TechSpot

System Security, not removing itself

By shadowlink9
Dec 27, 2008
  1. Hello. I have downloaded Malwarebytes Anti-Spyware, and when it scans, it sees and removes system security, until i restart and it repairs itself. See the log attached. Help please? Thanks.


    I did what kimsland said, and here is the following full scan by malwarebytes results. Malwarebytes' Anti-Malware 1.31
    Database version: 1557
    Windows 6.0.6001 Service Pack 1

    27/12/2008 11:26:14 PM
    mbam-log-2008-12-27 (23-26-14).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 170884
    Time elapsed: 1 hour(s), 43 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Users\ary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\ary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    C:\Users\ary\Desktop\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
     
  2. gillianbrown

    gillianbrown Banned Posts: 141

    Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Combofix will automatically save the log file to C:\combofix.txt

    Make sure you have the LATEST version of HJT (currently 2.0.0.2) from HERE.

    Double-click on the file you just downloaded.
    Click on the "Install" button to install.
    It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
    Please do not change the default install location.

    Very Important.

    You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

    Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

    Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

    You can now close the HJT directory.

    Run Hijackthis

    Next click on the "Do a system scan and save a log file" button.
    Hijackthis will scan and then a log will open in notepad.
    Attach the HJT log into your post.

    Under no circumstances, should you add anything to the HJT ignore list.

    Please post the Combofix and HJT logs as attachments into your next reply.
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"

    By the way, you will need to then restart, and run (and attach) all the logs

    Here's that 8-step procedure again:
    UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...