System Security, not removing itself

[shadowlink9]

Hello. I have downloaded Malwarebytes Anti-Spyware, and when it scans, it sees and removes system security, until i restart and it repairs itself. See the log attached. Help please? Thanks.


I did what kimsland said, and here is the following full scan by malwarebytes results. Malwarebytes' Anti-Malware 1.31
Database version: 1557
Windows 6.0.6001 Service Pack 1

27/12/2008 11:26:14 PM
mbam-log-2008-12-27 (23-26-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170884
Time elapsed: 1 hour(s), 43 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\ary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\ary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Users\ary\Desktop\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

 

[gillianbrown]

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Make sure you have the LATEST version of HJT (currently 2.0.0.2) from HERE.

Double-click on the file you just downloaded.
Click on the "Install" button to install.
It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Please do not change the default install location.

[center]Very Important.[/center]

You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

You can now close the HJT directory.

Run Hijackthis

Next click on the "Do a system scan and save a log file" button.
Hijackthis will scan and then a log will open in notepad.
Attach the HJT log into your post.

Under no circumstances, should you add anything to the HJT ignore list.

Please post the Combofix and HJT logs as attachments into your next reply.

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) all the logs

Here's that 8-step procedure again:
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions