EPDM Coatings
rvupgradestore.com Composet Products Custom Yacht Interiors

Author Topic: "Windows Security Alert" virus  (Read 6968 times)

Ernie n Tara

  • ---
  • Posts: 3295
  • Life is Good - Together
"Windows Security Alert" virus
« on: May 01, 2011, 09:43:36 AM »
Hi,
Tara has contracted the above virus (or a variant). Symptoms:
 * Windows Security Alert Box - new icon in trey
 * Popup "Security alert" - Do you want to run your antivirus software now?   (Already running AVG)
 * Essentially blocks any other program from starting and reports a bad file for it
 * Won't allow start in Safe mode -
 * Eventually starts explorer (we both use Firefox) and asks you to buy SW

Clues as to how to remove???

TIA,
Ernie
Ernie 'n Tara

2011 Winn Journey 34y
2012 Jeep Rubicon - Dozer (orange - kinda)
2006 Jeep Wrangler

schoolsout2

  • ---
  • Posts: 606
Re: "Windows Security Alert" virus
« Reply #1 on: May 01, 2011, 10:09:19 AM »
Complete instructions can be found here, but just use malwarebytes anti-malware and it should do the trick.  It is also free.

http://www.malwarehelp.org/fake-windows-security-center-analysis-and-removal-2009.html
Dave and Sue Fullerman
2014 Winnebago Tour
2012 Honda CRV
FMCA F7777D
from Ohio now full time

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #2 on: May 01, 2011, 10:25:39 AM »
You can follow those instructions but since you can't boot to safe mode, I would download the 2 specified programs (Kaspersky Virus Removal Tool and MalwareBytes’s Anti-Malware) on another computer and put them on a USB flash drive.  Then run them from the flash drive on the infected computer and hope the virus doesn't block them.  Don't skip the last 2 steps, toggling System Restore off then on to remove any trace of the virus in the system restore files, and run the tools again to insure the system has been cleaned.

Let us know how you fair, these can be difficult to remove.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

Paul & Ann

  • ---
  • Posts: 1443
    • Paul and Ann's Great RV Adventure
Re: "Windows Security Alert" virus
« Reply #3 on: May 01, 2011, 10:32:16 AM »
My suggestion would be that after you get the virus removed, I would get rid of the AVG, and get either Avira or Avast virus protection.  Both are free.  I now have Avira, and found a several infections that my AVG had missed.

Good Luck

Paul
Paul & Ann  Iowa
2005 Winnebago Voyage 38J
http://stoughrvadventure.blogspot.com/

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #4 on: May 01, 2011, 10:54:05 AM »
Unfortunately, no one anti-virus program will catch all malware, but it's not a good idea to run more than one at a time.  I've found that the MS Security Essentials program (free from Microsoft) is as good as any at catching malware while not being intrusive.  In addition, run one or more of the standalone AV programs periodically just to be safe.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

seilerbird

  • Guest
Re: "Windows Security Alert" virus
« Reply #5 on: May 01, 2011, 11:43:04 AM »
I am sure glad I don't have to use anti virus and anti malware software. It is cheaper and easier to learn the proper way to use a computer.

Ernie n Tara

  • ---
  • Posts: 3295
  • Life is Good - Together
Re: "Windows Security Alert" virus
« Reply #6 on: May 01, 2011, 12:50:25 PM »
I'm Back,
Ran Kas... after deleting one file (forgot to note name-slipping in old age) in Task Mgr. Couldn't run from thumbdrive, but deleting that file temporarily eliminated the Security notifications. I installed Kas.. on C, ran it in standard (not safe) mode and Kas.. found three infections and deleted 1, then disabled the next two. It then locked up.
It now reboots, and connects to Inet (which it did not before. But its very slow! No longer get the Security notification.
At the moment, I'm running Malwarebytes' Anti-Malware. It say its identified 6 more infected objects (quickscan); suspect this means buy their sw to delete them??
Ernie
Ernie 'n Tara

2011 Winn Journey 34y
2012 Jeep Rubicon - Dozer (orange - kinda)
2006 Jeep Wrangler

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #7 on: May 01, 2011, 01:22:53 PM »
Malwarebytes Anti-Malware software has a free version here that will remove the malware it finds.  No need to buy the Pro version.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

