Malware got through MSE

Topic

New Reply

I have a vision problem, so pardon me from the outset. I have a gateway laptop with Windows XP Service pack !!! installed. I also have been using microsoft security essentials since Woody recocmended it several months ago. I had no problems with it until 1 week ago. I visited a website that got by MSE and now my machine is infected. I get a pop-u p window for “just in time debugger” and unwanted links to new tabs.pages/winows. The worst part is that the malware prohibits or blocks all attempts to update MSE or Windows Updates in general.I have run complete scans by MSE but nothing was found. I am perplexed about what to do next. I definitely need some help. Much heartfelt appreciation is extended for any remedies to my computer’s malady!

Reply | Quote

Replies

I have a vision problem, so pardon me from the outset. I have a gateway laptop with Windows XP Service pack !!! installed. I also have been using microsoft security essentials since Woody recocmended it several months ago. I had no problems with it until 1 week ago. I visited a website that got by MSE and now my machine is infected. I get a pop-u p window for “just in time debugger” and unwanted links to new tabs.pages/winows. The worst part is that the malware prohibits or blocks all attempts to update MSE or Windows Updates in general.I have run complete scans by MSE but nothing was found. I am perplexed about what to do next. I definitely need some help. Much heartfelt appreciation is extended for any remedies to my computer’s malady!

Carl,
Hello, there is a (freewhatever) program that most on this forum would recommend as a good starting place to rid your PC of the problem http://www.malwarebytes.org/ download the free version and install…. run then …. follow their recommendations . It would be helpful to include more information on your “OS” ex: any other security programs installed? AV… firewall… etc. Post back and let us know of your initial results. Regards Fred

Reply | Quote

Hi Carl and welcome to the Lounge!

MalwareBytes antimalware is very good as Fred related. When you run your scan it will be more effective if you boot Windows into Safe Mode with networking, just in case you have difficulty getting updates downloaded for it in your regular Windows session. Also, the malware affecting your computer should be less effective in Safe Mode.

Reply | Quote

I visited a website that got by MSE and now my machine is infected.

Can you provide the name & URL of the website where you believe this occured, and the name of the infective agent when you get this sorted out, please.

Thanks
CLiNT

Reply | Quote

Hi Carl :

Based on your explanation of the Symptoms, I feel it would be best to
have your computer checked by an experienced, trained, Certified,
VOLUNTEER “Malware Removal Specialist” that help on many
Advanced Malware removal Forums . The One I recommend is
Geeks To Go, specifically at http://www.geekstogo.com/forum/forums.html .
Try and use the “procedure” in their “Malware and Spyware Cleaning
Guide”, but practically speaking, they want to see a “Log” from the
FREE “OTL” program mentioned in the Guide. You can read about
the OTL program at http://www.geekstogo.com/forum/OTL-Tutorial-How-to-use-OldTimer-ListIt-t277391.html .

Reply | Quote

Many Thanks Guys for the prompt responses! I forgot to mention in my earlier post that I had also ran (updated)ccleaner which detected nothing. At your suggestion I downloaded, installed, and ran the Malwarebytes program. It detected 5 infected items which were deleted. Thought I was home-free but nooooo!I I still am unable to connect with MSE or Windows Update. I visited the OldTimer site but felt overwhelmed by the instructional data. I am pretty good at some things in life, but this stuff is way over my head! I confess my ignorance about how to give more useful info. here. It seems that most of the pop-ups have stopped, at least for the moment. I feel like if I could just get MSE updated that it would resolve the problems. It has been a problem free tool for me up to this point. Perhaps I should run the malwarebytes scan again to see if it turns up anything new? Many Thanks for your thoughtful responses!
Carl

Reply | Quote

Here is one of the unwanted pages that keeps popping up: http://server2.mediajmp.com/surveys/cpv-index.html?sub=iso.com. I Do believe that I got this mess when visiting http://www.pacifica.org. Hope this is helpful. Now the ‘JUST IN TIME DEBUGGING” Is nagging me again. criminy!

Carl

Reply | Quote

Here is one of the unwanted pages that keeps popping up: http://server2.media…ml?sub=iso.com. I Do believe that I got this mess when visiting http://www.pacifica.org. Hope this is helpful. Now the ‘JUST IN TIME DEBUGGING” Is nagging me again. criminy!

