Computer Help forum

General discussion

Program called 'Windows Smart Security' virus/malware

by mlburch22 / October 7, 2009 5:05 PM PDT

Earlier tonight I was looking at the weather and yahoo.com. Clicked on a story on the yahoo page, next thing I know it takes me to some kind of search page. From then on, I kept getting messages saying my 'system was infected' and I needed to 'turn on/update my antivirus software'.

So this is what's been happening: I go to run Malwarebytes and SpyHunter, but I can't. No .exe files appear to be working. I go to task manager, button is grayed out. I restart computer for safe mode (plane jane, with command prompt, and with networking) which it won't let me log into. Keeps saying "Sorry for the inconvenience, but Windows could not start successfully". So I have to either start Windows regularly or start it in last known working condition. Same results on the restart - nothing works and I am getting informed like crazy that my system is under attack. Even had my desktop wallpaper consumed by a giant "YOUR SYSTEM IS INFECTED" message, or something close to that.

After another reboot or two, I was able to get Malwarebytes to work and ran a scan. Found about 20 infected files, which I had removed, however there were some it said it could not remove unless I rebooted my PC. So I rebooted. Windows Smart Security was still there. Rebooted again, ran Malware full scan this time. Found 1 infected file. "Hijack.FolderOptions" etc etc.

So has anyone heard of this program / virus before? I've had run ins with these sorts of programs, but SpyHunter / Malwarebytes usually takes care of it.

Thanks!

Discussion is locked
You are posting a reply to: Program called 'Windows Smart Security' virus/malware
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Program called 'Windows Smart Security' virus/malware
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I've seen this one before
by RyanWilliamsDurango / October 7, 2009 7:49 PM PDT

The machine I saw this on had two infections. The second may or not be on your system.

This infection places its files in c:\documents and settings\all users\application data\<Random folder name>
reboot into safe mode and delete the folder that it created. There will be a link that it puts on your desktop that will point to that folder to give you a hint of which one to remove. The one I saw had two infected folders with the same files in each, but the link only went to one of them. Open registry editor and search for that random folder name. Remove any keys refrencing anything in that folder.

Reboot, and you will be better, but not fixed yet. Task manager is still disabled.

Open registry editor and navigate to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

There you will find the key "DisableTaskMgr" Change it back to 0 to reenable your task manager

The second potentially related infection had a little popup in the system tray. Open your now functional task manager and look for processes running as the user account that don't make sense. The one we had was a file called winupdate.exe in the c:\windows\system32\ folder. End the process, then browse to the file and rename it to winupdate.exe.bad. Go back to the registry editor and find all appearances of that file path, and delete those keys.

Reboot, and you should be fine. Malware bytes will run properly now to remove any other infections.

Good luck!

BTW, This information is provided for free with no expressed or implied warranty. Use it at your own risk. In other words, I am not liable if you break your computer trying this.

Ryan Williams
Senior Engineer
Computer Medics
Durango, CO

Collapse -
For Future Reference
by Jimmy Greystone / October 8, 2009 1:39 AM PDT

For future reference:

TIPS FOR A SMOOTH RUNNING SYSTEM
================================

The more of these suggestions you follow, the fewer problems you should have. They won't solve any existing problems you have, but if you follow them all you should be able to avoid virtually all problems in the future.

Things you should NOT do
--------------------------------
1: Use Internet Explorer (1)
2: Use any browser based on Internet Explorer (e.g. Maxathon and MSN Explorer)
3: Use Outlook or Outlook Express (2)
4: Open email attachments you haven't manually scanned with your virus scanner
5: Open email attachments you were not expecting, no matter who they appear to be from
6: Respond to spam messages, including using unsubscribe links
7: Visit questionable websites (e.g. porn, warez, hacking)
8: Poke unnecessary holes in your firewall by clicking "Allow" every time some program requests access to the Internet (3)
9: Click directly on links in email messages
10: Use file sharing or P2P programs
11: Use pirated programs

Things you SHOULD do
-----------------------------
1: Use a non-IE or IE based browser (4)
2: Always have an up to date virus scanner running (5)
3: Always have a firewall running (6)
4: Install all the latest security updates (7)(8)(9)
5: Delete all unsolicited emails containing attachments without reading
6: Manually scan all email attachments with your virus scanner, regardless of whether it's supposed to be done automatically
7: Copy and paste URLs from email messages into your web browser
8: Inspect links copied and pasted into your web browser to ensure they don't seem to contain a second/different address
9: Establish a regular backup regimen (10)(11)
10: Make regular checks of your backup media to ensure it is still good (12)

Being a considerate Internet user & other misc tips
----------------------------------------------------------
1: Do not send attachments in emails (13)(14)
2: Do not use stationary or any other kind of special formatting in emails (13)
3: Do not TYPE IN ALL CAPS (15)
4: Avoid texting speak or "l33t speak" (16)
5: Do not poke sleeping bears (17)
6: Do not use registry cleaners/fixers/optimizers (18)(19)

