32 total posts
(Page 1 of 2)
Removing Fake Microsoft Security Essentials..
Follow ALL the instructions in the below guide. As noted in Step #2, you're going to have to use another (clean) computer to download the necessary files and trasfer them to yours. Using Rkill should kill the process and eventually allow you to complete the disinfection process.
Remove the Fake Microsoft Security Essentials Alert Trojan and AntiSpySafeguard .
If you run into any problems along the way, please post back and let us know.
Best of luck..
It won't lety rkill open
Got rkill onto the computer. In SAFE mode, when I click on rkill the warning screen pops up. When I click on rkill again with the warning screen still showing, the screen flashes and then there's just the warning screen again. No rkill. Third, fourth, and fifth attempts all yielded the same result.
A Word of Caution
After successfully running Rkill, or whichever tool works, do NOT reboot. Immediately update MBAM and run a scan.
Something to check, on the outside chance the malware has changed your settings to use a Proxy Server. Open IE and go to Tools>Internet Options>Connection Tab. Click on the LAN settings button. IF there is a check mark next to "Use a proxy server for your LAN" (as seen here) uncheck it. Click OK. Then OK again.
In this instance, it may not have been changed, but it's worth checking anyway.
Can't get on to IE8
Earlier I was able to get onto IE although there was no internet connection. Now when I click on the IE icon (single click on the bottom task bar or double click on the desktop icon, either one) the fake warning immediately pops up. I can't get at anything.
I'm thinking that maybe it's time to upgrade to Win8 anyway, and if I install that (I have to do a complete reinstall on this computer, not just an upgrade) that should wipe out this virus in the process. Will it be that simple, or will the virus interfere with the new installation process? But I hate to give up. Any other suggestions for solving the problem before I go to Plan B?
Some Information Needed..
In my post with the subject, "If One Doesn't Run" I made some suggestions. Did you download the ALL the files to another computer and transfer them to yours, as per the instructions? Did you try to run ALL the files? If so, what problems did you experience? If there's any confusion regarding how Rkill works, please read this, by its developer.
If you continue to have a problem, perhaps these instructions will simplify it for you. Note where renaming the MBAM files is mentioned.
There's no Windows 8 yet.
But there is Windows 7 and IE8.
1. If you are to fresh install the OS (a clean installation), then the malware may go away.
2. If you are to run an upgrade install of the OS, the virus won't go away.
If you will do #2, you need to try removing the malware before upgrading to Windows 7.
Hope you've tried the other suggestions of Carol e.g. by using other format of Rkill.
You don't need rkill if you will turn on the system to safe mode.
If nothing works, please try this:
1. Reboot the computer to safe mode with networking
2. Download Hijackthis (the executable version) from http://free.antivirus.com/hijackthis/
3. Run HijackThis then put a check mark on the F2 entry that have antispy.exe on it, and then click "Fix checked" button.
4. Reboot the system to normal mode
5. Scan using Malwarebytes after updating the database.
Yeah, I knew that. Really.
If I can't get one of the alternate versions of rkill to work, I'll try what you're dusggesting here. I did try rkill.pdf (it didn't work), but I have not yet had a chance to try rkill.scr and the rest of Carol's recommendations.
After I do, I'll let you know how it works.
Continue to try rkill (any format) in normal mode. If there's no way that rkill is killing the fake MSE trojan alert while it is open or not (the fake alert), you can start the other method (by using Hijackthis to fix the F2 entry that has antispy.exe).
Just don't put a check mark in all entries that Hijackthis will display but the F2 entry only, that points to antispy.exe.
Again, good luck.
What I had to do....
I got this fake MSE warning about 3 days ago (Oct 2010). Since I do not use MSE it was obviously a scam/fake alert. ...as the thread here proves. It completely took over my laptop and closed all open programs except the bogus warning screen. I could not open the task manager nor do anything from the tray, nor shut down windows. I also could not open any programs including my trusty MalwareBytes. Alt-F4 would not close it either. But there was no way I was going to click anywhere on that thing.
