Fake windows security center - Posted In Problem Solving...


Welcome, Guest. Please login or register.
Username:   Password:

Hosted in the Cloud RSS

Recent Topics

Gallery Latest


77 Views
0 comment(s)

72 Views
0 comment(s)


185 Views
0 comment(s)

177 Views
1 comment(s)


402 Views
0 comment(s)

800 Views
0 comment(s)

Search The Gallery

User Info

Welcome, Guest. Please login or register.
August 16, 2018, 08:48:01 AM

Login with username, password and session length

Forum
Web
Gallery
Here you can post questions and get answers to help you solve problems with Windows based PC’s

We welcome your questions, with over 15 years experience with PC’s we might even find the answer for you.

   

DatahopaForumTechnology Chat Problem SolvingFake windows security center



Pages: [1]

Fake windows security center

Viewing: 0 Members and 1 Guest       Total Views: 6808

Offline Carl2 Topic starter
United States Posts: 1184
Rank: Certified

  A friend asked me over to look at his computer which he said has a virus.  I stopped orer and he got it up and running, and a screen poped up and started scaning the computer, it found a dozen or so trojans worms ect.  After a few clicks we were able to remove the antivirus screen "Security Center" wich asks if you want to remove the threats, $59 /yr, 69/2 yrs, 79 lifetime, or go unprotected and can click away to remove the screen.  We tried the internet, IE went to the homepage that was quickly removed by a page saying the computer had a virus.
Another website has the same warning so you can not use the internet. 
  The computer is an inexpensive e machine with windows vista, I'm thinking it has  vista basic in it.  I used my computer to look for anything that didn't look right and removed something called BigFix which didn't change anything.  I did a search for security center and found it in Documents and settings.  During this time the Security Center window kept popping up.  I tried to open a Readme txt which was infected, notepad is also infected and will not run. 
  I got home after not being of any help and used my home computer to find Security Center, and ran across the Fake security center.  "It installs a well disguised, fake Windows Security Center , where all the links goad the victim to register the software."  It is rather new and not all antivirus will detect it.  The website I looked at listed 2 or 3 downloads to install and run to remove it, you've got to start in the safe mode.  I do remember having to download and run worm removal tools in the past but I can't recall anything this bad in the past.  All that said I'm the guy who couldn't get windows running again after trying to upgrade Norton to the newer version.
Carl2
Posted March 11, 2012, 22:23:20 PM Logged

Offline Data
United Kingdom Administrator
Posts: 5191
Rank: Certified

I’ve come across this one 3 times in the past, every time I had to do something different to remove it because it keeps changing.

I’m pretty sure the PC doesn’t have a virus as such it just has a nasty bit of software on it that says it has viruses, all you need to do is stop the software from running at start up then delete it (You can’t delete it when its running)

First try s system restore from safe mode.

If that doesn’t work run msconfig from the start menu and try to find the software in the start up and then services tab, it’s probably in the start up tab, if you can find it un-tick it.   
Posted March 12, 2012, 00:20:21 AM Logged

Offline DaveMorton
United States WWW Global Moderator
Posts: 2807
Rank: Certified
Comfort the Disturbed! Disturb the Comfortable!

I've seen these, too, and they can be very troublesome to remove, since they sometimes replace vital Windows processes (which more or less still do the job they were intended to do), which means that safe mode may not help, either. Ad a last resort, and if you can still use Windows Explorer while the app is running, try saving as many personal files (images, documents, game save files, etc.) to a thumb drive or CD/DVD (if you can burn one) as possible, then do a full format/reinstall. As I'm usually the last person to suggest a wipe and reinstall, you can imagine just how much of a problem removing this particular malware has been for me in the past. Sad
Posted March 12, 2012, 00:36:53 AM Logged
Safe, Reliable Insanity, Since 1961!
Chat With Morti!

CAPTCHA4us

Offline sybershot
United States WWW Posts: 1446
Rank: Certified

My wife gets this a lot from Facebook and other game sites, it is constantly evolving. The last time she got it I had to use the disks to force a system restore, seeing system restore was not accessible from the operating system.

Quote
I used my computer to look for anything that didn't look right and removed something called BigFix which didn't change anything.

If I remember correctly BigFix  they are no longer in business, and I believe the program will not work due to it not being able to access the website.
Posted March 12, 2012, 06:26:58 AM Logged

Offline Carl2 Topic starter
United States Posts: 1184
Rank: Certified

  I already tried to have it not start up with the machine, it still came up.  The website says to startup in safe mode ant then run 2 antivirus downloads.  Restart in normal mode and run the 2 antivirus downloads again.  I'm going to try this and see if it can be done and if it works.
  He may not have a restore point, unless it was done automaticaly, there is a recovery partition on drive D: which I may use as a last resort.  I've heard it evolves as you said. 
Carl2
Posted March 12, 2012, 13:19:48 PM Logged

Offline Data
United Kingdom Administrator
Posts: 5191
Rank: Certified

I've seen these, too, and they can be very troublesome to remove, since they sometimes replace vital Windows processes (which more or less still do the job they were intended to do), which means that safe mode may not help, either.

Don’t forget, in Vista and Win 7 you have the option to right click a file and “Restore previous version”.

I say don’t forget because I have forgotten in the past and if I had remembered it would have made my life much easier.
Posted March 12, 2012, 15:13:30 PM Logged

Offline Carl2 Topic starter
United States Posts: 1184
Rank: Certified

  I'll put a link in for the website that provided the info I used:
http://www.malwarehelp.org/fake-windows-security-center-analysis-and-removal-2009.html
I downloaded and put the files on a CD, ?Kaspersky Virus Removal Tool and ?MalwareBytes’s Anti-Malware which they provide links for, I also included Spy bot search and destroy.
  We used F8 to give us the booting options, we chose Safe Mode and the computer chose XP OS (must have been upgraded from XP to Vista) We declined and looked at the other options all of which lead to XP OS for a safe mode so we proceeded with XP.  XP loaded and windows showed up with his desktop.  We ran Kaspersky frist, It found a few threats that were removed then it restarted the computer again that started in the safe mode.  We then installed and ran the MalwareBytes that again found and removed some threats.  Next we ran spybot search and destroy, which for the frist time was difficult to work with and we ended up with blank cmd prompt windows at start up which we fixed.  We created a Restore Point.
  Right now he has a computer which he can use at least, spybot search and destroy and the Malwarebytes is still running in the background which I'll probably remove after we get an anitvirus program installed.  We went to MSE and I'm not sure if it installed, I know we couldn't install IE 8.
  Conclusion,
  I could not find it in the startup, not sure what it calls itself,  could not find it when looking through programs,  I think the  Kaspersky Virus Removal Tool found and removed it. I used the other programs to get rid of any other nast things in there.  Make sure you have a Restore point.  Now I have to be sure I have a restore point in my computers.  Thanks for the input.
Carl2
 
 
Posted March 13, 2012, 11:57:30 AM Logged

Offline DD1975
England Posts: 1614
Rank: Certified

This sounds very like the Anti virus 7 or Antivirus GT rogue secutrity software.

I got hit with this one myself a while back.

I have paid for a license on Loaris Trojan remover, I've found this to be a very useful piece of kit and the helpdesk were able to (Eventually) get this nasty little bug off my computer when all else failed.

I did have to let them have control of my computer, which I was very wary of, but they did the business for me.
Posted March 13, 2012, 18:59:25 PM Logged
Smoke me a Kipper I'll be back for breakfast - Ace Rimmer
Problem Solving
Topic Pages: [1]
Jump to:  

Site Activity
Most Online Today: 172
156 Guests, 1 User
Urania