1 2 Previous Next 13 Replies Latest reply on May 29, 2011 8:13 PM by newjack

    Malware protection

      Hello,

      I am having a problem with my pc. I have a security warning on my computer that a malicious program has been detected. I have mcafee Internet security and have done a full scan which detected no issues. I am not able to open anything on my pc. The message I get is that I am infected with w32/blaster.worm and it takes me to a malware protection site which costs $59.95/year. I am not very good with computers so am not sure if this is a scam or what to do next as I can't do anything on my pc (I have written this on my phone). Can anyone help?

        • 1. Re: Malware protection
          Jayadeep NR

          Let me know the Operating System and Service Pack installed on that computer.

           

          It seems your computer is infected with fake anti-virus infection. You may run the McAfee Stinger and Mbam and they may help you to remove infection.

           

          Run MCPR tool , restart thecomputer and re-install McAfee from McAfee account.

           

           

           

           

          on 29/5/11 4:40:28 PM IST
          • 2. Re: Malware protection
            k3tg

            This document from McAfee will assist you in resolving your issue

             

            Anti-Spyware, Malware & Hijacker Tools

             

            Good Luck

            • 3. Re: Malware protection
              Peter M

              Hi,

               

              Moved this to Malware Discussion > Home User Assistance.

               

              With an up to date machine Blaster should not even take hold, what operating system and service pack have you got on it?

               

              I suspect instead it's one of the many fake antimalware applcations that's floating around which bypass most antivirus applications.

               

              If you can't boot then try booting into Safe Mode with Networking (number 2 on the menu you will see after tapping F8 repeatedly while booting up)

               

              1st thing to try is to see if you can use System Restore to go back to before all this started happening.   It's found under Start/All Programs/Accessories (in Vista and Windows 7 look for System Tools).

               

              It can be initiated in that mode.  If successful, temporarily disable System Restore to delete the infected restore point.

               

              Try downloading and running the free version of MBAM as Jay has suggested but make sure you update it first.   It is one of the few tools that will install, update and run all in that mode.

               

              Message was edited by: Ex_Brit on 29/05/11 7:18:45 EDT AM
              • 4. Re: Malware protection

                Hi guys, thanks for the help, when I say I'm not good with computers I mean I know nothing about this sort of thing. I can use a spreadsheet and the Internet and that is it. I believe the operating system is windows and I have no idea what a service pack is? I just tried the system restore thing Peter suggested above and it said file rstrui.exe is infected by w32/blaster.worm

                • 5. Re: Malware protection
                  Peter M

                  As I said, try doing what I suggested in 'Safe Mode with Networking'.    Try option 2  - Malwarebytes. and don't forget to update it first.  It will install, update and run all in that mode.

                   

                  You can check your exact version of Windows including whatever service pack is installed by right-clicking Computer (My Computer in XP) and selecting 'Properties'.  It will tell you there.

                   

                  Copy that down and post it here in a reply please.

                   

                  A service pack is a major update that Microsoft issues for all operating systems from time to time to upgrade them to be compatible with newer software/hardware and to be more secure plus improve performance.

                  • 6. Re: Malware protection

                    Windows vista home premium, not sure what service pack is - is not obvious from that screen.

                     

                    I have booted up in safe mode with networking and it gives me a recommended restore point of last night which is when the problem originally occurred - should I choose a different restore point?

                    • 7. Re: Malware protection
                      Peter M

                      Yes an earlier one than that if possible.

                       

                      Then please visit Windows Update and it would appear that your system is no longer supported, either by Microsoft or McAfee.

                       

                      That window I pointed to should include something like the red circled item here:

                       

                      Capture.JPG

                       

                       

                      For more information see:

                       

                      Microsoft Support Ends July 12, 2011 For Vista SP1; Ended April 13/2010 For Vista (no SP's), July 13/2010 For XP (SP2* & Under) & Windows 2000 (Any SP)

                       

                      and

                       

                      Help with Installing Vista SP2

                       

                      After doing all that make sure that Windows Updates is turned on and set to receive updates for Windows and other products using Microsoft Update and that way your machine should more-or-less be kept up to date without too much fuss.

                       

                      I don't know what version of Internet Explorer you are using but that is another vulnerability.  You can tell by opening it and going to Help/About.   You should be using IE9.   That can be obtained through Windows Update using the settings I just recommended or a direct download from the IE website.

                       

                      You should also make sure that any browser add-ons are the latest versions, such as any toolbars you use, plus Java, Shockwave Flash etc. etc.

                       

                       

                       

                       

                       

                       

                       

                      .

                       


                       

                       

                       

                      Message was edited by: Ex_Brit on 29/05/11 10:49:48 EDT AM
                      • 8. Re: Malware protection
                        techrumy

                        erial n umber removed for security reasons"The message I get is that I am infected with w32/blaster.worm". It's a fake warning.

                        http://4.bp.blogspot.com/-uhA4-nvtwWE/Td6kUzF2ftI/AAAAAAAABeE/x9qH35KtlrU/w32blasterworm_alert.jpg

                        Jayadeep NR and Ex_Brit were right saying that "Malware Protection" is a fake anti-virus application. Reboot your computer in safe mode with networking and run a full system scan with Malwarebytes Antimalware or any other malware removal tool. For more information, please read this blog post: How to Remove "Malware Protection" (Uninstall Guide)

                         

                        Security code removed for possible risks - Moderator

                         

                         

                        Good luck!

                         

                        Message was edited by: Ex_Brit on 29/05/11 8:54:39 EDT PM
                        • 9. Re: Malware protection
                          Peter M
                          You can also use this serial Security code removed for possible risks - Moderator to register Security Center in order to stop the fake security alerts that are really annoying. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

                          To register what Security Center?   If you mean the fake antimalware one then that's simply cementing it in place on your machine, surely?  Where is that serial number from?

                           


                           

                          Message was edited by: Ex_Brit on 29/05/11 8:55:16 EDT PM
                          1 2 Previous Next