Not sure if infected or not

Akpsp

New Member
Messages
4
Hey fellas, I have this thing im worried about. While browsing the internet a new tab opened up on its own and a website loaded, a page with a Microsoft security essentials saying I have potential viruses on my computer. From what im reading MSE is not installed on windows 8 and windows defender is the antivirus on windows 8.I've tried to keep windows 8 updated but my slow internet speeds are keeping me from doing so. I've managed to update windows defender, I also downloaded and updated malware bytes and spybot search and destroy and updated those, booted into safe mode and ran scans but nothing came up on the scan results. I've managed to get a few screenshots of this webpage I was talking about.
 

Attachments

  • viruswebpage.png
    viruswebpage.png
    43.6 KB · Views: 283

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    Acer
Welcome to EightForums, Akpsp.

Perhaps it's something new not yet updated in the Defener database. What site were you on that this appeared? Maybe you might report it to MS.
 
Last edited:

My Computer

System One

  • OS
    8.1 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Acer T690
    CPU
    Intel Pentium D Dual Core
    Motherboard
    Acer/Intel E946GZ
    Memory
    2GB (max upgrade)
    Graphics Card(s)
    Intel Graphics Media Accelerator 3000 - PCI Express x16
    Sound Card
    Integrated RealTek ALC888 high-definition audio with 7.1 channel audio support
    Monitor(s) Displays
    Acer AL1917W A LCD
    Screen Resolution
    1440 X 900
    Hard Drives
    350 GB Seagate Barracuda 7200.10
    Thumb drives
    PSU
    Standard 250 watt
    Case
    Desktop 7.2" (183mm) W x 17.5" (445mm) L x 14.5"
    Cooling
    Dual case fans + CPU fan
    Keyboard
    Acer Windows PS/2
    Mouse
    Wireless Microsoft Arc
    Internet Speed
    54mbp/s
    Browser
    IE11
    Antivirus
    Defender
    Other Info
    Office Pro 2013 / Nokia Lumia 1520 Windows Phone 8.1DP GDR1
No...MSE is not...it's been rebranded as Defender. It's just windows 8 version of MSE and is completely safe. I would use Defender to remove those infections, immediately.

When running those scans in safe mode, did you just run the quick scan or the full scan. The full scan is the preferred method while in safe mode. If you haven't, I would re-run them as full scans, be prepared as this will take some time to run each one.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom build
    CPU
    AMD Phenom II X 4 965 BE
    Motherboard
    Gigabyte GA-MA790X-DS4
    Memory
    G-Skill 8 GB PC 8500
    Graphics Card(s)
    AMD XFX HD Radeon 6790D
    Sound Card
    Realtek HD onboard
    Monitor(s) Displays
    2l Samsung SyncMaster S20B300
    Screen Resolution
    1600 X 900
    Hard Drives
    Seagate Barracuda 320 GB w/OS
    Seagate Barracuda 1 TB data storage
    PSU
    Ultra X4 750 watt fully modular
    Case
    Thermaltake OverSeer RX 1 fulltower
    Cooling
    Cooler Master Hyper212 120mm
    Keyboard
    Logitech G510
    Mouse
    Razor DeathAdder 3.5
@bassfisher I ran full scans with malware bytes and windows defender. Still no virus showed up.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    Acer
Looking at your picture again...it looks like that webpage is showing you the error and not windows defender. Or is it a pop up on top of that webpage you have open?
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom build
    CPU
    AMD Phenom II X 4 965 BE
    Motherboard
    Gigabyte GA-MA790X-DS4
    Memory
    G-Skill 8 GB PC 8500
    Graphics Card(s)
    AMD XFX HD Radeon 6790D
    Sound Card
    Realtek HD onboard
    Monitor(s) Displays
    2l Samsung SyncMaster S20B300
    Screen Resolution
    1600 X 900
    Hard Drives
    Seagate Barracuda 320 GB w/OS
    Seagate Barracuda 1 TB data storage
    PSU
    Ultra X4 750 watt fully modular
    Case
    Thermaltake OverSeer RX 1 fulltower
    Cooling
    Cooler Master Hyper212 120mm
    Keyboard
    Logitech G510
    Mouse
    Razor DeathAdder 3.5
@bassfisher, yes it was the webpage that was showing the error.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    Acer
Akpsp,

Let's see what your system shows with the following short scan...

Please download RogueKiller:
Download RogueKiller (Official website)

Select the version applicable to your system.
Click the dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.
Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.
 

My Computer

System One

  • OS
    Windows 8 Home Premium 64-bit
It found two in the registry entries.



RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : James [Admin rights]
Mode : Scan -- Date : 03/07/2013 13:14:56
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST980811AS +++++
--- User ---
[MBR] 5d195bd1b0894b6903c912a667e69597
[BSP] 54d7374d4de360071719ecebfe5baf46 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76216 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03072013_02d1314.txt >>
RKreport[1]_S_03072013_02d1314.txt
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    Acer
@bassfisher, yes it was the webpage that was showing the error.


That tells me it's more than likely a hoax, trying to get you to click on their link to run the "FAKE" defender scan. Which is the the infection and will infect your system if you do click on it. If it was defender it would give you a pop up in the bottom right corner that would be ontop of the open window. There are plenty of "FAKE" anti virus and malware software out there that comes real close to looking like the real software. You can run a few scans for rootkits.


How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom build
    CPU
    AMD Phenom II X 4 965 BE
    Motherboard
    Gigabyte GA-MA790X-DS4
    Memory
    G-Skill 8 GB PC 8500
    Graphics Card(s)
    AMD XFX HD Radeon 6790D
    Sound Card
    Realtek HD onboard
    Monitor(s) Displays
    2l Samsung SyncMaster S20B300
    Screen Resolution
    1600 X 900
    Hard Drives
    Seagate Barracuda 320 GB w/OS
    Seagate Barracuda 1 TB data storage
    PSU
    Ultra X4 750 watt fully modular
    Case
    Thermaltake OverSeer RX 1 fulltower
    Cooling
    Cooler Master Hyper212 120mm
    Keyboard
    Logitech G510
    Mouse
    Razor DeathAdder 3.5
Akpsp,

Have confirmed that this is a FAKE Microsoft Security Essentials alert.

This type of alert is appearing as a result, and yours is too close for comfort:

fake-ms-security-essentials-400x397.jpg



For starters, please download rKill.exe:
http://www.bleepingcomputer.com/download/rkill/dl/10/
Save to the Desktop.

If rkill.exe does not run, then download and try to run iExplore.exe (renamed RKill.exe):
Downloading RKill

You only need to get one of these to run.

If your antivirus warns you about this tool, ignore the warning, or temporarily disable your antivirus.

Right-click on the downloaded file and select: Run as Administrator
A black DOS box briefly flashes and then disappear. This is normal and indicates the tool ran successfully.

If rkill.exe does not run, delete the file, then download and use: iExplore.exe
http://www.bleepingcomputer.com/download/rkill/dl/11/

Do not reboot until instructed.

When the scan is done Notepad opens with the RKill report.

Please post the RKill report in your reply.

>>> Do not reboot your computer after running RKill as the malware starts again!!

Next, please download Malwarebytes Anti-Malware (MBAM):Downloading Malwarebytes Anti-Malware
Save to the Desktop.

If you already installed MBAM, launch the program.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you. Permit the program to allow the changes, or, temporarily disable:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

When MBAM starts, you are asked to update the program.
Press OK, and continue.

On the Scanner tab:
Select the Perform Quick Scan option.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.

Next, click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When finished, a message box shows: The scan completed successfully. Click 'Show Results' to display all objects found.
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.

Make sure everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
The log is also automatically saved and can be viewed by clicking the Logs tab.

Please provide the entire contents of the MBAM report in your reply.

Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to do this, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.


Note: If the infection blocks the downloading of MBAM, use a clean computer, rename the executable file to AlaskaAM at the time you download it, and place it on a USB flash drive. Then, plug in the USB flash drive into your computer, move the program to the Desktop, and see if you can run it.

It your Desktop gets locked, post back, and we will work around it.
 

My Computer

System One

  • OS
    Windows 8 Home Premium 64-bit
Yep, that's "fake AV" and the popup is definitely bogus, but you already know that. I hope MalwareBytes can clean it up for you. You may also want to run CCleaner right after MalwareBytes to be sure it's out of the registry...
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
azasadny,

This topic has probably turned into information for any person with afuture problem of this nature.

Akpsp has not replied in a week!!
 

My Computer

System One

  • OS
    Windows 8 Home Premium 64-bit
Thanks, i noticed that after I posted. Most of these people ask questions, then leave and never let us know if the suggested "fix" really worked...
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Back
Top