WiredWX Hobby Weather ToolsLog in

 


descriptionSystem security problem EmptySystem security problem

more_horiz
I have downloaded anti-virus programs but the virus won't allow me to run them. I opened the first time users guide here and it wouldn't let me open the Java download either.
Help.....
John

descriptionSystem security problem EmptyRe: System security problem

more_horiz
See if you can run HijackThis:

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionSystem security problem EmptyRe: System security problem

more_horiz
Still blocked it.
John

descriptionSystem security problem EmptyRe: System security problem

more_horiz
Download IceSword from here:

http://rapidshare.com/files/246323341/IceSword.exe

Tell me if it stays open.

descriptionSystem security problem EmptyRe: System security problem

more_horiz
I still get the "warning the file you are opening is infected" on lower right when I try to open it. It starts to open for less than a half second and stops when the warning comes on. This also happens when trying to open a program like Window Washer on the windows screen. It also delays getting onto IE but finally lets me on.
John

descriptionSystem security problem EmptyRe: System security problem

more_horiz
Hello.
Right click the IceSword you have now, select Rename. Rename IceSword.exe to winlogon.exe and see if it will run now.

descriptionSystem security problem EmptyRe: System security problem

more_horiz
couldn't open it as winlog.exe either. It opens momentarily then goes away.....CRAP
I'm donating anyway. Thanks for trying so hard for someone you've never met. A great service. I need an updated computer anyway.
John

descriptionSystem security problem EmptyRe: System security problem

more_horiz
See if you can run ComboFix:



  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

System security problem CF_download_FF

System security problem CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionSystem security problem EmptyRe: System security problem

more_horiz
It tried to run (a second) which is longer then the others but they were interrupted by the virus.
John

descriptionSystem security problem EmptyRe: System security problem

more_horiz
Can you download Hijack This from here?
http://www.mediafire.com/?dlt5m1lyjwk

descriptionSystem security problem EmptyRe: System security problem

more_horiz
Hi jrfoy2, I just spent 3 hours at my friends house trying to help her get System Security off of here computer. Right when I was about to give up I was successful in thwarting it.

Here's what worked for me:

Go to C:\Documents and Settings\LocalService\Application Data. You should find some folders that have random numbers. The ones that I found had these numbers: 99137956, 19127964, 99137956. There were some more, I think five in all but I didn't record their numbers.

I opened up each folder and tried to delete each file individually. In two of the folders I opened I found a green System Security icon. I was successful in deleting everything expect for the files with the green icon. I thought these files must be the start up files for the buggers, then I thought "no start up files no virus." Also, I deleted some random number folders with nothing in them.

I found that I wasn't able to delete the files with the icon so but that I was able to change the name, so I did. I think this confuses the computer when it tries to run the program on start up, like it can't find it.

At this point I restarted the computer. First thing after restart I went to C:\Documents and Settings\LocalService\Application Data again and I deleted the remaining folders with the green system security icons. I was then free to run programs again. So I promptly started running the anti-virus software that my friend had on her computer. I had to go after this so I wasn't able to see it through. I don't think this completely eradicated the virus but it did give back some control.

Oh by the way, if Task Manager is still locked go to Start > Run And copy and paste this in (without the ""): "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f".

This worked for me. I hope it works for you.

-T

descriptionSystem security problem EmptyRe: System security problem

more_horiz
Hello TrevoJ.

While your fix would work by thoery, we ask that members do not post here if not the victim.

descriptionSystem security problem EmptyRe: System security problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum