About a week ago a problem appeared on my computer (HP Pavilion g6, with Windows 7 and Win Defender originals, and Microsoft Security Essential anti-virus installed by me later)
I don't know how, a new program "anti-virus Security Pro" appeared (with no uninstall option); When I tried to remove it blocked everything; a friend pulled back on battery cover and unblocked; Then, I uninstalled MSE and installed Avast Free anti-virus and also CCleaner;
But such anti-virus Security Pro continued in my program list, and unfortunately my friend couldn't help you anymore;
That's why I asked for help in the Microsoft Community Forum;
Someone (which I will identify as "the ANALIST") responded and has been suggesting tips; However I started studying the subject and started getting scared that these tips could somehow be even more be unhelpful;
He has always responded very quickly, sometimes the tools he suggests I use, are downloaded directly from his post; I want to believe I'm actually being helped, but ...
Can you tell me, please, if these procedures are correct or if they have something weird? (I write from Portugal, so excuse my French)
Here is a diary of the suggestions that have been sending and I went running;
________________________________________
23 Nov. THE ANALIST
Anti-virus Security Pro is a rogue (a virus that disguises itself as a security program in order to infect the computer of the people). To resolve this problem do the following:
* start the PC in safe mode with networking (press F8 (or the F5 key on some computers) repeatedly when the computer is booting and choosing the option safe mode with networking. After this, just follow the tips in this tutorial below to remove "Antivirus Security Pro":
Block the processes of malwares and viruses using Rkill
In this tutorial is taught to use the Rkill to block the process of virus. After this is shown how to use Malwarebytes, Dr.Web CureIt, Kaspersky Virus Removal Tool, Norman Malware Cleaner, Nod32 Online and Super Antispyware to remove viruses and malware that are on your PC. Can use them peacefully, just disable temporarily your antivirus resident protection. And after the problems have been resolved you can uninstall all of these tools used in cleaning and return with your protection you already have. After this tell us, please, if the problem was solved. We are on hold.
________________________________________
ME:
I tried to start the win (Windows 7) in safe mode with networking, but appeared a Blackboard with "start programs" and wait at the bottom on the left... and it stayed that way for a very long time! I ended giving up and turned off (which was almost kill!) It is normal for the safe mode taking so long to start?
________________________________________
ANALIST:
Usually is quick to start this mode, must be the virus that is causing the delay. In this case, you can try downloading and running the Rkill in normal mode of Windows. And then you just go by following the tips of the tutorial that I passed earlier.
________________________________________
27 Nov ME:
I Installed the RKill and did a full scan with Avast free anti-virus, which found 10 threats of high severity (Win 32: Rootkit-gen (RTK); 6 files with Win 32: Dofoil-Ej (Trj); Win 32: Malware-gen; JS: Agent-CFl (Expl); Other: Malware-gen (Trj):
Then I did a full scan with Windows Defender, which found no threat;
Then run with Cclener who found some issues;
And also a full scan with Malwarebytes, which found a Hijack. security (cat. Registry value).
The anti-virus Security pro continues in the program column, although the computer was working normally, (apparently) although maybe a little slow.
About the problems that the Avast and Malwarebytes found, they are in their quarantines; the Cceaner cleaned;
Then, I tried downloading the Dr Web Curelt but before he could run and save the file he began doing a scan (with the screen spleen, like some sort of protection); found no threats;
Then I downloaded the Kaspery virus removal tool; I ordered a complete check, that it gave for 1 day; After a few hours he bloqued in 3% ; until then, it had found 8 threats, (Trojan program HEUR), that were to quarantine.
________________________________________
28 Nov. ANALIST
* Download the HijackThis: http://download.bleepingcomputer.com...HijackThis.exe * run it and click on the Main Menu.
* On the next screen that appears, click Do a system scan and save a logfile.
* A report will be presented - Select all the content of this report, copy (Ctrl + c), go back to your topic and paste (Ctrl + v) so that it can be analyzed. (Note: If the malware block Hijackthis use the rkill to unlock.)
________________________________________
28 Nov ME:
I followed all the instructions and sent the report.
P.S. Now, when I turn on the computer, It appear a window with the message: "Windows cannot find 4152327.exe. Make sure you wrote the name correctly and then try again"
________________________________________
29 Nov. ANALIST
Download the Farbar Recovery Scan Tool and save it in the Desktop.
* Click with the right mouse button in the FRST and select "run as Administrator".
* Accept the agreement, click "Scan" and click "OK" > "OK".
* After this, host the FRST.txt and Addition.txt reports of the Desktop on the site: Wikisend: free file sharing service
and then post here in your topic, the links of these 2 files hosted for examination.
________________________________________
ME
I followed all the instructions and sent the report. (Upload from wikisend and log in my post)
________________________________________
30 Nov. ANALIST
Download the fixlist.txt file in this link below and save it in the same folder where is the FRST
http://wikisend.com/download/.../fixlist.txt
* Click the right mouse button in the FRST and select run as Administrator.
* Click [Fix] and post the Fixlog.txt report created on the Desktop
* Download the tool Farbar Service Scanner ( from Farbar) and save it in Desktop.
* Run it, select all options and click [Scan]
* also post the report FSS.txt, located on the Desktop.
________________________________________
01 Dez. ME
I followed all the instructions and I sent the report.
* The anti-virus Security Pro finally disappeared from the programs listed!!!
* The message "Windows cannot find 4152327.exe Make sure you wrote the name correctly and then try again" keeps showing up when I turn on the computer.
* the virus that Avast as Kaspersky and Malwarebytes found remain in quarantined....I don't know if I delete them I'll definitely delete some important files in the computer?
* And what to do with all these executables that I was downloading?
________________________________________
ANALIST:
About these files and tools that we are using in cleaning your PC, you can rest that at the end we will remove everything.
* Download the fixlist.txt file in the link below and save it in the same folder where is the FRST
http://wikisend.com\download\...\fixlist.txt
* Click the right mouse button in the FRST and select run as Administrator.
* Click [Fix] and save the Fixlog.txt report created on the Desktop.
* Download the tool OTL and save it in Desktop.
* Click the right mouse button in the FRST and select run as Administrator.
* Select
Check All Users
Ignore Microsoft files
Check Lop
Check Purity
*Clik [Scan] and wait the end of the process.
*Post the reports OTL.txt e Extras.txt e Fixlog.txt located on Desktop.
* Obs. As these reports are certainly very large, just access the same site that you accessed prior to host the reports requested and then you only need to cite here the links of these reports hosted:
Wikisend: free file sharing service
________________________________________
ME
I followed all the instructions and I sent the report.
________________________________________
02 Dez. ANALIST:
Run the OTL, copy and paste the lines below, in the space below Custom Scans/fixes
:OTL
O4 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found
O4 - Startup: C:\Users\user name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk = C:\Users\user name\AppData\Local\Temp\_uninst_55769330.bat ()
[2013-11-27 19:38:33 | 000,001,020 | ---- | M] () -- C:\Users\user name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk
:Commands
[emptytemp]
*Clik [Fix]
*Clik [OK] to restart PC
* When you restart, if UAC is active, will display a window of Windows Security Warning asking if you want to run the OTL. Click [Run].
* send the report in C:\_OTL\MovedFiles\ month day year day minutes seconds.log for the site
Wikisend: free file sharing service and post here in your topic the link to be analyzed.
I don't know how, a new program "anti-virus Security Pro" appeared (with no uninstall option); When I tried to remove it blocked everything; a friend pulled back on battery cover and unblocked; Then, I uninstalled MSE and installed Avast Free anti-virus and also CCleaner;
But such anti-virus Security Pro continued in my program list, and unfortunately my friend couldn't help you anymore;
That's why I asked for help in the Microsoft Community Forum;
Someone (which I will identify as "the ANALIST") responded and has been suggesting tips; However I started studying the subject and started getting scared that these tips could somehow be even more be unhelpful;
He has always responded very quickly, sometimes the tools he suggests I use, are downloaded directly from his post; I want to believe I'm actually being helped, but ...
Can you tell me, please, if these procedures are correct or if they have something weird? (I write from Portugal, so excuse my French)
Here is a diary of the suggestions that have been sending and I went running;
________________________________________
23 Nov. THE ANALIST
Anti-virus Security Pro is a rogue (a virus that disguises itself as a security program in order to infect the computer of the people). To resolve this problem do the following:
* start the PC in safe mode with networking (press F8 (or the F5 key on some computers) repeatedly when the computer is booting and choosing the option safe mode with networking. After this, just follow the tips in this tutorial below to remove "Antivirus Security Pro":
Block the processes of malwares and viruses using Rkill
In this tutorial is taught to use the Rkill to block the process of virus. After this is shown how to use Malwarebytes, Dr.Web CureIt, Kaspersky Virus Removal Tool, Norman Malware Cleaner, Nod32 Online and Super Antispyware to remove viruses and malware that are on your PC. Can use them peacefully, just disable temporarily your antivirus resident protection. And after the problems have been resolved you can uninstall all of these tools used in cleaning and return with your protection you already have. After this tell us, please, if the problem was solved. We are on hold.