Ernie n Tara

  • ---
  • Posts: 3295
  • Life is Good - Together
Re: "Windows Security Alert" virus
« Reply #8 on: May 01, 2011, 02:48:57 PM »
Thanks, all (and esp. schoolsout2 & Ned). I've got it cleaned up. I might note that the instruction to use Windows + Scroll locked up the computer. I went to the control panel to turn Restore Off and On.
Thanks again,
Ernie (& Tara is happy too)
Ernie 'n Tara

2011 Winn Journey 34y
2012 Jeep Rubicon - Dozer (orange - kinda)
2006 Jeep Wrangler

KodiakRV

  • ---
  • Posts: 1820
Re: "Windows Security Alert" virus
« Reply #9 on: May 05, 2011, 09:09:52 PM »
I wonder if you got hit by the same thing that hit me last weekend?  "XP Home Security 2011"?  It was really nasty.  Symantec couldn't find it.  I was finally able to recover by going back to an earlier System Restore Point.  Symantec finally was able to find the executable file today with new AV definitions that came in today.
Frank
Florida

SCVJeff

  • ---
  • Posts: 1075
Re: "Windows Security Alert" virus
« Reply #10 on: May 09, 2011, 01:19:54 AM »
I am sure glad I don't have to use anti virus and anti malware software. It is cheaper and easier to learn the proper way to use a computer.
NEWSFLASH!

I caught the "XP Anti-Spyware" virus from a broadcast TV related site. If that's not "proper" use of a computer, I don't know what is. This was a well known and used professional engineering site, and when I talked to our IT department, they weren't at all surprised at all saying most of the problems lately are coming from otherwise credible sites. Unless you are completely unplugged from the internet and sandbox anything you do into your primary PC, I would be really careful with the flippant use of "proper".. If you don't use anything, it's just a matter of time that you will be here asking for the same help.

To the OP: Malwarebytes and Spyware Doctor seen to be the only two pieces of software that roots these new malware viruses out. The problem is some are smart enough to not allow you to boot or unzip the rescue programs.
_______________________________
Jeff - WA6EQU
Santa Clarita, CA.
'06 Itasca Meridian 34H, CAT C7/350

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #11 on: May 09, 2011, 07:32:50 AM »
It used to be that a user had to do something explicit to get infected with malware but that's no longer true.  Even well known, reputable, web sites have been hacked and malware can be acquired just by opening a page at a hacked site.  While for years I didn't use any anti-virus software, as it was too intrusive, that's no longer safe to do.  There are some excellent, non-intrusive, AV programs available as well as addons for the browsers that will keep the bad stuff out of your computer.  It's much easier to keep it out than it is to remove it later.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

Jerrygroah

  • ---
  • Posts: 286
Re: "Windows Security Alert" virus
« Reply #12 on: May 09, 2011, 08:03:15 AM »
Thanks Ned, I just contracted the same virus as above. Kasperskys could not remove it. The Malware site and Microsoft security essentials did the job.

Thanks again, Jerry
Jerry Groah
Mims, Florida

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #13 on: May 09, 2011, 08:13:35 AM »
Glad to hear it worked for you, Jerry.

Microsoft Security Essentials is, today at least, one of the top rated AV programs.  It's very non-intrusive and it's free.  But if you do get infected, MalwareBytes.org is the first place to go for a cure.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

Tom

  • Administrator
  • ---
  • *
  • Posts: 44727
    • RV Forum web site
Re: "Windows Security Alert" virus
« Reply #14 on: May 09, 2011, 09:00:50 AM »
Ned, does Microsoft Security Essentials happily co-exist with other anti-virus software such as AVG?
Tom.  Need help? Click the Help button in the toolbar above.

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #15 on: May 09, 2011, 09:17:12 AM »
You should never run more than one AV program at a time, they will interfere with each other.  The best that will happen is occasional programs seeming to hang up, and at worst, actual data corruption.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

Tom

  • Administrator
  • ---
  • *
  • Posts: 44727
    • RV Forum web site
Re: "Windows Security Alert" virus
« Reply #16 on: May 09, 2011, 09:19:52 AM »
Thanks, that was my recollection from the past, but didn't know if it was still true.
Tom.  Need help? Click the Help button in the toolbar above.

seilerbird

  • Guest
Re: "Windows Security Alert" virus
« Reply #17 on: May 09, 2011, 09:22:01 AM »
NEWSFLASH!

I caught the "XP Anti-Spyware" virus from a broadcast TV related site. If that's not "proper" use of a computer, I don't know what is. This was a well known and used professional engineering site, and when I talked to our IT department, they weren't at all surprised at all saying most of the problems lately are coming from otherwise credible sites. Unless you are completely unplugged from the internet and sandbox anything you do into your primary PC, I would be really careful with the flippant use of "proper".. If you don't use anything, it's just a matter of time that you will be here asking for the same help.

To the OP: Malwarebytes and Spyware Doctor seen to be the only two pieces of software that roots these new malware viruses out. The problem is some are smart enough to not allow you to boot or unzip the rescue programs.
I use Chrome as my browser and it will issue you a warning before you can access a site that will infect your computer. If your browser does not warn you then I don't consider that using a computer properly.

If I get a virus I certainly won't come to an RV site looking for help removing my virus. I have cleaned viruses out of many computers for customers. If it were to happen to me I would simply reinstall Windows. That takes me about an hour to reinstall Windows and all my apps. I find that a lot easier solution than putting up with anti-virus software, endless updates and anti-malware. My way costs me no money, does not slow down my computer and it actually works 100% of the time. 31 years and counting without a virus.
« Last Edit: May 09, 2011, 09:23:59 AM by seilerbird »

Wandering

  • ---
  • Posts: 136
Re: "Windows Security Alert" virus
« Reply #18 on: May 09, 2011, 09:50:17 AM »
seilerbird,

If you do not run any software to detect viruses or malware, how do you know when you have a problem of that type?
Debbie and John

MH sold/settled in SC
2014 Honda Pilot
2002 Lexus SC430 (Funmobile)

seilerbird

  • Guest
Re: "Windows Security Alert" virus
« Reply #19 on: May 09, 2011, 10:00:15 AM »
seilerbird,

If you do not run any software to detect viruses or malware, how do you know when you have a problem of that type?

Because my computer runs flawlessly 2/7/365. I also check the list of running processes frequently to make sure there is nothing there that should not be there.

seilerbird

  • Guest
Re: "Windows Security Alert" virus
« Reply #20 on: May 09, 2011, 10:04:03 AM »
NEWSFLASH!

I caught the "XP Anti-Spyware" virus from a broadcast TV related site.
A virus is a program that must be executed in order to do damage to your computer. You cannot get a virus just from visiting a web site. Ned is correct, you can get malware, but not a virus. If you did get a virus put on your computer from a web site it could not do any damage until you execute the file. Windows will not let you execute a file without giving you a big warning screen first. So you had to visit a malicious site with a lousy browser and then tell Windows to execute the virus exe to get the virus. That is not proper use of a computer.

Molaker

  • ---
  • Posts: 5766
  • We don't camp. We tour.
    • Pumpkin and Us
Re: "Windows Security Alert" virus
« Reply #21 on: May 09, 2011, 10:19:36 AM »
Here's some interesting (and not too technical) reading on whether or not one must "execute" a virus to get infected.  Personally, there are too many hidden/semi-hidden ways to execute some types of files for me to go without anti-virus protection.  Also, attempting to monitor my system by evaluating running processes would be far too time consuming for me.  Personally, I choose maintaining OS updates and running an anti-virus app (MSE).
Tom & Joyce and Ditto the "don't tell her she's a dog" Westie
U.S. Navy (Ret)
2014 Winnebago ERA 70X 24' class B Sprinter chassis

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #22 on: May 09, 2011, 10:27:42 AM »
At the very least, don't allow Javascript to run in the browser without any notice.  All current browsers have the capability of allowing JS only for selected web sites.  Javascript is one way a virus can be introduced in a computer without any action by the user.

It's difficult today to make a distinction between viruses, worms, spyware, and other forms of malicious software, so it's all lumped under the term "malware".  See this article for a good discussion.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

seilerbird

  • Guest
Re: "Windows Security Alert" virus
« Reply #23 on: May 09, 2011, 11:02:03 AM »
Ned is correct, running Javascript is dangerous and something I never do.

Ned

  • Former Staff
  • ---
  • Posts: 25574
  • Ned and Lorna are former full time RVers
    • Have you seen Rolling Stock?
Re: "Windows Security Alert" virus
« Reply #24 on: May 09, 2011, 11:50:35 AM »
Unfortunately, many web sites won't work correctly, if at all, without Javascript.  For example, look at the source code for this page and see that there are several JS scripts that make it work.
-- Ned -- Fulltimer 1997-2013
1997 Holiday Rambler Endeavor LE
2007 GMC Canyon

wgb1

  • ---
  • Posts: 185
Re: "Windows Security Alert" virus
« Reply #25 on: May 09, 2011, 09:31:53 PM »
This is a review from PCmag.com regarding Microsoft Security Essentials.

Pros
Spare, simple user interface. Insulates user from confusing details, while making details available if desired. Good ratings from independent labs. Free.

Cons
Protection weaker under Windows XP. Mediocre results in hands-on malware blocking and malware removal tests. Left some threats running after alleged removal.

Bottom Line
If using a Microsoft product gives you a warm, safe feeling you may consider relying on Microsoft Security Essentials for antivirus protection. The independent labs give it good ratings, for the most part. In my own testing, though, it didn't shine. Other free products offer better protection.

Walter & Kathi
NE Texas
2011 Keystone Bullet 246RBS
2000 Chevrolet Silverado

Mavarick

  • ---
  • Posts: 2030
Re: "Windows Security Alert" virus
« Reply #26 on: May 09, 2011, 11:07:38 PM »
Quote
But if you do get infected, MalwareBytes.org is the first place to go for a cure.
Guys, one other comment about putting this program on a flash drive. A friend got infected with something about 2 weeks ago. Could not see any of his software programs on the drive. They were there, apparently malware was hiding them so he could not run them. He used a flash drive with the above program on it and everything returned to normal. The hacks are getting smarter....
2009 Tiffin Allegro Bus 43 QRP
Powerglide Chassis, 425 Cummins, Allison 6 Speed
2010 CRV - Blackhawk 2 - Air Force One
2002 Heritage Classic
Washington State

SCVJeff

  • ---
  • Posts: 1075
Re: "Windows Security Alert" virus
« Reply #27 on: May 10, 2011, 02:25:18 AM »
A virus is a program that must be executed in order to do damage to your computer. You cannot get a virus just from visiting a web site. Ned is correct, you can get malware, but not a virus. If you did get a virus put on your computer from a web site it could not do any damage until you execute the file. Windows will not let you execute a file without giving you a big warning screen first. So you had to visit a malicious site with a lousy browser and then tell Windows to execute the virus exe to get the virus. That is not proper use of a computer.
Now you're talking semantics. Regardless of what you want to call it,  it's still intrusive and can easily disable the PC. I caught this through corporate Sophos protection as well as Essentials AND Spyware Blaster.
_______________________________
Jeff - WA6EQU
Santa Clarita, CA.
'06 Itasca Meridian 34H, CAT C7/350

schoolsout2

  • ---
  • Posts: 606
Re: "Windows Security Alert" virus
« Reply #28 on: May 10, 2011, 08:08:07 AM »
As a former IT director, I spend many hours fighting spyware and virus programs that get into systems.  With 200 computers and 400 users, my experience taught me to plan for the worst.  You will be hit no matter what preparations you take.  No one program will protect you!  Worst case, reformat and reinstall.  This is not always an option.  One thing I used for a worst case is called BartPE (freeware).  This creates a bootable cd/dvd that will boot the computer and allow you to access the drive to clean things up.  This is NOT for the faint of heart.

I found virus programs on install disc from microsoft,  had Expensive AV software that failed at the worst time and Innocent users clicking on email attachments they thought were legitimate. 

How do I avoid spyware and virus activity, I changed to a MAC.  How can you protect yourself?  Run the updates to plug the holes, use an AV program and scan for spyware often.  I spent many hours retrieving documents that were critical and not backed up (another story).  Backup your "stuff".  The best thing I found was the suggested clean-reinstall, but that often had many problems of its own such as drivers, and software license lost.
Dave and Sue Fullerman
2014 Winnebago Tour
2012 Honda CRV
FMCA F7777D
from Ohio now full time

seilerbird

  • Guest
Re: "Windows Security Alert" virus
« Reply #29 on: May 10, 2011, 11:34:12 AM »
I caught this through corporate Sophos protection as well as Essentials AND Spyware Blaster.
And that is exactly why I don't use anti-virus programs. They are not 100% effective and they give you a false sense of security.
« Last Edit: May 10, 2011, 11:44:45 AM by seilerbird »

 

Hosted by Over The Network