TechSpot

Annoying fake "Win Security Center" pop-ups.

By johnmayme
Jul 5, 2005
Topic Status:
Not open for further replies.
  1. Hello,
    Been searching through-out the net trying to find a solution to this problem I have. There are these fake 'Windows Security Center' popups that appear from time to time and it is getting quite annoying because I can't seem to find any proper solution for it. Other posts on this problem doesnt seem to involve the same files and such on my system. Have been running using both Norton Antivirus and Adaware, and none of them found anything that made the issue get any better.
    Here is the log from Hijackthis:


    --------------------------------------------------------------------------
    Text deleted by realblackstuff

    ----------------------------------------------------------------------

    If anyone knows how to deal with this please help me.
     
  2. djdavin

    djdavin TS Rookie

    I feel your pain

    I had the same thing happening on my pc. It was a while ago, and I can't tell you EXACTLY what is causing it but I can hopefully steer you in the right direction
    Try checking the event viewer each time the "warning" pop up showed it's evil self. Doing this should give you an idea of what is really behind the fake warnings.
    I remember I had to boot into safe mode and manually remove a folder that had spyware.
    A bit vague but I think if you check the events you will uncover where the malware is located...

    Hope, the quintessential human illusion, simultaneously the source of our greatest strength and greatest weakness.
     
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

  4. johnmayme

    johnmayme TS Rookie Topic Starter

    Roger.

    --------
    I found something wierd on another user now. There is a folder in,
    C:\documents and settings\%User%\local settings\temp\Temporary Internet Files\Content.IE5
    which makes Norton crash/close when I try to search it. When I try to open it in explorer it gives an error message and crashes. CMD.exe (former dos) also closes when I try to search in this folder. Even tried doing this in safemode, and since I dont know any way to access dos before staring XP I cant see any good solution. Perhaps the problem is hidden in this folder?
     
  5. TS | Thomas

    TS | Thomas TS Rookie Posts: 1,327

  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Apart from these harmless entries, I can't find anything weird.

    Boot in Safe Mode
    Run HJT and have it FIX:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1053
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {48FE372C-B613-47E7-D524-665579A57F1B} - C:\WINDOWS\System32\crb.dll (file missing)
    O16 - DPF: << fix ALL O16 entries ==>>
    O21 - SSODL: System - {E8922F4F-AE59-4F86-8D8E-04CE924BFB85} - (no file)
    O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Hfbhqojh.dll (file missing)

    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
     
  7. pranger

    pranger TS Rookie

    It's the Windows Messenger service, go to administrative tools, services and turn off / disable the service.
     
  8. patio

    patio TS Maniac Posts: 700

    Or DLoad and run Shoot the Messenger...

    patio.:cool:
     
  9. johnmayme

    johnmayme TS Rookie Topic Starter

    I am very certain it is not Windows messenger service that are pulling the strings. I deactivated that nearly a year ago. Anyway. I seem to have removed at least the program source that did all this. Using Security TaskMan it discovered some program running that had just that same text in the file that popped up.
    However, there is still this problem about a folder crashing all programs trying to access it (incl. windows) located in C:\documents and settings\%user%\local settings\temp\temporary internet files\ Dont have a clue what could be wrong.
     
  10. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

  11. patio

    patio TS Maniac Posts: 700

    I agree with RBS...and be aware there are malware apps that can re-activate the messenger service even though you have disabled it.

    patio. :cool:
     
     
  12. johnmayme

    johnmayme TS Rookie Topic Starter

    Errr....... I thought I said that I cant delete all the files because this folder in temp. internet files is crashing.... It's the third time I say this now...
     
  13. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Get Killbox and enter as parameter to delete:
    C:\documents and settings\%user%\local settings\temp\*.*
    http://www.bleepingcomputer.com/files/killbox.php

    This will access that directory before the PC boots again (in other words before Windows even starts).
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.