Carl

Once you get this sorted out you may want to look into Sandboxie.This program sets up you web browser in a virtual environment that allows you to delete so that these fraudulent nasties can’t get into you system. The virtual environment holds then in the Sandbox until you simply delete them.

Reply | Quote

Carl, did you try scanning with MalwareBytes in Safe Mode? If not, give it a whirl. It may be more effective in rooting out any other malware in Safe Mode.

Reply | Quote

Hi Carl :

I heard a couple of years ago from an experienced, certified, Malware
Removal Specialist who went to work on the Malwarebytes
Anti-Malware Online Support Forums that program is ineffective when
run in Safe Mode . And the OldTimer “site” I quoted was for
informational purposes ; would be best to ask for help on the Geeks
To Go Support Forums and read through their “Malware Cleaning
Guide”, paying particular attention to the section on the OTL program
and posting its “Log” after starting a “New Topic” there .

Reply | Quote

I heard a couple of years ago from an experienced, certified, Malware
Removal Specialist who went to work on the Malwarebytes
Anti-Malware Online Support Forums that program is ineffective when
run in Safe Mode .

Hi Robin,

The reason I recommended Safe Mode for MalwareBytes is I cleaned a client’s computer of malware that recognized the names of MalwareBytes and other programs, and subsequently blocked them from running in Windows standard mode. I then booted to Safe Mode where the tools (MalwareBytes included) were more effective. MalwareBytes may be less effective in Safe Mode, but there is little choice under such circumstances. However, I also had to boot to a DVD to run the final scans that totally cleaned the machine.

Reply | Quote

Once you get up and running , I’d removeMSE.
My sister installed MSE recently and within a week her was infected with malware. Best of the free stuff imho is Avast.
I haven’t tried the Panda anti malware but has high ratings in some quarters.

Reply | Quote

More things to try…

Rename the executable: In the “C:Program FilesMalwarebytes’ Anti-Malware” folder, make a copy of mbam.exe and name or rename it sneaky.exe (or whatever you prefer.) Then execute that file; now the malware will not recognize or block the program’s execution.

Flush the DNS cache: Click Start, then click Run. Keyin “cmd” (with NO quotes) then hit Enter. In the Command Prompt window that opens, keyin “ipconfig /flushdns” (no quotes), hit Enter. You should get a message about success. Type “exit” and hit Enter or just click the X in the upper right corner to close the window.

How to reset Windows Update components: Go to http://support.microsoft.com/kb/971058 and click FixIt. (I also recommend that you read the instructions.)

Still not working? Check for the TDSS rootkit: http://support.kaspersky.com/viruses/solutions?qid=208280684 provides a removal tool for the TDSS rootkit which is becoming more prevalent.

Good Luck.

Reply | Quote

Flush the DNS cache: Click Start, then click Run. Keyin “cmd” (with NO quotes) then hit Enter. In the Command Prompt window that opens, keyin “ipconfig /flushdns” (no quotes), hit Enter. You should get a message about success. Type “exit” and hit Enter or just click the X in the upper right corner to close the window.

Bob
Hello, Question : Could you please explain the “DNS” procedure, as i have never heard of this, ( and will be of some help to us all) and I’m pretty sure most of us do not know what this will do in ridding the PC in question of the problem. Thanks for your comments. Regards Fred

Reply | Quote

Bob
Hello, Question : Could you please explain the “DNS” procedure, as i have never heard of this, ( and will be of some help to us all) and I’m pretty sure most of us do not know what this will do in ridding the PC in question of the problem. Thanks for your comments. Regards Fred

Fred, Hello

“Ever want or need to see the most recent version of a website? Maybe the DNS has changed and now you are still seeing the old version location cached while all your friends are seeing the new version. How do you flush those stale DNS records from your system?”

cmd prompt Run as Administrator type: ipconfig /flushdns. This will flush the dns cache. Helps if you are having mysterious problems or seeing old versions of a web page.

Reply | Quote

You might try an online virus scan…there are many out there…do a google search, & run their scan.

Reply | Quote

I just want to ad my two pennyworth. Both my husband’s laptop and my desktop had MSE installed and he does nothing but play jigsaw games, google the odd item, read an online newspaper and visit EBay yet he began to get multiple pop ups. When I tried to open MSE on his machine it would not respond so I used malwarebytes which found 9 infections and removed them. The pop up problem remained however and MSE was still frozen so I uninstalled it with revouninstaller. I tried to reinstall MSE but the website would not open. In desperation I installed the free Avast AV and ran a full scan. It found a further 13 trojan infections and removed them. The laptop is now free of viruses and my husband says it runs faster than ever. I still have MSE on my desltop PC and so far I have no infections but if I get any I will use Avast.

Reply | Quote

I just want to ad my two pennyworth. Both my husband’s laptop and my desktop had MSE installed and he does nothing but play jigsaw games, google the odd item, read an online newspaper and visit EBay yet he began to get multiple pop ups. When I tried to open MSE on his machine it would not respond so I used malwarebytes which found 9 infections and removed them. The pop up problem remained however and MSE was still frozen so I uninstalled it with revouninstaller. I tried to reinstall MSE but the website would not open. In desperation I installed the free Avast AV and ran a full scan. It found a further 13 trojan infections and removed them. The laptop is now free of viruses and my husband says it runs faster than ever. I still have MSE on my desltop PC and so far I have no infections but if I get any I will use Avast.

You may want to download Avast and save without actually installing,this way,if an infection occurs that blocks seeking help online,you can proceed to installing it. I save Malwarebytes and Avira,and keep an email alert for updates to them.

Reply | Quote

I agree with trying the online scanners. One of them will work. I use Housecall by TrendMicro. It is free and has worked every time. It scans differently than MSE, which I believe is based on Threat Fire.

Reply | Quote

Hello,

I got hit bad yesterday with 4 Trojans and spyware that made my desktop un-useable.
I use MSE on both my desktop and laptop and have had 3 or 4 incidents that MSE has let things through and corruptted my computers.
They did away with OneCare and left us with the option of MSE.
MSE has let several spyware and anti-virus programs through without my permission and they start scanning and you can stop them other then to kill your computer the wrong way by using the off button.
Then you try to beat the clock when you restart by getting into safe zone or other places to put an end to the services, but what have they left behind after you have deleted them?
If MSE couldn’t catch or stop them from coming in and executing a program, how do we know how much trash was left behind after unistalling, cleaning computer, running MSE Full Scan, and using restore date?
It really makes you want to just give up the internet.
I spent 10’s of thousands of dollars on computers and have had so many of them fried due to the lack of properly working programs.I am not a computer expert but I do know enough to know that a lot of these programs are trash and not trust worthy.
Very very depressing for someone who is permently disabled and my only outlet to the world is the computer.
BEWARE ALL!
It is a different world out there now.
GOD help us all!

Reply | Quote

MSE may not be completely at fault. These days social engineering is more to blame than an anti-malware program just “letting” bad stuff onto a system. Many users are easily tricked into installing malware. People tend to click on popups and screens that look familiar without paying attention and reading what is there. If you have Vista or Windows 7 UAC is supposed to let you decide whether you really want a program to be installed and run. Many people just “click through” all UAC warnings. Many, many users just open email attachments without thinking or click on links in email without thinking. You have to remember that when a user clicks on anything is an impicit OK for that program or web site to do whatever it wants.

Joe

--Joe

Reply | Quote

I agree with JoeP. (Not necessarily in all cases, of course. There’s still much malicious material out there looking for a way in with or without our complacency.) When I work with other people’s computers (friends and family, I don’t have time to do it as a paying job) I think hard about UAC depending on the person. I find a few types, really – the first group is alarmist and scared and thinks every dialog box means that every single click means possible impending doom. I’m not sure this is what MS intended, but for these folks it works. It tends to stress them out, though, and computers should be enjoyable, not stressful.The second group is conditioned by its omnipresence to just click through, like Joe said, and complain about the time it takes to do anything. Then there’s the group I’m in – the first thing I do after Windows setup is turn it off.

As for MSE… I can’t lay much blame there. I can’t help but think if this was a different company, the comments would be different. There is no infallible AV, and there never will be unless someone comes up with a way to control time or predict the future. Those are the only two ways to stay ahead in the virus game. And that’s what it is for the people who create the malware – a game to see who can get a step ahead of the AV definitions and infect as many computers as possible before an AV update stops them.

I used to use Avast, and I still think it’s great. It’s also what I was using both times I got infected, once about 5 years ago and then again this past January. Yes, I switched to MSE, but not because Avast “let me down”, I switched because I needed something less system-intensive and less intrusive. MSE has also caught a few things Avast didn’t. They aren’t malware, they are diagnostic tools commonly flagged because they do things that could be used for evil. I have to update them every so often and Avast never blinked. MSE threw up the wall for each of them. But that still doesn’t make either one necessarily better than the other.

Staying safe on the internet has many factors, from the AV to the browser to the other software on your machine (Adobe Reader comes to mind). It’s just about doing the most you can, then accepting that once in a while stuff happens anyway.

Christa

Reply | Quote

I see a lot of bad mouthing MSE in this thread, but as Joe said many times these infections are our own doing. We go places that are known to harbor nasties, we click through boxes without reading them, we just fall for the junk that arrives on our PC’s. There is no AV app in the world that can stop us from shooting ourselves in the foot so to speak.

To give an example, my wife works in the IT dept of a local medium sized university. The are now switching there AV from McAfee to something else. They are still evaluating which way to go for their entire network. ALL AV companies are vulnerable to these nasties at one time or another, and even the largest can’t stop us from doing dumb things with our mouse!

Reply | Quote

Speaking of social engineering…
I just went to the web site you listed, and was given the “opportunity” to “click here” for a survey or somesuch – however, I was alerted to the potential for malware by the prominent warning from WebOfTrust (WOT), which I’ve found to be of invaluable help in warning me of such. It’s available for Firefox (which I use), as well as IE. Highly recommended (but don’t turn off your common sense).

Reply | Quote

Carl,

Please allow me to add my two cents worth . . .

The following is a clip from the NEWS page of my web site:

PRESUME THAT ANY OTHER NOTIFICATION OF ANY KIND IS A DISASTER WAITING TO HAPPEN AND DO NOT CLICK ON ANYTHING IN THE WINDOW. IF POSSIBLE, DON’T ALLOW YOUR MOUSE TO PASS OVER THE WINDOW! At this point, you must presume that everything in the suspicious window is a booby trap . . . because it probably is!

Remember, they are trying to get you to panic!

1. Remove your hand from the Mouse and take a deep breath. You are under attack, but the solution is quick and simple.

2. Locate the cursor and if it is in the suspect window, carefully remove it without passing over any item that might activate a response.

3. Right-click on the Status Bar (the bar on the bottom of the screen) and select Task Manager.

4. Click on the Applications tab, select the suspect program and click on the End Task button in the bottom of the Task Manager window. This will safely exit the attack without unknowingly activating anything you will wish you hadn’t activated.

That’s all there is to it! Now lets practice. Open NOTEPAD and pretend that it is a false security pop-up. Practice closing it with the four steps listed above.

Congratulations! You are now an expert in avoiding the most common form of attack, the False Security Warning con.

For the full article, go to http://www.1stcomputertechnologies.com/news/news.htm

What the crooks are doing is taking a perfectly benign popup and booby-trapping every selectable object including the ‘X’ that you would use to close the offending window. Technically, it is a pretty simple process and the end result is that it trashes your security application in such a way as to not arowse the Microsoft Security Center and then it is free to do its evil deeds.

Reply | Quote

I agree with Fred, I also need an explanation. I have heard of, and even used Release IP Address and Renew IP Address, but I also do not know about flushing the DNS cache.I will do some searching in the meantime.

Reply | Quote

Something else I noticed when trying to remove some fake antivirus programs is that they occasionally affect only the account that’s logged in. If you have a second account (or try creating a temporary one with administrator rights) on the computer, you can login as the second person and run your removal programs (Malwarebytes, Spyboit, etc.) without being blocked. Another program I suggest is SUPERAntispyware’s Portable scanner, which can be run from a USB flash drive.

Mike

Reply | Quote