Notes
--------

(1) Sadly sometimes this is unavoidable, so only use IE when the site absolutely will not work with any other browser and you cannot get that information/service anywhere else, and only use IE for that one specific site.
(2) Outlook and Outlook Express are very insecure, and basically invite spam. The jury is still out on Vista's Windows Mail, but given Microsoft's history with email programs, extreme caution is advised. Possible replacements include Mozilla Thunderbird, Eudora, The Bat, and dozens of others.
(3) When it doubt over whether or not to allow some program, use Google to find out what it is and whether or not it needs access to the Internet. Otherwise, denying access is the safest course of action, since you can always change the rule later.
(4) On Windows your options include: Mozilla Firefox, Seamonkey, Opera, Flock, Chrome, and Safari. I would personally recommend Firefox with the NoScript extension for added security, but it the important thing is to pick one and use it instead of IE.
(5) AVG Free and Avast are available if you need a decent free virus scanner
(6) XP/Vista's firewall is probably good enough for 99% of all Windows users, but other options include ZoneAlarm, Outpost Firewall, and Comodo. If you have a router with a firewall built into it, there is no need for any of the aforementioned firewalls to be running.
(7) Microsoft's usual system is to release security updates every second Tuesday of the month.
(8) Use of Windows Update on Windows operating systems prior to Windows Vista requires Internet Explorer, and is thus a valid exception to the "No IE" rule.
(9) Service packs should ALWAYS be installed. They frequently contain security updates that will ONLY be found in that service pack.
(10) You can go with a full fledged backup program, or simply copying important files onto a CD/DVD/Flash drive.
(11) I'd recommend a tiered backup system. For example, you might have 5 rewritable DVDs, and every day you burn your backup onto a new disc. On the 6th day, you erase the disc for Day #1 for your backup, and so on so that you have multiple backups should one disc ever go bad.
(12) Replace rewritable CDs and DVDs approximately every 3-6 months.
(13) These dramatically increase the size of email messages (2-3X minimum) and clog up email servers already straining to cope with the flood of spam pouring in daily.
(14) If you want to share photos with friends/family, upload them to some photo sharing site like Flickr or Google's Picasa Web and then send people a link to that particular photo gallery.
(15) This is considered to be the same as SHOUTING and many people find it to be hard to read along with highly annoying.
(16) Unless the goal is to make yourself look like a pre-adolescent girl, or someone overcompensating for their gross inadequacies, and you don't want people to take you seriously.
(17) Most REAL hackers are quite content to leave you alone unless you make them take notice of you. No dinky little software firewall or consumer grade router is going to keep them out of your system. So do not go to some hacker website or chat room and start shooting your mouth off unless you're prepared to accept the consequences
(18) Most of these programs are scams, and sell you something you don't need. Most of them report non-issues in an attempt to boost the number of "issues". Sometimes using these programs can lead to a non-functioning computer.
(19) The Windows registry is not some mystical black box of untapped performance tweaks for Windows, that will lead to untold improvements in system performance. Most of the tweaks will lead to very modest performance gains of 1-2% tops, and probably less than 10% all combined. There is also a good chance that you will render your system unbootable if you make a mistake when editing. Registry default settings are set that way for a reason. Just do yourself a favor, and forget you ever heard of the Windows registry unless you are a computer programmer/debugger and your job requires knowledge of the registry.

Collapse -
update
by mlburch22 / October 8, 2009 10:51 PM PDT
In reply to: For Future Reference

Now I've got .exe files working and task manager working, however there is still a problem with my internet being hijacked. Every link I click on takes me to 'the feedyard' website. I've read some about this on the internet, but nothing really about how to fix it. I have Malwarebytes and have run it countless times. Everytime, it finds at least 12 infections, removes all but 3 which it says it needs to restart to remove. Restart the PC, and all 12 are back.

I've read a tip that says the hijack file recognizes the popular spyware / adware removal programs and renders them useless, so I should try changing the name of the .exe file with Malwarebytes. Well I did that, but to no avail.

I'm about to the point where, if I can find my old disks, I am going to format the computer and reinstall Windows. However, I'd much rather not do that, and if anyone knows what to do or direct me to a forum that has the answer, post away!

Thanks guys.

Collapse -
Windows Smart Security (Uninstall Guide)
by Carol~ Moderator / October 11, 2009 10:40 PM PDT

For present or future reference:

"Remove Windows Smart Security (Uninstall Guide)"

Additionally, you mentioned you've had 'run ins' with these sort of (rogue) programs. You further mentioned (along with MBAM), Spy Hunter usually takes care of it. There are quite a few people (and members), who would disagre with you, regarding Enigma's Spy Hunter. The below is one of many such threads, which would attest to that fact. (If you receive a "Page Not Found" error, try again.)

Some information about Spy Hunter

If you've had success with Spy Hunter, I certainly can't argue the fact. Nor am I looking to. I'm only pointing out, Enigma's questionable reputation and practices. I am in agreement with you, about Malwarebyte's AntiMalware. More often than not, I've found it does the job it's intended to do. Another is SUPERAntiSpyware FREE Edition, which may find things MBAM fails to detect.

Carol

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?