Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Can't remove Windows Security Virus
New Posts  All Forums:Forum Nav:

Can't remove Windows Security Virus

post #1 of 9
Thread Starter 
Having some problems here trying to help my brother out. He got a Windows Security Virus 2011 on XP. From what I can gather it's this http://www.precisesecurity.com/rogue...security-2011/ however the manual removal process isn't working at all. When he goes to C:\\ no folders are there except a Windows Recovery folder. Going to the cmd displays the same thing. We can manually type in cd C:\\Program Files and it lets him there but a dir displays no files. Ive tried cd C:\\Program Files\\Windows Security 2011 (and other combos) and can't seem to locate where this virus is stored. Safe mode is the same story. Going Start < All Programs shows no programs being installed (can't get to system restore). msconfig < bootup disabling everything didn't help. Regedit ...CurrentVersion\\Run didn't reveal anything.

I have him doing a repair install of XP now. Apparently even during the repair (while it's telling you all the great wonderful things about the Windows XP experience) this Windows Security thing was popping up. How?

Any help with this or other ideas?
My System
(13 items)
 
  
CPUMotherboardRAMOS
Phenom ii X3 740 BE Asus M4A88TD-V EVO USB3 G.Skill Ripjaw 4 GB (2, 2GB) DDR3 1333 XP / Fedora 
PowerCase
Corsair HX650 Cooler Master CM 690 ii Advanced 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardRAMOS
Phenom ii X3 740 BE Asus M4A88TD-V EVO USB3 G.Skill Ripjaw 4 GB (2, 2GB) DDR3 1333 XP / Fedora 
PowerCase
Corsair HX650 Cooler Master CM 690 ii Advanced 
  hide details  
Reply
post #2 of 9
Format

Barring that, boot into safe mode and see if you can get rid of it.

Really the best thing to do is format though. Save what you can and just wipe it
Poison
(13 items)
 
  
CPUMotherboardGraphicsRAM
3820 @ 4.7 Sabertooth x79 Powercolor 6870x2 G Skill 2133 8gb 
Hard DriveCoolingOSMonitor
Crucial m4 Noctua DH14 win7 64 ultimate HP 2511x 
KeyboardPowerMouseMouse Pad
microsoft Sidewinder Enermax Modu 87+ 900 Asus GX800 none 
Audio
Yamaha RX-V955, B&W bookshelves and Infinity PS-8 
  hide details  
Reply
Poison
(13 items)
 
  
CPUMotherboardGraphicsRAM
3820 @ 4.7 Sabertooth x79 Powercolor 6870x2 G Skill 2133 8gb 
Hard DriveCoolingOSMonitor
Crucial m4 Noctua DH14 win7 64 ultimate HP 2511x 
KeyboardPowerMouseMouse Pad
microsoft Sidewinder Enermax Modu 87+ 900 Asus GX800 none 
Audio
Yamaha RX-V955, B&W bookshelves and Infinity PS-8 
  hide details  
Reply
post #3 of 9
Had that on 2 seperate computers. Its a self replicating trojan that infects your registry.
Even if you find it, it will replicate itself and reinstall. only real hope at this time is a total format wipe and reinstall. make sure you use a good program to reformat your HDD. I use Part Commander and that worked well but I always do 2 formats to clean it.
Torchwood 3
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 EVGA 680i Ultra XFX 9800GT 512 OCZ SLI-Ready 4GB DDR2 800 (PC2 6400) 
Hard DriveOptical DriveOSMonitor
Samsung SATA 2X500G X20 lightscribe DVDRW/X16DVD Windows 8 X64 Viewsonic VA2702w 
KeyboardPowerCaseMouse
Razor Lycosa Ultra X-finity 800 Antec P180B Logitech Lazer LX8 
Mouse Pad
WOW pad 
  hide details  
Reply
Torchwood 3
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 EVGA 680i Ultra XFX 9800GT 512 OCZ SLI-Ready 4GB DDR2 800 (PC2 6400) 
Hard DriveOptical DriveOSMonitor
Samsung SATA 2X500G X20 lightscribe DVDRW/X16DVD Windows 8 X64 Viewsonic VA2702w 
KeyboardPowerCaseMouse
Razor Lycosa Ultra X-finity 800 Antec P180B Logitech Lazer LX8 
Mouse Pad
WOW pad 
  hide details  
Reply
post #4 of 9
No folders there because that particular virus makes em all hidden - unhide and you should be able to track it down

malwarebytes does find most incarnations of that program - if it blocks running the exe directly... you can run it from cmd
Digital Mistress
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @4.01 24/7 191x21 GIGABYTE GA-EX58-UD5 HD6970 12 gig G.Skill Pi Black 1600 
Hard DriveOptical DriveOSMonitor
Vertex 2 Boot & Raid0 for progs Samsung 22x DVD Win 7 / XP 64 3x Asus VW224 
KeyboardPowerCaseMouse
Das Model S Corsair 850TX CM ATCS 840 SteelSeries Xai 
  hide details  
Reply
Digital Mistress
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @4.01 24/7 191x21 GIGABYTE GA-EX58-UD5 HD6970 12 gig G.Skill Pi Black 1600 
Hard DriveOptical DriveOSMonitor
Vertex 2 Boot & Raid0 for progs Samsung 22x DVD Win 7 / XP 64 3x Asus VW224 
KeyboardPowerCaseMouse
Das Model S Corsair 850TX CM ATCS 840 SteelSeries Xai 
  hide details  
Reply
post #5 of 9
I would try rkill and also showing all files and also show all hidden system files... but just backup and reformat.. nothings better than a clean pc anyway
     
CPUMotherboardGraphicsRAM
Intel 7700k Z270M-DH3 UD 1151 MATX Zotac 1070 Amp! Edition CORSAIR 16GB 2X8 D4 3200 C16 VLPX 
Hard DriveHard DriveHard DriveCooling
Samsung 250GB 850 EVO Samsung 250GB 850 EVO Corsair 64GB M4 CORSAIR H110i 
OSMonitorKeyboardPower
Windows 10 ASUS VG248QE 24" 1920x1080 144Hz  Corsair K65 - Cherry Reds SEASONIC 80PLUS GOLD X-650 
CaseMouseMouse Pad
NZXT S340 Mid Tower Computer Case Logitech G502 SteelSeries QcK mass 
CPUMotherboardGraphicsRAM
2500k Gigabyte Z68X-ED3H-B3 EVGA GTX 680 8GB (4 x 2GB) DDR3 1600 HyperX Genesis 
Hard DriveHard DriveHard DriveCooling
256GB Samsung OEM SSD (SLOW POS) 64GB Samsung 830 64GB Crucial M4 Corsair H100 
OSMonitorKeyboardPower
Windows 7 Professional 64-bit Alienware OptX AW2310 Saitek Eclipse Seasonic X750 
CaseMouseAudio
Corsair 650D Logitech G500 Creative Titanium HD 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
Intel 7700k Z270M-DH3 UD 1151 MATX Zotac 1070 Amp! Edition CORSAIR 16GB 2X8 D4 3200 C16 VLPX 
Hard DriveHard DriveHard DriveCooling
Samsung 250GB 850 EVO Samsung 250GB 850 EVO Corsair 64GB M4 CORSAIR H110i 
OSMonitorKeyboardPower
Windows 10 ASUS VG248QE 24" 1920x1080 144Hz  Corsair K65 - Cherry Reds SEASONIC 80PLUS GOLD X-650 
CaseMouseMouse Pad
NZXT S340 Mid Tower Computer Case Logitech G502 SteelSeries QcK mass 
CPUMotherboardGraphicsRAM
2500k Gigabyte Z68X-ED3H-B3 EVGA GTX 680 8GB (4 x 2GB) DDR3 1600 HyperX Genesis 
Hard DriveHard DriveHard DriveCooling
256GB Samsung OEM SSD (SLOW POS) 64GB Samsung 830 64GB Crucial M4 Corsair H100 
OSMonitorKeyboardPower
Windows 7 Professional 64-bit Alienware OptX AW2310 Saitek Eclipse Seasonic X750 
CaseMouseAudio
Corsair 650D Logitech G500 Creative Titanium HD 
  hide details  
Reply
post #6 of 9
You can always boot from a live CD as well.

The problem with something like this is that once you do remove it, it may have done irreparable damage to that particular user account. Best way to get around that is to make a new one with admin rights, then logon to that one, then set the old/original account to lesser than admin rights, then delete the old one.

If you've lost a bunch of Start Menu shortcuts and things it can be time consuming putting them back together...
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
post #7 of 9
Sounds Nasty, I'd go the full reformat route personally. I'm sure its removable, but with that level of infection, the computer would just feel dirty til I gave it a good scrubbing.
Beast of Burden
(19 items)
 
Cool story, bro!
(16 items)
 