What I had to do was power off the laptop by holding down the power button. But when I then restarted Windows that sickening MSE warning screen quickly reappeared and locked up everything again. So I again powered down. But the next time I started Windows I quickly opened MalwareBytes before that fake MSE screen could pop up. ...and sure enough, pop up it did. But this time MalwareBytes was already open and I could get to it to update it and then run a "quick scan".
The quick scan did indeed show two malicious items. And when I told MalwareBytes to get rid of them, it deleted a file and ended a running program, which made the fake MSE screen disappear. And when I restarted Windows (at the suggestion of MalwareBytes) I have not had any recurrence of that fake MSE warning. YEAAAAAAH!
Thanks again, MalwareBytes!!!!
If that had not worked, I had resolved to put that hard drive in an enclosure and scan it as an external drive with another computer. ...with MB and AVG and AVAST and whatever else I could find.
I hope that helps someone.
Another fake warning screen
Reboot, press F8 during the boot process. Next, select Last Known Good Configuration, then press ENTER.
If that does not fix your problem then try a system restore using the System Restore Wizard. To use the System Restore Wizard, make sure you're logged on as an administrator, and then follow these steps:
1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
2. On the Welcome screen, click Restore my computer to an earlier time, and then click Next.
3. On the Select a Restore Point page, select the date from the calendar that shows the point you'd like to restore to (perhaps the day before your problem appeared), and then click Next. Keep following the screen prompts, until your system reboots itself in Normal mode.
Hopefully, the problem will have gong away without having to reinstall all your software.
Good advice, but...
When I got that thing (I forgot to mention it was in XP Home) the START function was locked, too, as soon as the bogus warning appeared, even after rebooting. Your comment reminds me, and as others have mentioned in this thread, that using F8 during reboot I could have restarted in SAFE MODE and then run my favorite anti-spyware(s) from there. ...I think? Apparently, the MalwareBytes team have now added this fake alert to their radar and now it recognizes and deletes it.
another fake warning screen
You didn't mention when you went into safe mode that you tried System Restore in safe mode.It gives you an option to continue with safe or go into system restore.I DID THIS AND GOT RID OF MY VIRUS.DO SAFE AGAIN AND WATCH FOR THIS BOX IN THE CENTRE OF THE SCREEN.
System Restore worked
I don't usually consider myself stupid, but every now and then I wonder.
I have never had occasion to use System Restore and I thought it wouldn't work here because I have never manaully set a restore point.
Dumb. The computer sets restore points automatically on a regular basis. Duh!
So after I hit F8 to go into Safe Mode, I clicked NO (Read the prompt carefully, as I did not) and went into System Restore. I chose the last date before I knew I had this problem, and, well, what a surprise. . .it worked. My wife's computer is back in business.
But in any case I appreciate all the help you guys gave.
Fake Warning Screen
Don't know if this will help - not a techie person but article in 17 Oct newspaper - "Don't pay scamming pirates to get your computer back" by Steve Alexander Minneapolis Star Tribune- "Security Tool" reports bogus problems & charges to fix them - free fix non techie is to run malwarebytes.org but tech-savvy solution, see tinyurl.com/2dbju3r/ or tinyurl.com/yhnnu8a - it's about security "bought" online. Hope you resolve your dilemma!
This found things all others missed and it's free:
Another fake..... superantispyware.
I've tried this and it found several Trojans.I then did a spyware search with XsoftSpySE,and it found 0 spyware.This proves that Superantispyware found something and the other one did not.I now do not know which one to keep and which one to delete.Maybe I'll keep both,it doesn't hurt to have two antispyware programmes.I've also got anti spy on Kaspersky,so I'm well protected(I THINK).
Ah yes this lovely piece of sh*t.
The bottom line of this thing appears to get you to buy one of the software packages they offer to fix this problem, wrong assumption. The bottom line is to get your credit card number and, I'll give you one guess what happens after that.
When this piece of crap landed on my computer I went through various steps to remove it, none of which seem to work. The fact that I was unable to launch any browser on my desktop didn't either.
What saved me was I also had a laptop so I was able to get some info on this thing.
I downloaded a piece of software titled "SUPERAntiSpyware". The version I downloaded was their free version. Copied it to a flash drive and plugged the drive into my desktop and ran the software from there. It got rid to this crap.
Eventually I downloaded and bought the upgraded to this software and run it every time I boot up. I run it along with Nortons Internet Security software.
The SUPERAntiSpyware software really catches all sorts of things on my computer, isolates them, and then kills them when I tell it to.
A word of caution: Do not be dumb like me. Before the Alert software installed itself on my computer I was running without any security software. Considering the amount of time I spent getting this thing off my computer, a few bucks spent buying and installing security software is worth it.
Hope this helps.
I have a great program for exactly this.
I am on windows 7 pro and WINDOWS DEFENDER was alreay in with all my programs,but i have posted some new info on my new laptops adventures to be read at the foot of this page,just helps us that bit more guy's. Strange days we live in for all this grief and is it all really worth it ,laptop brand new and my p4 is going on e-bay for some student to play games on. lok for brybhoy. thanks all some good people at last to talk tech with. ahhh bisto.
Did same thing
Downloaded Mozilla Firefox, Spybot, Malwarebyte, and a little unpaid help from Dell. So far so good. Switched from Internet Explorer to Mozilla Firfox, but once in a while the screen will pop up again that started the whole mess but learned my lesson the first time. I quickly delete the screen and sometimes shut down to be safe, then run my Malwarebyte and then Spybot. But because of how Mozilla Firefox works it is easier to spot the screen when it pops up and delete. I'm afraid to go back to Internet Explorer because of this.
Hope I have been of some help Thought I was going to have to spend a couple of hundred dollars to fix this, but not so far.
Wipe your Hard Drive and reload
Suggestion - If you have them - get your system restore discs and reload to factory defaults. Effectively you will have a new machine. Have a 4600 with a partially melted motherboard, a/k/a "boat anchor" replaced it with a 4700 that I bought for peanuts after "Windows Police Pro" reduced it to running in an endless loop of gibberish. Wiped the harddrive clean, reloaded from scratch, upped the on board RAM to 2Gb and now have a real machine. DrShalit
System restore works better
Wiping and starting over is certainly an option, but booting into Safe mode and then following the prompt to get to system restore proved adequate.
I have a question, though. Now that I've done that restore, is the trojan still in there somewhere, only without a registry entry to get it started? If so, is there a way to find it and truly delete it? Anybody know for sure?
YES,IT HAS GONE FOR GOOD.THAT LITTLE DEVIL IS SCATTERED THROUGHOUT THE HARD DISC NEVER TO RETURN.DON'T RESTORE BACK OTHERWISE IT WILL COME BACK AGAIN.
I got the exact one on my windows xp ,pentium 4 about a year ago now, so me thinking well im knackered but but by chance i got a great pc cheap, then three weeks later i went to take my p.c away and there was nowt wrong with it. But when this trojan hit all it was looking for was credit-card details and would not allow me in to any of my programs,no-internet,every-time i tried to go anywhere on my p.c this credic-card details ect. But to be honest i still have a word document with everything it tried so hard to do and as i dont ever use the net for banking what so ever, to be honest i left it thinking it was a gonner but now it's brand new again.
I-E 9 Is the best but i still use google as my homepage, but the whole speed thing is far better go on internet explorer. it's so similar to google with the tab that keeps panes you use most, but it's so clean and smart too. As most people use 2/3 browsers i just put google over it and still as fine.
it's one large step for ''Mankind'' but it's a bloody long walk for a arstronaught.
I THANK YOU ALL NOW GOODNIGHT.
woops more virusis no,no,no
11 virusis 2 weeks ago on the easter long-weekend + 24 a few days later,moral of this quick story is yet again Defener boxed them off and i just pressed the remove button efore writing down what it was ect...now as windows 7 pro needs a back-up i am stuck as i put the dvd in press back - up then a box appears and stops the whole thing tried 3-times now. I am now really baffled HELP GOD FOLKS ???HELP IM SINKING.
Try A Different Removal Tool
It appears like your current tools aren't doing the job..Or...you're continuing to surf unsafe sites..
Either way, download, install, update, then run a full system scan with the free Malwarebytes program below: Malwarebytes Antimalware
Hope this helps.
Virus, what to do?
I seriously suggest to you, install XP all over again and watch out next time.