Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

TROJAN:Win32/Winwebsec-Looks like official Windows Security

by Susie Senior Jun 23, 2009 2:13AM PDT

I accidently became a sucker and reacted to a pop up "Security Warning"that looked like an official Windows security warning. I've tried downloading Microsoft Malaware yesterday, though it identified the virus it could not remove it. The suggestion was to try and find another virus detection program. I already have Zone Labs, Zone Alarm Security Suite, and it has not been able to detect it. It is very invasive and keeps popping up with a Security warning window about every 3 minutes. How can I get rid of this thing?

Discussion is locked

7 Posts
- Collapse + Expand Details
- Collapse -
I'll advise you to try the following programns
by xxmuppetxx Jun 25, 2009 10:15PM PDT

Firstly there's Malwarebytes' Anti-Malware which tends to be one of the best programns for this sort of issue...download it off the following link:
http://www.malwarebytes.org/mbam.php
The second one is super anti-spyware...ideally you should have both programns on your computer because they do work well together....a plus side is there both free and don't take too much space up...you can download it off the following link:
http://www.superantispyware.com/
scan you local disk with both programns and they should be able to get rid of it...I'll like to hear back from you if unsuccessful because there are a few other things to do...

- Collapse -
Resolution to Trojan Rogue Virus
by Susie Senior Jun 28, 2009 7:18AM PDT

Well--Zone Alarm finally found it! I reset my preferances to a deep, complete system scan(8.5 hrs) and sure enough there it was. Thanks for any of you who responded.

- Collapse -
Feedback on the steps to remove trojan in on my XP computer
by tkipperman Mar 8, 2011 10:53AM PST

I followed your instructions to download both software programs. I ran them both and the problem is all set. Thank you very much!!!

- Collapse -
Win32/Winwebsec removal
by glenda0seven Sep 26, 2009 7:26AM PDT

I got a headsup from defender that this had gotten into computer. I have an antivirus but it had apparently been disabled. Defender said it had been removed....not so. This can appear in your program data file on C/ as a string of numbers.dll eg 2745311199.dll. You will probably find it in the computers start-up directory as a new addition. It will be stared up everytime you start the computer. I just went to program data and deleted it. I am not that computer savvy but I am nosey around my own computer and found that a backdoor virus had been put in too. Which among other things is a keylogger and can take over desktop etc. This was Tr/Crypt.xpack.gen. This was hidden inside something called ctfnon.exe a bogus file in the windows file. I only found this after I had uninstalled and re-installed a new version of my antivirus program. Done with great difficulty I might add because the trojan kept interfering with accessing the download of the new version. I had almost totally lost control of my computer. The scary thing is that on later checking with logs etc. is that microsoft was the only one doing things in my computer then and was downloading and doing updates even though all updates have been switched off and they are able to do this with internet wireless turned off. I have saved some of the logs and printed them out because it looks as if they have done this via defender.

Any thoughts?

- Collapse -
READ THIS
by IHATEVIRUSESSOMUCH Feb 14, 2011 10:31AM PST

Hey Susie,

I got this same virus the other day. AND I FIXED IT.

All you need to do is turn the computer off by Holding the Button, and then, on the reboot, when it asks you if you want to start windows normally, DO NOT. open it in safe mode. Also, disconnect the internet. Now, Search SYSTEM RESTORE and a wizard should pop up. it will guide you through the steps to restoring it to an earlier date. Now, this is important. Pick a date BEFORE YOU GOT THE VIRUS. it is better to pick a date a couple days before. now, click through to do the rest. It should take about 15-25 mins. Now, login normal. THen, go to windows security essentials from windows.com, and run a FULL SCAN. it should pop up as a severe thing, called WinWebSec (but you already knew that). Click the delete button, and then continue the scan. I am doing this right now, and it seems to be working. all my documents are still there, and the wallpaper is back to normal.

Hope this helped!!! Please tell me how it goes!!!

- Collapse -
"Windows security" Virus
by Frustratedoflondon Mar 4, 2011 12:23AM PST

Glenda

I did exactly what you said yesterday and today it was back. You may need to run malwarebytes or spybot and see if it has really gone. It's more persistent than headlice!!!

- Collapse -
still has folders
by yardbird.dana Dec 12, 2011 3:03AM PST

I did a system restore and the folders are still there. You cant delete them because they are "running." Im not tech savvy enough to delete them... I changed the file that opens one of them to paint, dont know if that will work or not...

Back to Browsers, E-mail, & Web Apps forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info