Guest Markup Posted July 10, 2008 Posted July 10, 2008 Hi There I wonder if anyone could help me? I have the most annoying windows security center pop up (about 500x600 pixels) appearing on my screen every few minutes telling me that I have no virus protection ( I have ) and asking me to go along to a choice of two paid for virus protection program retailers, one of which caused no end of trouble with a machine recently. I did consent to this, did not ask for it and nor do I want it but I cannot find a way of removing it from my machine. I have opened the security center and changed the way it notifies me to no avail. I have also ran START>RUN>SERVICES.MSC and disabled the security center - no joy there either. Can anyone help me please I am not very technically minded at all, just extremely frustrated. Thanking you, Mark Quote
Guest Nonny Posted July 10, 2008 Posted July 10, 2008 On Thu, 10 Jul 2008 11:15:02 -0700, Markup <Markup@discussions.microsoft.com> wrote: <span style="color:blue"> > > >Hi There > >I wonder if anyone could help me? I have the most annoying windows security >center pop up (about 500x600 pixels) appearing on my screen every few minutes >telling me that I have no virus protection ( I have ) and asking me to go >along to a choice of two paid for virus protection program retailers, one of >which caused no end of trouble with a machine recently. > >I did consent to this, did not ask for it and nor do I want it but I cannot >find a way of removing it from my machine.</span> Your system is no doubt infested with malware. Download and run AT LEAST TWO of the following: Spybot Search and Destroy: http://www.safer-networking.org/index2.html Superantispyware: http://www.superantispyware.com/ Ad-ware: http://lavasoft.com/products/ad_aware_free.php<span style="color:blue"> > >I have opened the security center and changed the way it notifies me to no >avail. I have also ran START>RUN>SERVICES.MSC and disabled the security >center - no joy there either. > >Can anyone help me please I am not very technically minded at all, just >extremely frustrated. > >Thanking you, >Mark</span> Quote
Guest MowGreen [MVP] Posted July 10, 2008 Posted July 10, 2008 The popups signify that the system is already infected. The scamware is what infects the system and then insists that you must pay to remove it. Nice, huh ? Suggest you seek assistance at a reputable anti-malware forum for this issue. Please read the guidelines of the forum of your choice prior to posting there: http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 MowGreen [MVP 2003-2008] =============== -343- FDNY Never Forgotten =============== Markup wrote: <span style="color:blue"> > > Hi There > > I wonder if anyone could help me? I have the most annoying windows security > center pop up (about 500x600 pixels) appearing on my screen every few minutes > telling me that I have no virus protection ( I have ) and asking me to go > along to a choice of two paid for virus protection program retailers, one of > which caused no end of trouble with a machine recently. > > I did consent to this, did not ask for it and nor do I want it but I cannot > find a way of removing it from my machine. > > I have opened the security center and changed the way it notifies me to no > avail. I have also ran START>RUN>SERVICES.MSC and disabled the security > center - no joy there either. > > Can anyone help me please I am not very technically minded at all, just > extremely frustrated. > > Thanking you, > Mark</span> Quote
Guest Markup Posted July 10, 2008 Posted July 10, 2008 Thank you for your help friends, I shall go along to the dedicated forum(s) shortly. I had actually posted the above in the wrong forum last night and only realised today that I had done so. In the meantime I have been delving as deep as my technical knowledge allows and ran a scan and destroy program that identified dozens and dozens of threats. It removed the majority but left me with 14 TROJAN type files that it identified but could not delete. I then went through the files deleting them by hand and am now left with nine instances of a Trojan VX 15 that is named winload.exe. They are all buried in the system32 folder and try as I might I cannot delete them manually, nor can the program that detected them for me in the first place. I notice too that after trying to delete them manually I can now no longer access the internet on the machine. I have to keep trying though as I just cannot do without the machine. Thanks again for your guidance, Mark Quote
Guest MowGreen [MVP] Posted July 10, 2008 Posted July 10, 2008 Some of the malware may emebed themselves in what is known as the winsock stack. See if you can run an Elevated Command Prompt [locate command.exe, or command, from Start Search, right click it, choose 'Run as administrator']. If cmd has been disabled by the malware suggest you boot to Safe Mode and run either, or preferrably both, Superantispyware and Spybot from within that mode. Then reboot to normal Windows mode, open an Elevated Command Prompt, at the prompt enter the following, pressing Enter after each command netsh winsock reset exit Restart the system and see if connectivity is restored. Seems fairly stupid for the malware creators to knock a system off of the net when they pWn it. Was UAC completely disabled ? MowGreen [MVP 2003-2008] =============== -343- FDNY Never Forgotten =============== Markup wrote: <span style="color:blue"> > > Thank you for your help friends, I shall go along to the dedicated forum(s) > shortly. > > I had actually posted the above in the wrong forum last night and only > realised today that I had done so. In the meantime I have been delving as > deep as my technical knowledge allows and ran a scan and destroy program that > identified dozens and dozens of threats. It removed the majority but left me > with 14 TROJAN type files that it identified but could not delete. > > I then went through the files deleting them by hand and am now left with > nine instances of a Trojan VX 15 that is named winload.exe. They are all > buried in the system32 folder and try as I might I cannot delete them > manually, nor can the program that detected them for me in the first place. > > I notice too that after trying to delete them manually I can now no longer > access the internet on the machine. I have to keep trying though as I just > cannot do without the machine. > > Thanks again for your guidance, > Mark > > > </span> Quote
Guest Mick Murphy Posted July 10, 2008 Posted July 10, 2008 Scan your System in Safe mode with your Anti-virus and Spybot Search & Destroy All info below. http://www.spybot.info/en/index.html Spybot Search & Destroy 1.5.2 is a very good, FREE Anti-Spyware Program. Download, install, update, and immunize your System with it. Then SCAN with it. Update it, and scan your System once a fortnight. Important re: Safe Mode If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode. To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode, then hit ENTER. RESCAN your computer with Avast and Spybot S & D while in Safe Mode. -- Mick Murphy - Qld - Australia "Markup" wrote: <span style="color:blue"> > > > Thank you for your help friends, I shall go along to the dedicated forum(s) > shortly. > > I had actually posted the above in the wrong forum last night and only > realised today that I had done so. In the meantime I have been delving as > deep as my technical knowledge allows and ran a scan and destroy program that > identified dozens and dozens of threats. It removed the majority but left me > with 14 TROJAN type files that it identified but could not delete. > > I then went through the files deleting them by hand and am now left with > nine instances of a Trojan VX 15 that is named winload.exe. They are all > buried in the system32 folder and try as I might I cannot delete them > manually, nor can the program that detected them for me in the first place. > > I notice too that after trying to delete them manually I can now no longer > access the internet on the machine. I have to keep trying though as I just > cannot do without the machine. > > Thanks again for your guidance, > Mark > > > </span> Quote
Guest Markup Posted July 11, 2008 Posted July 11, 2008 MowGreen & Mick Thank you very much for your help, I am now showing a clean bill of health and am praying like dickens that it remains that way. I had a devil of a time trying to get into safe mode but once I did realised that it was my own lack of knowledge that was barring me. Strange thing is, there are a couple of instances in my files of the winload.exe still being present but not registering as the Trojan VX 15 and all seems to be working well so I am assuming that it is a correct file that the virus just replicated - here's hoping anyway. Again, thank you so much for your time and help. Best regards to you both, Mark Quote
Guest MowGreen [MVP] Posted July 11, 2008 Posted July 11, 2008 YW, Mark. You can scan all instances of winload.exe to see if any are 'imposters' or still infected here: http://www.virustotal.com/ Recommend you getting a 'second opinion' to determine if the system is finally cleaned up. Using Internet Explorer, you can also run an in-depth scan of the system here: http://www.kaspersky.co.uk/virusscanner or here http://usa.kaspersky.com/products_services...rus-scanner.php MowGreen [MVP 2003-2008] =============== -343- FDNY Never Forgotten =============== Markup wrote: <span style="color:blue"> > MowGreen & Mick > > Thank you very much for your help, I am now showing a clean bill of health > and am praying like dickens that it remains that way. > > I had a devil of a time trying to get into safe mode but once I did realised > that it was my own lack of knowledge that was barring me. > > Strange thing is, there are a couple of instances in my files of the > winload.exe still being present but not registering as the Trojan VX 15 and > all seems to be working well so I am assuming that it is a correct file that > the virus just replicated - here's hoping anyway. > > Again, thank you so much for your time and help. > > Best regards to you both, > Mark > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.