Windows Security pop up

[Colin Brett]

whenever I try to launch any program from my Desktop I get a Windows Security message: Your internet security settings prevented one or more files from being opened.

 

I can't run Malwarebytes from any location, System restore won't work and it's the same in safe mode.

 

I have a dual boot system with win7 in 32 and 64 bit installed on different partitions. 32 bit works OK and I've run MWBs from there and found some bad stuff that I've removed but still have the same problem.

 

Any ideas??

 

Log from MWBs

 

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

 

Database version: v2011.12.24.05

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Colin :: NEWSUPABITZA [administrator]

 

29/12/2011 12:58:24

mbam-log-2011-12-29 (12-58-24).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 579611

Time elapsed: 1 hour(s), 56 minute(s), 30 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

H:\$Recycle.Bin\S-1-5-21-1930045587-1373935355-4174370426-1000\$RSDVEVU.ACTiVATED\sources\$oem$\$$\Setup\scripts\faXcooL.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

H:\$Recycle.Bin\S-1-5-21-1930045587-1373935355-4174370426-1000\$RSDVEVU.ACTiVATED\tools\enterprise\mini-KMS Activator [1.072]\mKMSAct.exe (PUP.Hacktool) -> Quarantined and deleted successfully.

H:\$Recycle.Bin\S-1-5-21-1930045587-1373935355-4174370426-1000\$RM3THEF.1GB_NEW\RemoveWAT226.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

[kirisute]

Chances are you have a root kit or classic fake av infection.

Download Avast anti virus and let it run a boot time scam. It's simple to setup..install, open program, choose scans, then click schedule boot time scan...restart your pc and let it do it's job.

Next up search the Internet for a piece of software called Roguefix, your after version 3. You might struggle to find it because the original writer took his site down due to his work being copied and plagiarised....if you simply can't find it let me know and I'll upload it to my Dropbox for you.

Chances are you will find it as a .bat file....just download and rename it to a .exe.

Run the program as administrator and let it do it's thing. Then choose whether to reset your homepage/ desktop and finally it will restart your system.

These two thing will hopefully sort your problems out.

Allot of malware/ fake ware is disabling task manager and suchlike theses days...also seen them "hide" all the user files etc which can be a bastard to sort out.

Like I say if you simply can't find Roguefix then let me know...I'll Dropbox it to you via pm

 

On top of that you really need to get ie9 for its extra security features.

 

Finally if you can then run all scans within "safe mode"

Edited December 30, 2011 by kirisute

[Colin Brett]

Thanks for getting back on this one.

I already have Avast and am presently running the boot scan [takes a while doesn't it!]

 

Tried to find Roguefix 3 and downloaded it but it says it's not suitable for my system?? I'm running [or was] Windows 7 64 bit so if you can help with the Roguefix file I'd appreciate it.

 

Thanks again,

 

Colin

[kirisute]

Thanks for getting back on this one.

I already have Avast and am presently running the boot scan [takes a while doesn't it!]

 

Tried to find Roguefix 3 and downloaded it but it says it's not suitable for my system?? I'm running [or was] Windows 7 64 bit so if you can help with the Roguefix file I'd appreciate it.

 

Thanks again,

 

Colin

http://dl.dropbox.com/u/20359976/Roguefix_3.008.bat

there ya go.

i happily use it on all versions of windows even 64bit.

just make sure you run as administrator

[Colin Brett]

Thanks again, I've followed your instructions but still getting the same message. However I have created a new admin account and I can get everything that was created with the new account to work. So perhaps it's just a corrupted user account??

 

I'll try transferring my folders and files over tomorrow.

 

Thanks again,

 

Colin

[Colin Brett]

Well the new admin account worked fort a while and is now the same as the previous one. I didn't get the chance to transfer all the programs and files.

I'm, about to run an online scan but can only do it from the 32 bit system on the same computer. Fingers and legs firmly crossed or it's a likely clean install in the morning.

 

Colin

[kirisute]

Well the new admin account worked fort a while and is now the same as the previous one. I didn't get the chance to transfer all the programs and files.

I'm, about to run an online scan but can only do it from the 32 bit system on the same computer. Fingers and legs firmly crossed or it's a likely clean install in the morning.

 

Colin

certainly sounds like you have a nasty

an online scan wont touch it if that is the case..because your using a browser to run the scan alot of the BHO files will be locked and therefore un-touchable for a scan. you might detect it but chances are you wont clean it properly....a partial clean might happen, but i personally wouldnt trust it.

alot of these new virus/malware buggers use the integrated systems of IE to access all manner of windows loop holes..which usually means things like chrome and firefoix will also be effected; and runing a scan within the infected system (ie via a browser) usually wont solve the issue at all.

there really is no reason you shouldbt be able to run Roguefix.

ive just sat here and run it on my windows 7 64 bit system with no issue at all.

[Colin Brett]

Well I went for a clean install in the end and all is now well. I'm still puzzled as to where this came from or got in as I thought my security was pretty good?

 

Ref. Roguefix, it just couldn't be run from the infected version of Win7 64 either in normal or safe mode.

 

It was OK when used in Win7 32 and I scanned the infected drive. It found some problems but not the one that mattered, which I guess is understandable seeing it wasn't run from within the 64b system?

 

Anyway thanks for your help and should you fancy a days fishing down Cambridge way let me know and I'll arrange a free day on one of our club's waters.

Visit our Website

 

Colin

[kirisute]

Well I went for a clean install in the end and all is now well. I'm still puzzled as to where this came from or got in as I thought my security was pretty good?

 

Ref. Roguefix, it just couldn't be run from the infected version of Win7 64 either in normal or safe mode.

 

It was OK when used in Win7 32 and I scanned the infected drive. It found some problems but not the one that mattered, which I guess is understandable seeing it wasn't run from within the 64b system?

 

Anyway thanks for your help and should you fancy a days fishing down Cambridge way let me know and I'll arrange a free day on one of our club's waters.

Visit our Website

 

Colin

my pleasure!

sounds like a plan!

ill return the favour..you ever fancy a day on our lakes then let me know.

Fakenham Angling Club

 

need to find somewhere i stand a chance of being able to break the new pen rod world record! you have any lakes where i can chance a 22lb fish on one of my micro rods? LOL

some git in the US just broke my 17.5lb carp with a 21lb beast!!

 

as for your "bug"

dont panic these things usually manage to winkle their way past most anti virus systems these days..simply because they dont actually act like a virus attack. all you will know of it is that you might hit a website that shows a pop up saying your pc has errors..and BAM!

i have maybe 3 pc's a week through the ofifce with similar issues..some you simply cant resolve without a format..

if your lucky then malwarebytes, roguefix and ccleaner will do the job. they really can be a nightmare!

my best solution is Avast anti virus, fully up to date IE (version 9), and regular running of ccleaner. Avast is usually pretty hot at stopping and blocking the website popups....but if you do ever hit one then your very best bet is to ctrl-alt,del and close down the internet task from task manager...alot of the pop-ups will infect when you choose NO, or CLOSE etc so closing the task itself resolves the issue without them getting the chance to infect.

[Colin Brett]

my pleasure!

sounds like a plan!

 

need to find somewhere i stand a chance of being able to break the new pen rod world record! you have any lakes where i can chance a 22lb fish on one of my micro rods? LOL

some git in the US just broke my 17.5lb carp with a 21lb beast!!

 

Carp to 34lb any good to you? Sounds like a summer time venture.

 

Colin