Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Security Master takes over Toshiba laptop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Security Master takes over Toshiba laptop

Unread postby Stupid » September 9th, 2010, 3:57 pm

Hi Folks, I'm helping a friend with a fairly new Toshiba laptop with Windows 7 on it. The owner failed to download or activate a virus suite when she setup the computer.
Now Security MasterAV has taken over the computer. This is the first time I've seen this malware so I'm not familar with symtoms created by it but I've only seen prompts from AV Security Master on this computer. Some
of these prompts state that there are 40 up to as many as 130 issues, most look to be false issues or even required by Windows or other programs.
These prompts act a lot like a normal virus suite, asking the owner to activate the program but when I click on the activate tab a brouser window opens but does not load.
Many things do not work corectly, such as the cursor sticking to the scroll option for a second or two, this happens whether or not the cursor is located over the scroll bar or not.
The synaptics pad also has issues I haven't seen in Windows or any properly working computer, this is mostly not reacting to touch and not releasing the cursor when I stop touching it but it also highlites randomly.
This computer seems to work fairly well considering how long it has been run without and malware protection. I haven't noticed any bad systoms and it seems to go on line without major problems.
The shut down/sleep button also seems to be stuck in the shut down mode with the install updates and shut down notice on, the updates do not instal when this tab is pressed, when I change the function of the off tab in properties it does not change.
The highlight function also works on it own a lot, more than can be dismissed. Since I am not familer with this computer I don't know how many of these minor problems are associated with the Security Master AV malware,
how many are caused by other issues that found this computer while it's been unprotected. There seems to be a problem installing a virus program such as AVG free,
after installing AVG I get an error prompt and AVG will not run. The Security Master AV also will not open it's install site but I don't know if it has an install site or just fakes it to fool a novice user.
If you have any questions please contact me J Wolfe, user name "Stupid" email address is egil7erik@gmail.com, this is not my registered email address (registered email: jameswolfe@dishmail.net will also work) with MR but the one I use for most of my communications.
Please find the Hijack This log below and the Uninstall list below the Hijack This log,

Also I made an error in my email address when I reistered the first time and now can not receive the authorisation email from MR. How would I fix this problem?

Thank You so very much for doing the good things you do so well! J wolfe









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:58 AM, on 9/9/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\ProgramData\5465ba9\SM5465.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\AV Security suite removal\SpyHunter-Installer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 74.82.216.3 http://www.google.com
O1 - Hosts: 74.82.216.3 google.com
O1 - Hosts: 74.82.216.3 google.com.au
O1 - Hosts: 74.82.216.3 http://www.google.com.au
O1 - Hosts: 74.82.216.3 google.be
O1 - Hosts: 74.82.216.3 http://www.google.be
O1 - Hosts: 74.82.216.3 google.com.br
O1 - Hosts: 74.82.216.3 http://www.google.com.br
O1 - Hosts: 74.82.216.3 google.ca
O1 - Hosts: 74.82.216.3 http://www.google.ca
O1 - Hosts: 74.82.216.3 google.ch
O1 - Hosts: 74.82.216.3 http://www.google.ch
O1 - Hosts: 74.82.216.3 google.de
O1 - Hosts: 74.82.216.3 http://www.google.de
O1 - Hosts: 74.82.216.3 google.dk
O1 - Hosts: 74.82.216.3 http://www.google.dk
O1 - Hosts: 74.82.216.3 google.fr
O1 - Hosts: 74.82.216.3 http://www.google.fr
O1 - Hosts: 74.82.216.3 google.ie
O1 - Hosts: 74.82.216.3 http://www.google.ie
O1 - Hosts: 74.82.216.3 google.it
O1 - Hosts: 74.82.216.3 http://www.google.it
O1 - Hosts: 74.82.216.3 google.co.jp
O1 - Hosts: 74.82.216.3 http://www.google.co.jp
O1 - Hosts: 74.82.216.3 google.nl
O1 - Hosts: 74.82.216.3 http://www.google.nl
O1 - Hosts: 74.82.216.3 google.no
O1 - Hosts: 74.82.216.3 http://www.google.no
O1 - Hosts: 74.82.216.3 google.co.nz
O1 - Hosts: 74.82.216.3 http://www.google.co.nz
O1 - Hosts: 74.82.216.3 google.pl
O1 - Hosts: 74.82.216.3 http://www.google.pl
O1 - Hosts: 74.82.216.3 google.se
O1 - Hosts: 74.82.216.3 http://www.google.se
O1 - Hosts: 74.82.216.3 google.co.uk
O1 - Hosts: 74.82.216.3 http://www.google.co.uk
O1 - Hosts: 74.82.216.3 google.co.za
O1 - Hosts: 74.82.216.3 http://www.google.co.za
O1 - Hosts: 74.82.216.3 http://www.google-analytics.com
O1 - Hosts: 74.82.216.3 http://www.bing.com
O1 - Hosts: 74.82.216.3 search.yahoo.com
O1 - Hosts: 74.82.216.3 http://www.search.yahoo.com
O1 - Hosts: 74.82.216.3 uk.search.yahoo.com
O1 - Hosts: 74.82.216.3 ca.search.yahoo.com
O1 - Hosts: 74.82.216.3 de.search.yahoo.com
O1 - Hosts: 74.82.216.3 fr.search.yahoo.com
O1 - Hosts: 74.82.216.3 au.search.yahoo.com
O1 - Hosts: 67.230.163.203 http://www.google.com
O1 - Hosts: 67.230.163.203 google.com
O1 - Hosts: 67.230.163.203 google.com.au
O1 - Hosts: 67.230.163.203 http://www.google.com.au
O1 - Hosts: 67.230.163.203 google.be
O1 - Hosts: 67.230.163.203 http://www.google.be
O1 - Hosts: 67.230.163.203 http://www.google.com.br
O1 - Hosts: 67.230.163.203 google.ca
O1 - Hosts: 67.230.163.203 http://www.google.ca
O1 - Hosts: 67.230.163.203 google.ch
O1 - Hosts: 67.230.163.203 http://www.google.ch
O1 - Hosts: 67.230.163.203 google.de
O1 - Hosts: 67.230.163.203 http://www.google.de
O1 - Hosts: 67.230.163.203 google.dk
O1 - Hosts: 67.230.163.203 http://www.google.dk
O1 - Hosts: 67.230.163.203 google.fr
O1 - Hosts: 67.230.163.203 http://www.google.fr
O1 - Hosts: 67.230.163.203 google.ie
O1 - Hosts: 67.230.163.203 http://www.google.ie
O1 - Hosts: 67.230.163.203 google.it
O1 - Hosts: 67.230.163.203 http://www.google.it
O1 - Hosts: 67.230.163.203 google.co.jp
O1 - Hosts: 67.230.163.203 http://www.google.co.jp
O1 - Hosts: 67.230.163.203 google.nl
O1 - Hosts: 67.230.163.203 http://www.google.nl
O1 - Hosts: 67.230.163.203 google.no
O1 - Hosts: 67.230.163.203 http://www.google.no
O1 - Hosts: 67.230.163.203 google.co.nz
O1 - Hosts: 67.230.163.203 http://www.google.co.nz
O1 - Hosts: 67.230.163.203 google.pl
O1 - Hosts: 67.230.163.203 http://www.google.pl
O1 - Hosts: 67.230.163.203 google.se
O1 - Hosts: 67.230.163.203 http://www.google.se
O1 - Hosts: 67.230.163.203 google.co.uk
O1 - Hosts: 67.230.163.203 http://www.google.co.uk
O1 - Hosts: 67.230.163.203 google.co.za
O1 - Hosts: 67.230.163.203 http://www.google.co.za
O1 - Hosts: 67.230.163.203 http://www.google-analytics.com
O1 - Hosts: 67.230.163.203 http://www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Security Master AV] "C:\ProgramData\5465ba9\SM5465.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11374 bytes




UNINSTALL FILE

Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Best Buy Software Installer
Catalyst Control Center - Branding
Compatibility Pack for the 2007 Office system
HiJackThis
HijackThis 2.0.2
Java(TM) 6 Update 14
Junk Mail filter update
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Web Camera Application
ToshibaRegistration
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Stupid
Active Member
 
Posts: 1
Joined: September 9th, 2010, 11:51 am
Advertisement
Register to Remove

Re: Security Master takes over Toshiba laptop

Unread postby NonSuch » September 10th, 2010, 4:26 am

I see from your HJT log that you're using a 64 bit operating system.

Unfortunately, the tools we use to analyze and remove infections do not work properly on a 64 bit operating system, and their results cannot be relied upon. Because of this, it is almost impossible for us to correctly diagnose problems, and the fixes we might offer could potentially do as much damage to your computer as any infection you might have.

Due to the above stated reasons, we do not at this time offer support for 64 bit operating systems. We are sorry that we are currently unable to assist you.

To edit your email address, click on "User Control Panel" on the upper right portion of any forum page. Then in the left panel, select "Profile" then "Edit account settings." Make the needed change, then click on "Submit."

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 495 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware