Good morning everyone,
At around 4:38 a.m. (U.S. EST) today, 5/4/2011, while reading one of the periodic emails I receive from the Virginia State Lottery (in my Hotmail account), my screen went blank, then some dialog box opened stating something to the effect of a "tab being recovered." Within about 20 seconds after my email was again displayed, the screen began slowly scrolling downward to display my Desktop screen. (This re-direction has happened on the two previous occasions when my computer has been hit with malware).
As soon as I could see the Malwarebytes icon, I immediately clicked on it to perform a full scan...suspecting I was being infected by yet another fake anti-malware program. (This is the 3rd infection in 5 weeks now). On this occasion, the infection generated a red shield with an "x" in it in the taskbar, and a dialog box opened stating my "Automatic Updates" was turned off. While the Malwarebytes scan was running, this malware began opening up multiple dialog boxes with all the usual "scare threats"...that my computer was infected, etc, etc. The malware name at the top of the dialog box this time was, "XP Internet Security 2011."
Upon completion of the Malwarebytes scan, the log revealed a total of 11 infections...which I have attached a printout of what it found. I am quite concerned at this point since on the two prior occasions when I have been infected (once while on a website, and the other when reading an email from a trusted U.S. Government source), Malwarebytes found only 3 Trojans. It appears that this particular malware is more vicious than before since (as you will note on the printout), it is now affecting registry items as well.
The Malwarebytes report stated some items could not be removed and to do a restart...which I did. However, I found that my Microsoft Automatic Updates function was still not active (i.e.the red shield with the "x" in it was still present in the taskbar). I went in to the Control Panel to check the Automatic Updates status...and it was shown as being set properly, but the Security Center continued to indicate it was off. I repeatedly tried to turn-on the Automatic Updates function...to no avail.
After going to Microsoft's website to attempt and initiate the "Express Updates", an error code (Ox80070424) was returned indicating there was a problem and the updates could not be installed. I then submitted a support request ticket for this issue. I did try one last option though...by doing a System Restore to a point 24 hours earlier, then doing a 2nd restart. This seems to have resolved the problem with the Automatic Updates malfunction.
I would appreciate any feedback from the community...particularly after reviewing the copy of the Malwarebytes log showing what was discovered during the full scan. This continuing increase in both the frequency of malware infections & the "depth of intrusion" is becoming very concerning to me. Is McAfee doing ANYTHING to try and address issues of this severity?
Thanks very much for your time and any feedback. (If I've placed this article in the wrong place...please pardon me)
Solved! Go to Solution.
Please do the following, so I can assess the situation,
Download Security Check from http://screen317.spywareinfoforum.org/SecurityCheck.exe,
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
I followed your instructions Conor, but as I am not a computer whiz per se...I haven't the faintest idea of how to post the file which is in the "My Documents" folder containing the info you asked for. I've tried a copy and paste...which does not work, so could you please explain in more detail just HOW I can post that file here for you to see?
Does both ways of Copy and paste not work? e.g Highlight and Control and C? And Highlighting and right clicking, then selecting copy?
What are you using to open it with?
I used the latter method...highlighting, right-clicking, then selecting copy. But when I log back on here, and attempt to paste the file...some small box opens in this reply area with 4 options, saying something like, "include link", "include image" etc. Nothing I try seems to work.
What about just pasting it into the box, instead of trying to include links, or images?
Highlight + Right click > Sign into McAfee forums > Quick reply, right click and paste?
I've tried every way I can think of Conor...opening the file with Notepad, Wordpad, copy and pasting every which way my limited mentality can think of...all to no avail. I think it's just best to forget the whole blasted mess altogether! But, thanks for your efforts anyway.
What about taking a picture of the log, like the one in your original post,
But depending on your computer, you can use Print Screen (which is usually next to F12) And paste it into Paint, then save it and upload it as an image here?
Hey again Conor,
Well...here is the file I managed to get here using mspaint. The print is so small...I don't know if you will even be able to read it. Let me know what you think. Thanks again for your time and help!
Your Java is very out of date, that is probably why you have gotten infected with the Fake Anti Viruses...
Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):
Java™ 6 update 21 (and any another other versions)
Adobe Reader 9.4.4 (and any other versions)
Restart your computer.
The check is telling me that McAfee's on access scanning is disabled, is this right?