• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 574
  • Last Modified:

software called "Internet Security-designed to protect' is running- seems like a virus

when i start the xp machine, it seems like the above program is controlling all the exe and seems abnormal behavior..

because it was of concern, i shut it down.. what can i do to troubleshoot when i start the machine again... disconnect from internet.. what else?
0
25112
Asked:
25112
5 Solutions
 
25112Author Commented:
here is a pic of it..
DSC00133.JPG
0
 
d_s_sCommented:
You've got a case of the classic spyware infestation.

Download malware bytes: http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install it. Run it once so you can choose to download all updates for it.

Reboot computer in safe-mode. Run malware bytes and remove spyware.

There may be more involved. Let me know if you run into any obstacles.

Cheers,
Dom
0
 
David Johnson, CD, MVPOwnerCommented:
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
Darr247Commented:
Agree with ve3ofa's comment...  you won't be able to run MBAM until you kill the virus/malware process[es]. Then be sure to read all the comments below that article, because thorough cleanup will likely include getting the Firewall/ICS and Security Center services running again.

The root cause that I've seen personally was OK'ing the installation of FlashPlayer that wasn't really FlashPlayer.
You should get FlashPlayer from Adobe at
http://get.adobe.com/flashplayer/
let it update only at startup when notified, and never OK installing Flash Player from random web sites.
0
 
Grant1842Commented:
Go get combofix run it first.

http://www.combofix.org/download.php   .

All so hitman pro.
http://www.surfright.nl/en/hitmanpro.

THis should get it off  your computer up and running.

Then you can use malwarebytes, avg. norton, etc to clean up.
0
 
25112Author Commented:
the article suggested
1.      FixNCR.reg (http://download.bleepingcomputer.com/reg/FixNCR.reg)
2.      RogueKiller (http://www.sur-la-toile.com/RogueKiller/)
3.      Malwarebytes (http://www.malwarebytes.org/) and

also
http://www.combofix.org/download.php   .
http://www.surfright.nl/en/hitmanpro

will the malware allow me to open firefox and download these and run?

will FixNCR.reg  automatically fix the bad registry?
0
 
Darr247Commented:
It also said to get
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
(see the "and" at the end of #3?)

You may need to download the files using another computer, then copy them over using floppy, CD, USB stick, et cetera..

FixNCR.reg will fix the change the malware makes in the registry that restarts itself every time you try to run any exe file. So, yes...  fix the registry, then run #2 and both the #3's, without rebooting.

Then continue on down through the comments and check if the leftover symptoms mentioned are present in your installation, and if so, follow those fixes, too.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now