 
CPUMotherboardGraphicsRAM
i7 3770k Gigabyte Z77X-UD5H Gigabyte HD 7970 Reference Ripjaws Z 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Caviar Black ASUS DVD XSPC Raystorm 
CoolingCoolingCoolingOS
EK FC-7970 w/ Backplate Copper/Acetal RX360 w/ 3x Yate Loon High Speed in Push XSPC Dual Bay Res w/ D5 Pump Windows 7 
MonitorMonitorKeyboardPower
ASUS VE226H ASUS VE226H Cooler Master Quickfire Rapid Corsair HX850 
CaseMouseMouse Pad
HAF 932 Advanced Razer Deathadder QcK Mini 
CPUMotherboardGraphicsRAM
Q9550@ 3.5GHz w/ 1.191v Gigabyte GA-EP45-UD3P Sapphire Reference 5850 @ 775/1100 G.SKILL 4GB (2 x 2GB) DDR2 1066 
Hard DriveHard DriveHard DriveOptical Drive
Crucial C300 Spinpoint F3 Caviar Black ASUS DVD-RW 
CoolingOSMonitorKeyboard
Arctic Cooling Freezer 7 Pro Windows 7 Home Premium 64-bit Samsung 23" Saitek Eclipse III 
PowerCaseMouse
Corsair 430W NZXT Source 210 Wolf King 
  hide details  
Reply
Beast of Burden
(19 items)
 
Cool story, bro!
(16 items)
 
 
CPUMotherboardGraphicsRAM
i7 3770k Gigabyte Z77X-UD5H Gigabyte HD 7970 Reference Ripjaws Z 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Caviar Black ASUS DVD XSPC Raystorm 
CoolingCoolingCoolingOS
EK FC-7970 w/ Backplate Copper/Acetal RX360 w/ 3x Yate Loon High Speed in Push XSPC Dual Bay Res w/ D5 Pump Windows 7 
MonitorMonitorKeyboardPower
ASUS VE226H ASUS VE226H Cooler Master Quickfire Rapid Corsair HX850 
CaseMouseMouse Pad
HAF 932 Advanced Razer Deathadder QcK Mini 
CPUMotherboardGraphicsRAM
Q9550@ 3.5GHz w/ 1.191v Gigabyte GA-EP45-UD3P Sapphire Reference 5850 @ 775/1100 G.SKILL 4GB (2 x 2GB) DDR2 1066 
Hard DriveHard DriveHard DriveOptical Drive
Crucial C300 Spinpoint F3 Caviar Black ASUS DVD-RW 
CoolingOSMonitorKeyboard
Arctic Cooling Freezer 7 Pro Windows 7 Home Premium 64-bit Samsung 23" Saitek Eclipse III 
PowerCaseMouse
Corsair 430W NZXT Source 210 Wolf King 
  hide details  
Reply
post #8 of 9
Boot safe mode. Run CCleaner. Disable all startup programs. Find the program you don't recognize, look at its location. Delete. Profit.

I've had a similar virus on multiple computers, I did the above. No need for antiviruses or any of those fancy resource hogs.

Now, if it is one of those viruses that infect all your EXEs, then you are out of luck.
Mine
(19 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-6700K 4.0GHz Quad-Core Asus Z170 PRO GAMING ATX LGA1151 EVGA GeForce GTX 1070 8GB SC Gaming ACX 3.0 G.Skill Ripjaws V Series 16GB (2 x 8GB) DDR4-3200 
Hard DriveHard DriveHard DriveHard Drive
PNY CS1311 480GB SSD Barracuda 500 WD 1000 WD 1000 
CoolingOSMonitorMonitor
Thermalright TRUE Spirit 140 POWER 73.6 CFM Windows 10 Acer S277HK 27" 4K Acer 23" 1080p 
MonitorKeyboardPowerCase
Acer 23" 1080p Razer Black Widow Ultimate EVGA SuperNOVA G2 550W 80+ Gold Corsair 330R Titanium Edition ATX 
Mouse
Logitech G303 Daedalus Apex 
  hide details  
Reply
Mine
(19 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-6700K 4.0GHz Quad-Core Asus Z170 PRO GAMING ATX LGA1151 EVGA GeForce GTX 1070 8GB SC Gaming ACX 3.0 G.Skill Ripjaws V Series 16GB (2 x 8GB) DDR4-3200 
Hard DriveHard DriveHard DriveHard Drive
PNY CS1311 480GB SSD Barracuda 500 WD 1000 WD 1000 
CoolingOSMonitorMonitor
Thermalright TRUE Spirit 140 POWER 73.6 CFM Windows 10 Acer S277HK 27" 4K Acer 23" 1080p 
MonitorKeyboardPowerCase
Acer 23" 1080p Razer Black Widow Ultimate EVGA SuperNOVA G2 550W 80+ Gold Corsair 330R Titanium Edition ATX 
Mouse
Logitech G303 Daedalus Apex 
  hide details  
Reply
post #9 of 9
Click on my sig.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Can't remove Windows Security Virus