Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

XP Security 2011 Infestation

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: XP Security 2011 Infestation

Unread postby Cypher » March 28th, 2011, 5:45 am

Hi Denske.
That icon is a warning that something is not active security wise.
Check to see if the Avira AntiVir guard is enabled.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: XP Security 2011 Infestation

Unread postby Denske » March 28th, 2011, 6:53 pm

Cypher,

Avira is active. The one that is not active is the rogue security agent.

Denske
Denske
Regular Member
 
Posts: 30
Joined: September 10th, 2010, 10:42 am

Re: XP Security 2011 Infestation

Unread postby Cypher » March 29th, 2011, 11:54 am

Hi Denske.
There is no evidence of XP Security 2011 in your logs now but we can run a few more checks.
I have also confirmed that the icon you are seeing, is the XP security centre indicating something security wise is disabled.

Defence Inspector

  • Please download Defence Inspector.exe and save it to your desktop.
  • Double-click DefenceInspector to run it.
  • When presented with the option to begin the scan, please press any key to continue.
  • When DefenceInspector has finished scanning a log will appear.
  • Please post the entire contents of this log in your next reply.
.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: XP Security 2011 Infestation

Unread postby Denske » March 29th, 2011, 2:39 pm

Cypher,

Here is the file. Perhaps I have been assuming too much in my conclusion about the involvement of this particular icon in the problems I had. The pop-ups and fake warnings seemed to come from this particular icon when it was enabled. By the way, when it was enabled, it had standard Windows colors, the somewhat pastel red, yellow, green and blue in place of the "X." What I think I understand you are telling me is that there is a legitimate XP security application that uses an icon like that.

Anyway, here is the defence inspector file:

Denske

Defence Inspector (Version 1.0.1)
Log created at 14:29:01 on March 29, 2011

-= System =-
Windows XP (32-bit, Service Pack 3)
Windows Update: Automatic installation
System Restore: ON (45 restore point(s) available)

-= User Accounts =-
Administrator (Admin)
User (Admin)
Guest (Disabled)
HelpAssistant (Disabled)
SUPPORT_388945a0 (Disabled)

-= Security Programs =-
Avira AntiVir
Malwarebytes' Anti-Malware
Windows Firewall: Disabled

-= Other Programs =-
Adobe AIR 2.6.0.19120
Adobe Flash Player (Plugin) 10.2.152.26
Adobe Flash Player (ActiveX) 9.0.124.0
Internet Explorer 8.0.6001.18702
Java 1.6.0_24
Mozilla Firefox 3.6.16 (en-US)

-= EOF =-
Denske
Regular Member
 
Posts: 30
Joined: September 10th, 2010, 10:42 am

Re: XP Security 2011 Infestation

Unread postby Cypher » March 29th, 2011, 2:52 pm

Hi Denske.
What I think I understand you are telling me is that there is a legitimate XP security application that uses an icon like that.

Yes that's what i meant, as you can see from this screen shot, from an XP PC that is clean, it is a legitimate XP security centre icon.
As mentioned it indicates that a security application is disabled.

Image

Are you currently experiencing any popups or fake alerts?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: XP Security 2011 Infestation

Unread postby Denske » March 29th, 2011, 3:43 pm

Hi, Cypher,

Thanks for making that clear to me. I don't see that icon, enabled or disabled, on the other computer I use regularly. I thought the whole thing was fake.

Right now the computer seems to be working fine. I get no fake alerts, no redirects of attempts to go to web sites and no other obvious problems. As I mentioned a few posts ago, if I park the cursor over the subject icon and right click, I am given the option of "Open Security Center" and "Go to Microsoft Security Web Site." I guess at some point you will suggest I select one of these or otherwise enable the application. My apprehension about it may be unfounded. I will stand by for your next instructions.

Denske
Denske
Regular Member
 
Posts: 30
Joined: September 10th, 2010, 10:42 am

Re: XP Security 2011 Infestation

Unread postby Cypher » March 30th, 2011, 5:15 am

Hi Denske.
I don't see that icon, enabled or disabled, on the other computer I use regularly.

You won't see that icon on your other computer unless something security wise needs attention.
if I park the cursor over the subject icon and right click, I am given the option of "Open Security Center" and "Go to Microsoft Security Web Site."

If you chose Open Security Center what is it telling you? i suspect this is the problem.
Windows Firewall: Disabled

Check Security Center

  • Got to Start, Run.
  • Type wscui.cpl into the box and hit Enter.
  • It should report Firewall ON, Automatic Updates ON, Virus Protection ON.
  • If any are OFF, choose Manage Security Settings for the item and correct it.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: XP Security 2011 Infestation

Unread postby Denske » March 30th, 2011, 8:44 pm

Hi Denske.
Quote:
I don't see that icon, enabled or disabled, on the other computer I use regularly.
Hi, Cypher,

You won't see that icon on your other computer unless something security wise needs attention.


Thanks for the explanation

If you chose Open Security Center what is it telling you? i suspect this is the problem.


It showed that the firewall and automatic updates were disabled.

In running wscui.cpl I was able to turn on the firewall, but when I tried to turn on automatic updates I got the messages that it couldn't be done that way and to go to control panel. Using control panel didn't work either. I was about to try a manual update, but thought I wait to see if that would be a step you would recommend.

Denske
Denske
Regular Member
 
Posts: 30
Joined: September 10th, 2010, 10:42 am

Re: XP Security 2011 Infestation

Unread postby Cypher » March 31st, 2011, 6:11 am

Hi Denske.
Yes go ahead and try a manual update, if you still have problems run through the instructions in the link below.

How to configure and use Automatic Updates in Windows

Let me know how you get on.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: XP Security 2011 Infestation

Unread postby Denske » March 31st, 2011, 7:46 pm

Cypher,

Nothing I have tried works to turn on Automatic Updates. When I go to the Microsoft web site and click on either express or custom buttons, the following message is returned:


[Error number: 0x80070424]

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

For self-help options:
    Frequently Asked Questions
    Find Solutions
    Windows Update Newsgroup

For assisted support options:
    Microsoft Online Assisted Support (no-cost for Windows Update issues)

I have also tried running "MicroSoft Fixit" from their update site. Didn't work either.

Denske
Denske
Regular Member
 
Posts: 30
Joined: September 10th, 2010, 10:42 am

Re: XP Security 2011 Infestation

Unread postby Cypher » April 1st, 2011, 5:23 am

Hi Denske.
The problems you are still experiencing are not coming from malware as all of your latest logs have come back clean.
As this is a dedicated Malware Removal site I think those issues are best left to experts elsewhere..
Here are some excellent Tech sites (in no particular order) that may be able to help with these problems:


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.

This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clear Java cache

  • Click on Start > Control Panel > Classic view then double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • There are two options in the window to clear the cache - Leave BOTH Checked.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
  • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Next.

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next.

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: XP Security 2011 Infestation

Unread postby Cypher » April 2nd, 2011, 5:58 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware