Spyware, Viruses, & Security forum

General discussion

Another fake warning screen

by N.T.Gray / October 3, 2010 10:14 PM PDT

I've got a Dell Dimension 4600 desktop (Pentium 4 chip) running WinXP.

This time the warning said "Microsoft Security Essentials" and after considering for while, decided it was legitimately coming from my own computer. It identified the infection only as "Unknown Win32/trojan"

Stupid decision.

Now I've got another virus that doesn't want to let me do anything until I buy the "removal" software. Malwarebytes running from the SAFE screen didn't catch anything. AVG said it caught something, but nothing changed when I booted up to normal screen again. From the safe screen I can run my existing anti-virus programs, but I can't seem get online. I tried to run Hitman (which worked last time), but the free trial period expired and I can't get online to attempt to purchase it. (I don't even know if this is a good idea).

So I have a virus that's got my computer locked up and it isn't letting me do anything. Even in SAFE mode, I can't get at the task manager. If I hit ctrl/alt/del the fake warning message pops up and I have to shut down and start over. Can't go online, either.

Any thoughts?


Post a reply
Discussion is locked
You are posting a reply to: Another fake warning screen
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Another fake warning screen
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Removing Fake Microsoft Security Essentials..
by Carol~ Forum moderator / October 3, 2010 10:41 PM PDT

N.T. Gray..

Follow ALL the instructions in the below guide. As noted in Step #2, you're going to have to use another (clean) computer to download the necessary files and trasfer them to yours. Using Rkill should kill the process and eventually allow you to complete the disinfection process.

Remove the Fake Microsoft Security Essentials Alert Trojan and AntiSpySafeguard .

If you run into any problems along the way, please post back and let us know.

Best of luck..

Collapse -
It won't lety rkill open
by N.T.Gray / October 3, 2010 10:56 PM PDT

Got rkill onto the computer. In SAFE mode, when I click on rkill the warning screen pops up. When I click on rkill again with the warning screen still showing, the screen flashes and then there's just the warning screen again. No rkill. Third, fourth, and fifth attempts all yielded the same result.

Now what?


Collapse -
If One Doesn't Run..
by Carol~ Forum moderator / October 4, 2010 12:11 AM PDT

If Rkill.com doesn't work for you, try one of the below. You only need one to work:


What happened when you ran the iExplore.exe, as per the instructions?? You said you ran Malwarebytes' Anti-Malware and it didn't find anything. When was the last time it was updated? If it was recently, it should have detected it.

Try the above. If they don't work, you can also give the below a try.



Collapse -
A Word of Caution
by Carol~ Forum moderator / October 4, 2010 12:40 AM PDT
In reply to: If One Doesn't Run..

After successfully running Rkill, or whichever tool works, do NOT reboot. Immediately update MBAM and run a scan.

Collapse -
Added Note..
by Carol~ Forum moderator / October 3, 2010 11:02 PM PDT

Something to check, on the outside chance the malware has changed your settings to use a Proxy Server. Open IE and go to Tools>Internet Options>Connection Tab. Click on the LAN settings button. IF there is a check mark next to "Use a proxy server for your LAN" (as seen here) uncheck it. Click OK. Then OK again.

In this instance, it may not have been changed, but it's worth checking anyway.

Collapse -
Can't get on to IE8
by N.T.Gray / October 4, 2010 1:44 AM PDT
In reply to: Added Note..

Earlier I was able to get onto IE although there was no internet connection. Now when I click on the IE icon (single click on the bottom task bar or double click on the desktop icon, either one) the fake warning immediately pops up. I can't get at anything.

I'm thinking that maybe it's time to upgrade to Win8 anyway, and if I install that (I have to do a complete reinstall on this computer, not just an upgrade) that should wipe out this virus in the process. Will it be that simple, or will the virus interfere with the new installation process? But I hate to give up. Any other suggestions for solving the problem before I go to Plan B?

Collapse -
Some Information Needed..
by Carol~ Forum moderator / October 4, 2010 6:52 AM PDT
In reply to: Can't get on to IE8


In my post with the subject, "If One Doesn't Run" I made some suggestions. Did you download the ALL the files to another computer and transfer them to yours, as per the instructions? Did you try to run ALL the files? If so, what problems did you experience? If there's any confusion regarding how Rkill works, please read this, by its developer.

If you continue to have a problem, perhaps these instructions will simplify it for you. Note where renaming the MBAM files is mentioned.


Collapse -
There's no Windows 8 yet.
by Donna Buenaventura / October 4, 2010 1:08 PM PDT
In reply to: Can't get on to IE8

But there is Windows 7 and IE8.
1. If you are to fresh install the OS (a clean installation), then the malware may go away.
2. If you are to run an upgrade install of the OS, the virus won't go away.

If you will do #2, you need to try removing the malware before upgrading to Windows 7.
Hope you've tried the other suggestions of Carol e.g. by using other format of Rkill.

You don't need rkill if you will turn on the system to safe mode.
If nothing works, please try this:
1. Reboot the computer to safe mode with networking
2. Download Hijackthis (the executable version) from http://free.antivirus.com/hijackthis/
3. Run HijackThis then put a check mark on the F2 entry that have antispy.exe on it, and then click "Fix checked" button.
4. Reboot the system to normal mode
5. Scan using Malwarebytes after updating the database.

Collapse -
Oops *blush*
by N.T.Gray / October 5, 2010 1:33 AM PDT

Yeah, I knew that. Really.

If I can't get one of the alternate versions of rkill to work, I'll try what you're dusggesting here. I did try rkill.pdf (it didn't work), but I have not yet had a chance to try rkill.scr and the rest of Carol's recommendations.

After I do, I'll let you know how it works.

Collapse -
Good luck!
by Donna Buenaventura / October 5, 2010 2:14 AM PDT
In reply to: Oops *blush*

Continue to try rkill (any format) in normal mode. If there's no way that rkill is killing the fake MSE trojan alert while it is open or not (the fake alert), you can start the other method (by using Hijackthis to fix the F2 entry that has antispy.exe).

Just don't put a check mark in all entries that Hijackthis will display but the F2 entry only, that points to antispy.exe.

Again, good luck.

Collapse -
What I had to do....
by DouginSC / October 8, 2010 12:52 PM PDT

I got this fake MSE warning about 3 days ago (Oct 2010). Since I do not use MSE it was obviously a scam/fake alert. ...as the thread here proves. It completely took over my laptop and closed all open programs except the bogus warning screen. I could not open the task manager nor do anything from the tray, nor shut down windows. I also could not open any programs including my trusty MalwareBytes. Alt-F4 would not close it either. But there was no way I was going to click anywhere on that thing.

What I had to do was power off the laptop by holding down the power button. But when I then restarted Windows that sickening MSE warning screen quickly reappeared and locked up everything again. So I again powered down. But the next time I started Windows I quickly opened MalwareBytes before that fake MSE screen could pop up. ...and sure enough, pop up it did. But this time MalwareBytes was already open and I could get to it to update it and then run a "quick scan".

The quick scan did indeed show two malicious items. And when I told MalwareBytes to get rid of them, it deleted a file and ended a running program, which made the fake MSE screen disappear. And when I restarted Windows (at the suggestion of MalwareBytes) I have not had any recurrence of that fake MSE warning. YEAAAAAAH!

Thanks again, MalwareBytes!!!!

If that had not worked, I had resolved to put that hard drive in an enclosure and scan it as an external drive with another computer. ...with MB and AVG and AVAST and whatever else I could find.

I hope that helps someone.

Collapse -
Another fake warning screen
by Dave T / October 8, 2010 1:22 PM PDT

Reboot, press F8 during the boot process. Next, select Last Known Good Configuration, then press ENTER.

If that does not fix your problem then try a system restore using the System Restore Wizard. To use the System Restore Wizard, make sure you're logged on as an administrator, and then follow these steps:

1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

2. On the Welcome screen, click Restore my computer to an earlier time, and then click Next.

3. On the Select a Restore Point page, select the date from the calendar that shows the point you'd like to restore to (perhaps the day before your problem appeared), and then click Next. Keep following the screen prompts, until your system reboots itself in Normal mode.

Hopefully, the problem will have gong away without having to reinstall all your software.

Collapse -
Good advice, but...
by DouginSC / October 8, 2010 2:28 PM PDT

When I got that thing (I forgot to mention it was in XP Home) the START function was locked, too, as soon as the bogus warning appeared, even after rebooting. Your comment reminds me, and as others have mentioned in this thread, that using F8 during reboot I could have restarted in SAFE MODE and then run my favorite anti-spyware(s) from there. ...I think? Apparently, the MalwareBytes team have now added this fake alert to their radar and now it recognizes and deletes it.

Collapse -
another fake warning screen
by denis_pparsons65 / October 8, 2010 7:52 PM PDT

You didn't mention when you went into safe mode that you tried System Restore in safe mode.It gives you an option to continue with safe or go into system restore.I DID THIS AND GOT RID OF MY VIRUS.DO SAFE AGAIN AND WATCH FOR THIS BOX IN THE CENTRE OF THE SCREEN.

Collapse -
Does it look something like this?
by Dango517 / October 9, 2010 5:29 AM PDT
Collapse -
System Restore worked
by N.T.Gray / October 9, 2010 7:27 AM PDT

I don't usually consider myself stupid, but every now and then I wonder.
I have never had occasion to use System Restore and I thought it wouldn't work here because I have never manaully set a restore point.
Dumb. The computer sets restore points automatically on a regular basis. Duh!
So after I hit F8 to go into Safe Mode, I clicked NO (Read the prompt carefully, as I did not) and went into System Restore. I chose the last date before I knew I had this problem, and, well, what a surprise. . .it worked. My wife's computer is back in business.
But in any case I appreciate all the help you guys gave.


Collapse -
Fake Warning Screen
by smilesalot / October 25, 2010 12:39 PM PDT

Don't know if this will help - not a techie person but article in 17 Oct newspaper - "Don't pay scamming pirates to get your computer back" by Steve Alexander Minneapolis Star Tribune- "Security Tool" reports bogus problems & charges to fix them - free fix non techie is to run malwarebytes.org but tech-savvy solution, see tinyurl.com/2dbju3r/ or tinyurl.com/yhnnu8a - it's about security "bought" online. Hope you resolve your dilemma!

Collapse -
This found things all others missed and it's free:
by rookaloo / October 29, 2010 3:19 PM PDT


Good luck!

Technophobe Julie

Collapse -
Another fake..... superantispyware.
by denis_pparsons65 / October 30, 2010 7:54 PM PDT

I've tried this and it found several Trojans.I then did a spyware search with XsoftSpySE,and it found 0 spyware.This proves that Superantispyware found something and the other one did not.I now do not know which one to keep and which one to delete.Maybe I'll keep both,it doesn't hurt to have two antispyware programmes.I've also got anti spy on Kaspersky,so I'm well protected(I THINK).

Collapse -
Ah yes this lovely piece of sh*t.
by ceb39usa / October 30, 2010 1:25 AM PDT

The bottom line of this thing appears to get you to buy one of the software packages they offer to fix this problem, wrong assumption. The bottom line is to get your credit card number and, I'll give you one guess what happens after that.

When this piece of crap landed on my computer I went through various steps to remove it, none of which seem to work. The fact that I was unable to launch any browser on my desktop didn't either.

What saved me was I also had a laptop so I was able to get some info on this thing.

I downloaded a piece of software titled "SUPERAntiSpyware". The version I downloaded was their free version. Copied it to a flash drive and plugged the drive into my desktop and ran the software from there. It got rid to this crap.

Eventually I downloaded and bought the upgraded to this software and run it every time I boot up. I run it along with Nortons Internet Security software.

The SUPERAntiSpyware software really catches all sorts of things on my computer, isolates them, and then kills them when I tell it to.

A word of caution: Do not be dumb like me. Before the Alert software installed itself on my computer I was running without any security software. Considering the amount of time I spent getting this thing off my computer, a few bucks spent buying and installing security software is worth it.

Hope this helps.


Collapse -
I have a great program for exactly this.
by brybhoy1888 / April 23, 2011 8:45 AM PDT

I am on windows 7 pro and WINDOWS DEFENDER was alreay in with all my programs,but i have posted some new info on my new laptops adventures to be read at the foot of this page,just helps us that bit more guy's. Strange days we live in for all this grief and is it all really worth it ,laptop brand new and my p4 is going on e-bay for some student to play games on. lok for brybhoy. thanks all some good people at last to talk tech with. ahhh bisto.

Collapse -
Did same thing
by bgthompson / October 30, 2010 2:01 AM PDT

Downloaded Mozilla Firefox, Spybot, Malwarebyte, and a little unpaid help from Dell. So far so good. Switched from Internet Explorer to Mozilla Firfox, but once in a while the screen will pop up again that started the whole mess but learned my lesson the first time. I quickly delete the screen and sometimes shut down to be safe, then run my Malwarebyte and then Spybot. But because of how Mozilla Firefox works it is easier to spot the screen when it pops up and delete. I'm afraid to go back to Internet Explorer because of this.
Hope I have been of some help Thought I was going to have to spend a couple of hundred dollars to fix this, but not so far.

Collapse -
Wipe your Hard Drive and reload
by Dr_Shalit / October 30, 2010 3:19 AM PDT

Suggestion - If you have them - get your system restore discs and reload to factory defaults. Effectively you will have a new machine. Have a 4600 with a partially melted motherboard, a/k/a "boat anchor" replaced it with a 4700 that I bought for peanuts after "Windows Police Pro" reduced it to running in an endless loop of gibberish. Wiped the harddrive clean, reloaded from scratch, upped the on board RAM to 2Gb and now have a real machine. DrShalit

Collapse -
System restore works better
by N.T.Gray / October 30, 2010 5:46 AM PDT

Wiping and starting over is certainly an option, but booting into Safe mode and then following the prompt to get to system restore proved adequate.

I have a question, though. Now that I've done that restore, is the trojan still in there somewhere, only without a registry entry to get it started? If so, is there a way to find it and truly delete it? Anybody know for sure?


Collapse -
Attention NTGray...
by denis_pparsons65 / October 30, 2010 8:00 PM PDT


Collapse -
by brybhoy1888 / October 30, 2010 8:19 AM PDT

I got the exact one on my windows xp ,pentium 4 about a year ago now, so me thinking well im knackered but but by chance i got a great pc cheap, then three weeks later i went to take my p.c away and there was nowt wrong with it. But when this trojan hit all it was looking for was credit-card details and would not allow me in to any of my programs,no-internet,every-time i tried to go anywhere on my p.c this credic-card details ect. But to be honest i still have a word document with everything it tried so hard to do and as i dont ever use the net for banking what so ever, to be honest i left it thinking it was a gonner but now it's brand new again.

Collapse -
bry bhoy
by brybhoy1888 / October 30, 2010 8:36 AM PDT

I-E 9 Is the best but i still use google as my homepage, but the whole speed thing is far better go on internet explorer. it's so similar to google with the tab that keeps panes you use most, but it's so clean and smart too. As most people use 2/3 browsers i just put google over it and still as fine.

it's one large step for ''Mankind'' but it's a bloody long walk for a arstronaught.


Collapse -
woops more virusis no,no,no
by bry1888 / April 30, 2011 12:15 PM PDT
In reply to: bry bhoy

11 virusis 2 weeks ago on the easter long-weekend + 24 a few days later,moral of this quick story is yet again Defener boxed them off and i just pressed the remove button efore writing down what it was ect...now as windows 7 pro needs a back-up i am stuck as i put the dvd in press back - up then a box appears and stops the whole thing tried 3-times now. I am now really baffled HELP GOD FOLKS ???HELP IM SINKING.

Collapse -
Try A Different Removal Tool
by Grif Thomas Forum moderator / April 30, 2011 12:30 PM PDT

It appears like your current tools aren't doing the job..Or...you're continuing to surf unsafe sites..

Either way, download, install, update, then run a full system scan with the free Malwarebytes program below: Malwarebytes Antimalware

Hope this helps.


Collapse -
Virus, what to do?
by Ojeda1955 / November 1, 2010 6:24 AM PDT

I seriously suggest to you, install XP all over again and watch out next time.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.