Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"XP Home Security 2012" invasion--repair


  • Please log in to reply

#1
Aluckett

Aluckett

    Member

  • Member
  • PipPip
  • 14 posts
Attached File  Extras.Txt   49.09KB   68 downloadsWhile still in the session when the popups started happening, I was able to end a bad process called “sde.exe” in Task Manager. I also did a full scan with Symantec Enpoint Protection, which quarantined something called “JS.SecurityTool” and located and deleted a cookie. I also deleted the sde.exe file and another one that had been loaded by the malware. Symantec did not seem to identify any problems with files associated with a routine (supposedly safe) called “DropBox”, though several Dropbox associated files appear to have been accessed or modified by the malware. I haven’t done anything with those files.

When I restarted Windows, functionality of programs from the “Run” command or the icons in “Start” was lost. The dialog box opened that asked “What file do you want to use to open this file.” Well, they should be .exe’s, right?

I then restarted Windows in Safe Mode and did a system restore (All Programs/Accessories/System Tools/System Restore) back to an identified point per the routine, an hour or two before the incursion of this virus. (System restore seems to be capturing a point every day). I am still in Safe Mode. Because of Safe Mode, I think, Symantec is not running right now. The exe’s I have tried to open from the start menu (in safe mode) have opened normally and seem to be running OK.

I have now restarted normally, and the operation so far looks OK. I am hoping the restore back to the previous point will make it unnecessary to mess with the registry entries, so I haven’t gone into there. I took a backup of the system state (huge file, over 500MB) which seems to be what is recommended before going into regedit. I have just scanned the computer using the recommended OTL software and I have attached the log file.

I have seen and received some suggestions to run MALWAREBITES. Should I check with that routine?

Thanks, Al

Attached Files

  • Attached File  OTL.Txt   41.87KB   27 downloads

Edited by Aluckett, 30 July 2011 - 02:15 PM.

  • 0

Advertisements


#2
Macboatmaster

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
Excellent as Malwarebytes is, NO ONE malware removal program can be trusted to deal with the removal of all traces of an infection.
By the very nature of malware, it can be found in many places.
You NEED the expert attention of a certified advisor on this site.
Only these people can deal with such issues.
Go to this link and follow carefully the advice in the link.
http://www.geekstogo...cleaning-guide/
If you post in the Malware forum, please post back on here to indicate you have done so.
YOU CANNOT rely on your backup - as that of course will have the same possible infection as the hard drive.

It is also quite possible that your restore points are also infected.
MY STRONG recommendation is to to follow the advice in the link, for the reasons stated.
  • 0

#3
Aluckett

Aluckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for taking the time to reply.

I've looked carefully through the list of malware removal tools and do not see one for "XP Home Security 2012". Do you know for sure there is one, or one that covers the same class of files?

I sincerely believe my files before the midnight invasion were good. But if I restore from that date, can anything remain in the system that could have been loaded or updated later?

I am quite confused at this point if there is any more advice in the link to be followed.

Thanks, Al
  • 0

#4
Macboatmaster

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
Step 2. Step 1 is create account, you already have one. Step 2 is post with logs as described.
  • 0

#5
Macboatmaster

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
Aluckett
Are you still having problems with your issue or is everything now running correctly?
It has been 11 days since your last response and I was wondering if the issue has been resolved?
If so can you explain how it was resolved so others may be able to fix it if they have the same issue.
If not please let us know and we can continue with helping you to resolve the issue.

Did you pursue the issue. If so please post to that effect as per the request in my post 2.
Thank you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP