Windows 8 and 8.1 Forums

Not sure if infected or not

  1. #1

    Posts : 4
    Windows 8

    Not sure if infected or not

    Hey fellas, I have this thing im worried about. While browsing the internet a new tab opened up on its own and a website loaded, a page with a Microsoft security essentials saying I have potential viruses on my computer. From what im reading MSE is not installed on windows 8 and windows defender is the antivirus on windows 8.I've tried to keep windows 8 updated but my slow internet speeds are keeping me from doing so. I've managed to update windows defender, I also downloaded and updated malware bytes and spybot search and destroy and updated those, booted into safe mode and ran scans but nothing came up on the scan results. I've managed to get a few screenshots of this webpage I was talking about.
    Attached Thumbnails Attached Thumbnails viruswebpage.png  

      My System SpecsSystem Spec

  2. #2

    Welcome to EightForums, Akpsp.

    Perhaps it's something new not yet updated in the Defener database. What site were you on that this appeared? Maybe you might report it to MS.
    Last edited by HippsieGypsie; 07 Mar 2013 at 15:45.
      My System SpecsSystem Spec

  3. #3

    No...MSE is's been rebranded as Defender. It's just windows 8 version of MSE and is completely safe. I would use Defender to remove those infections, immediately.

    When running those scans in safe mode, did you just run the quick scan or the full scan. The full scan is the preferred method while in safe mode. If you haven't, I would re-run them as full scans, be prepared as this will take some time to run each one.
      My System SpecsSystem Spec

  4. #4

    Posts : 4
    Windows 8

    @bassfisher I ran full scans with malware bytes and windows defender. Still no virus showed up.
      My System SpecsSystem Spec

  5. #5

    Looking at your picture looks like that webpage is showing you the error and not windows defender. Or is it a pop up on top of that webpage you have open?
      My System SpecsSystem Spec

  6. #6

    Posts : 4
    Windows 8

    @bassfisher, yes it was the webpage that was showing the error.
      My System SpecsSystem Spec

  7. #7

    Posts : 38
    Windows 8 Home Premium 64-bit


    Let's see what your system shows with the following short scan...

    Please download RogueKiller:
    Download RogueKiller (Official website)

    Select the version applicable to your system.
    Click the dark-blue button to download.
    Save to the Desktop.

    Close all windows and browsers.
    Right-click and select: Run as Administrator

    At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
    press: SCAN

    When done, a report opens on the Desktop: RKreport.txt

    Please provide the RKreport.txt (Mode: Scan) in your reply.
      My System SpecsSystem Spec

  8. #8

    Posts : 4
    Windows 8

    It found two in the registry entries.

    RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK
    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : James [Admin rights]
    Mode : Scan -- Date : 03/07/2013 13:14:56
    | ARK || FAK || MBR |
    Bad processes : 0
    Registry Entries : 2
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    Particular Files / Folders:
    Driver : [NOT LOADED]
    HOSTS File:
    --> C:\WINDOWS\system32\drivers\etc\hosts

    MBR Check:
    +++++ PhysicalDrive0: ST980811AS +++++
    --- User ---
    [MBR] 5d195bd1b0894b6903c912a667e69597
    [BSP] 54d7374d4de360071719ecebfe5baf46 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76216 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_03072013_02d1314.txt >>
      My System SpecsSystem Spec

  9. #9

    Quote Originally Posted by Akpsp View Post
    @bassfisher, yes it was the webpage that was showing the error.

    That tells me it's more than likely a hoax, trying to get you to click on their link to run the "FAKE" defender scan. Which is the the infection and will infect your system if you do click on it. If it was defender it would give you a pop up in the bottom right corner that would be ontop of the open window. There are plenty of "FAKE" anti virus and malware software out there that comes real close to looking like the real software. You can run a few scans for rootkits.

    How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
      My System SpecsSystem Spec

  10. #10

    Posts : 38
    Windows 8 Home Premium 64-bit


    Have confirmed that this is a FAKE Microsoft Security Essentials alert.

    This type of alert is appearing as a result, and yours is too close for comfort:

    For starters, please download rKill.exe:
    Save to the Desktop.

    If rkill.exe does not run, then download and try to run iExplore.exe (renamed RKill.exe):
    Downloading RKill

    You only need to get one of these to run.

    If your antivirus warns you about this tool, ignore the warning, or temporarily disable your antivirus.

    Right-click on the downloaded file and select: Run as Administrator
    A black DOS box briefly flashes and then disappear. This is normal and indicates the tool ran successfully.

    If rkill.exe does not run, delete the file, then download and use: iExplore.exe

    Do not reboot until instructed.

    When the scan is done Notepad opens with the RKill report.

    Please post the RKill report in your reply.

    >>> Do not reboot your computer after running RKill as the malware starts again!!

    Next, please download Malwarebytes Anti-Malware (MBAM):Downloading Malwarebytes Anti-Malware
    Save to the Desktop.

    If you already installed MBAM, launch the program.

    MBAM may make changes to the Registry as part of its disinfection routine.
    If using other security programs that detect Registry changes, they may interfere or alert you. Permit the program to allow the changes, or, temporarily disable:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs -

    When MBAM starts, you are asked to update the program.
    Press OK, and continue.

    On the Scanner tab:
    Select the Perform Quick Scan option.
    Then click on the Scan button.

    If asked to select the drives to scan, leave all the drives selected.

    Next, click on the Start Scan button.

    The scan may take some time to complete, so please be patient.

    When finished, a message box shows: The scan completed successfully. Click 'Show Results' to display all objects found.
    Click OK to close the message box and continue with the removal process.

    Back at the main Scanner screen:
    Click on the Show Results button to see a list of any malware found.

    Make sure everything is checked, and click: Remove Selected

    When removal is completed, a report opens in Notepad.
    The log is also automatically saved and can be viewed by clicking the Logs tab.

    Please provide the entire contents of the MBAM report in your reply.

    Exit MBAM when done.

    Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to do this, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

    Note: If the infection blocks the downloading of MBAM, use a clean computer, rename the executable file to AlaskaAM at the time you download it, and place it on a USB flash drive. Then, plug in the USB flash drive into your computer, move the program to the Desktop, and see if you can run it.

    It your Desktop gets locked, post back, and we will work around it.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
Not sure if infected or not

Similar Threads
Thread Forum
My Google page changed, think I got infected - Please help
I got a brand new laptop yesterday, spent the entire night transfering all files, installing all apps/updates and unninstalling bloatware (unninstalled McAfee that came with the laptop and installed Bitdefender). In the middle of all this, I went to open Chrome and suddently I noticed my Google...
System Security
Firefox infected, scan report says:
I scanned my computer with Adwcleaner in safe mode because adwcleaner wouldn't run otherwise, and the report is below. Neither Malwarebytes Pro or Hitman Pro finds anything, and after Adwcleaner says it has put the objects in quarantine and reboots the computer, the objects are back when I do...
System Security
PC infected with XTreme Rat
Hi, I recently installed AVG on the family computer and ran a virus scan, which came up with a few problems. The biggest one was that the computer was infected with the XTreme RAT trojan. This has been removed, but looking at the capabilities a RAT gives I would like to see what damage has...
System Security
cleaning infected html, zip/rar files?
Hi everyone. I am transferring my files from my old laptop to my new Windows 8 laptop, then hopefully in the near future onto an external hard drive. However, Norton Internet Security identified a lot of them as being infected by Ramnit and other pleasant stuff. Most of them are html files,...
System Security

Eight Forums Android App Eight Forums IOS App Follow us on Facebook