Annoying fake "Win Security Center" pop-ups.

Status
Not open for further replies.
Hello,
Been searching through-out the net trying to find a solution to this problem I have. There are these fake 'Windows Security Center' popups that appear from time to time and it is getting quite annoying because I can't seem to find any proper solution for it. Other posts on this problem doesnt seem to involve the same files and such on my system. Have been running using both Norton Antivirus and Adaware, and none of them found anything that made the issue get any better.
Here is the log from Hijackthis:


--------------------------------------------------------------------------
Text deleted by realblackstuff

----------------------------------------------------------------------

If anyone knows how to deal with this please help me.
 
I feel your pain

I had the same thing happening on my pc. It was a while ago, and I can't tell you EXACTLY what is causing it but I can hopefully steer you in the right direction
Try checking the event viewer each time the "warning" pop up showed it's evil self. Doing this should give you an idea of what is really behind the fake warnings.
I remember I had to boot into safe mode and manually remove a folder that had spyware.
A bit vague but I think if you check the events you will uncover where the malware is located...

Hope, the quintessential human illusion, simultaneously the source of our greatest strength and greatest weakness.
 
Roger.

--------
I found something wierd on another user now. There is a folder in,
C:\documents and settings\%User%\local settings\temp\Temporary Internet Files\Content.IE5
which makes Norton crash/close when I try to search it. When I try to open it in explorer it gives an error message and crashes. CMD.exe (former dos) also closes when I try to search in this folder. Even tried doing this in safemode, and since I dont know any way to access dos before staring XP I cant see any good solution. Perhaps the problem is hidden in this folder?
 
Apart from these harmless entries, I can't find anything weird.

Boot in Safe Mode
Run HJT and have it FIX:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1053
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {48FE372C-B613-47E7-D524-665579A57F1B} - C:\WINDOWS\System32\crb.dll (file missing)
O16 - DPF: << fix ALL O16 entries ==>>
O21 - SSODL: System - {E8922F4F-AE59-4F86-8D8E-04CE924BFB85} - (no file)
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Hfbhqojh.dll (file missing)

Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
 
I am very certain it is not Windows messenger service that are pulling the strings. I deactivated that nearly a year ago. Anyway. I seem to have removed at least the program source that did all this. Using Security TaskMan it discovered some program running that had just that same text in the file that popped up.
However, there is still this problem about a folder crashing all programs trying to access it (incl. windows) located in C:\documents and settings\%user%\local settings\temp\temporary internet files\ Dont have a clue what could be wrong.
 
I agree with RBS...and be aware there are malware apps that can re-activate the messenger service even though you have disabled it.

patio. :cool:
 
Errr....... I thought I said that I cant delete all the files because this folder in temp. internet files is crashing.... It's the third time I say this now...
 
Status
Not open for further replies.
Back