; it scans but the logfile ( or report) disapears immmediately after running.
Ideas?
0
Comment
Question by:atf3doc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36495208
Follow this guide from Bleeping computer for its removal.
http://www.bleepingcomputer.com/virus-removal/remove-security-protection
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36495226
If executables won't run use the .exes fixes listed in this article.
http://www.experts-exchange.com/A_6209.html


If no joy, use inherit.exe to make the program runs.
Download inherit.exe by sUBs.
http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe
Drag the program's executable file into the inherit.exe and wait for it to say OK.


"I installed HiJackThis; it scans but the logfile ( or report) disapears immmediately after running."
Use the above-mentioned inherit.exe(not with Hijackthis), and also use ComboFix or Kaspersky's Removal tool.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.


Kaspersky Removal tool.
http://www.kaspersky.com/antivirus-removal-tool?form=1
0
 

Author Comment

by:atf3doc
ID: 36504125
rpggamergirl, I knew you would come through for me on this. I am in the process of runnig your suggested programs now. Will update results as they happen. Thanks
0
RoboForm Secure Password Management System

RoboForm Everywhere - Superb Browser Support
Windows / Apple / IOS / Android / Linux / Chrome OS
Use different complex passwords everywhere
Best Secure Password Management by far
Synchronize all of your devices instantly
Safe, Secure & Highly Recommended!

 

Author Comment

by:atf3doc
ID: 36504402
Kapersky Removal Tool was the only one I could get to run. It detected three and said they would be removed on restart. After restarting, I have nothing except desktop wallpaper, no icons, no start menu and no ability to do anything. I manually shut it down and restarted in safe mode...same deal ...nothing. I am going to try a repair install and work from there.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 36507266
Even with inherit.exe no programs was able to run but Kaspersky's removal tool?
The removal tool as it seems wasn't able to successfully removed the infection or wasn't successfully disinfect explorer.exe.

The repair install should fix the damaged explorer.exe then you could try other tools to make sure the system is clean(using inherit.exe to make them run if you didn't yet), or try using them in safe mode and see if they run.
0
 

Author Comment

by:atf3doc
ID: 36507661
The more I work on this the worse it gets. During the repair install I am now getting BSOD at about 37 minutes into "Installing Windows" I have gotten two BSOD's:
IRQL_NOT_LESS_OR_EQUAL
Stop:0x0000000A (0x54890472, 0x00000002, 0x00000000, 0x8050F911)

BAD-POOL-CALLER
Stop:0x000000C2 (0x00000007,0x00000CD4,0x1207003,0x8687A508)

I removed the video card and set video to integrated

Got: BAD-POOL-CALLER
Stop: 0x000000C2 (0x00000007,0x00-0000CD4, 0x86677DC0, 0x86686768)

I couldn't find these error codes to enlighten me as to the problem. I am now running CHKDSK from Recovery Console. Then will try agin to do a repair install. If no joy, I will pull the HDD and copy data
then do a clean install. Don't know if I have multiple problems or if Security Protection is a mean actor.

By the way I had tried the Bleeping Computer method of removal before you mentioned it. No joy.
Thanks for your help and support. I really need it on this one.
atf3doc
0
 

Author Comment

by:atf3doc
ID: 36507668
I also ran a bootable MEMtest. Memory passed. I reseated both modules.
0
 

Author Comment

by:atf3doc
ID: 36507786
CHKDSK said it found and fixed one or more errors on the volume. It has gone to 29 minutes now on the repair install "Installing Windows" Keep your fingers crossed.I am going to run Hard drive diagnostics also when we get booted back up.18 minutes to go. Hooray!
0

Featured Post

SendBlaster Pro 4 - Bulk Email Sending Software

SendBlaster 4 Pro - Best Bulk Emailing Sending Software
Automatic Subscribe / Unsubscribe Processing
Great for Newsletters & Mass Mailings
Optional HTML & Text Composition
Integration with Google Features
Built in Spam Score Checking
Free Professional Templates - Feature Packed!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question