Solved

software called "Internet Security-designed to protect' is running- seems like a virus

Posted on 2012-03-16
7
543 Views
Last Modified: 2012-03-28
when i start the xp machine, it seems like the above program is controlling all the exe and seems abnormal behavior..

because it was of concern, i shut it down.. what can i do to troubleshoot when i start the machine again... disconnect from internet.. what else?
0
Comment
Question by:25112
7 Comments
 
LVL 5

Author Comment

by:25112
ID: 37731709
here is a pic of it..
DSC00133.JPG
0
 
LVL 2

Assisted Solution

by:d_s_s
d_s_s earned 100 total points
ID: 37731738
You've got a case of the classic spyware infestation.

Download malware bytes: http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install it. Run it once so you can choose to download all updates for it.

Reboot computer in safe-mode. Run malware bytes and remove spyware.

There may be more involved. Let me know if you run into any obstacles.

Cheers,
Dom
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
ID: 37731890
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 200 total points
ID: 37732458
Agree with ve3ofa's comment...  you won't be able to run MBAM until you kill the virus/malware process[es]. Then be sure to read all the comments below that article, because thorough cleanup will likely include getting the Firewall/ICS and Security Center services running again.

The root cause that I've seen personally was OK'ing the installation of FlashPlayer that wasn't really FlashPlayer.
You should get FlashPlayer from Adobe at
http://get.adobe.com/flashplayer/
let it update only at startup when notified, and never OK installing Flash Player from random web sites.
0
 
LVL 12

Assisted Solution

by:Grant1842
Grant1842 earned 100 total points
ID: 37734856
Go get combofix run it first.

http://www.combofix.org/download.php   .

All so hitman pro.
http://www.surfright.nl/en/hitmanpro.

THis should get it off  your computer up and running.

Then you can use malwarebytes, avg. norton, etc to clean up.
0
 
LVL 5

Author Comment

by:25112
ID: 37735604
the article suggested
1.      FixNCR.reg (http://download.bleepingcomputer.com/reg/FixNCR.reg)
2.      RogueKiller (http://www.sur-la-toile.com/RogueKiller/)
3.      Malwarebytes (http://www.malwarebytes.org/) and

also
http://www.combofix.org/download.php   .
http://www.surfright.nl/en/hitmanpro

will the malware allow me to open firefox and download these and run?

will FixNCR.reg  automatically fix the bad registry?
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 200 total points
ID: 37736217
It also said to get
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
(see the "and" at the end of #3?)

You may need to download the files using another computer, then copy them over using floppy, CD, USB stick, et cetera..

FixNCR.reg will fix the change the malware makes in the registry that restarts itself every time you try to run any exe file. So, yes...  fix the registry, then run #2 and both the #3's, without rebooting.

Then continue on down through the comments and check if the leftover symptoms mentioned are present in your installation, and if so, follow those fixes, too.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now