________________________________________
ME:
I tried to start the win (Windows 7) in safe mode with networking, but appeared a Blackboard with "start programs" and wait at the bottom on the left... and it stayed that way for a very long time! I ended giving up and turned off (which was almost kill!) It is normal for the safe mode taking so long to start?
________________________________________
ANALIST:
Usually is quick to start this mode, must be the virus that is causing the delay. In this case, you can try downloading and running the Rkill in normal mode of Windows. And then you just go by following the tips of the tutorial that I passed earlier.
________________________________________
27 Nov ME:
I Installed the RKill and did a full scan with Avast free anti-virus, which found 10 threats of high severity (Win 32: Rootkit-gen (RTK); 6 files with Win 32: Dofoil-Ej (Trj); Win 32: Malware-gen; JS: Agent-CFl (Expl); Other: Malware-gen (Trj):
Then I did a full scan with Windows Defender, which found no threat;
Then run with Cclener who found some issues;
And also a full scan with Malwarebytes, which found a Hijack. security (cat. Registry value).
The anti-virus Security pro continues in the program column, although the computer was working normally, (apparently) although maybe a little slow.
About the problems that the Avast and Malwarebytes found, they are in their quarantines; the Cceaner cleaned;
Then, I tried downloading the Dr Web Curelt but before he could run and save the file he began doing a scan (with the screen spleen, like some sort of protection); found no threats;
Then I downloaded the Kaspery virus removal tool; I ordered a complete check, that it gave for 1 day; After a few hours he bloqued in 3% ; until then, it had found 8 threats, (Trojan program HEUR), that were to quarantine.
________________________________________
28 Nov. ANALIST
* Download the HijackThis: http://download.bleepingcomputer.com...HijackThis.exe * run it and click on the Main Menu.
* On the next screen that appears, click Do a system scan and save a logfile.
* A report will be presented - Select all the content of this report, copy (Ctrl + c), go back to your topic and paste (Ctrl + v) so that it can be analyzed. (Note: If the malware block Hijackthis use the rkill to unlock.)
________________________________________
28 Nov ME:
I followed all the instructions and sent the report.
P.S. Now, when I turn on the computer, It appear a window with the message: "Windows cannot find 4152327.exe. Make sure you wrote the name correctly and then try again"
________________________________________
29 Nov. ANALIST
Download the Farbar Recovery Scan Tool and save it in the Desktop.
* Click with the right mouse button in the FRST and select "run as Administrator".
* Accept the agreement, click "Scan" and click "OK" > "OK".
* After this, host the FRST.txt and Addition.txt reports of the Desktop on the site: Wikisend: free file sharing service
and then post here in your topic, the links of these 2 files hosted for examination.
________________________________________
ME
I followed all the instructions and sent the report. (Upload from wikisend and log in my post)
________________________________________
30 Nov. ANALIST
Download the fixlist.txt file in this link below and save it in the same folder where is the FRST
http://wikisend.com/download/.../fixlist.txt
* Click the right mouse button in the FRST and select run as Administrator.
* Click [Fix] and post the Fixlog.txt report created on the Desktop
* Download the tool Farbar Service Scanner ( from Farbar) and save it in Desktop.
* Run it, select all options and click [Scan]
* also post the report FSS.txt, located on the Desktop.
________________________________________
01 Dez. ME
I followed all the instructions and I sent the report.
* The anti-virus Security Pro finally disappeared from the programs listed!!!
* The message "Windows cannot find 4152327.exe Make sure you wrote the name correctly and then try again" keeps showing up when I turn on the computer.
* the virus that Avast as Kaspersky and Malwarebytes found remain in quarantined....I don't know if I delete them I'll definitely delete some important files in the computer?
* And what to do with all these executables that I was downloading?
________________________________________
ANALIST:
About these files and tools that we are using in cleaning your PC, you can rest that at the end we will remove everything.
* Download the fixlist.txt file in the link below and save it in the same folder where is the FRST
http://wikisend.com\download\...\fixlist.txt
* Click the right mouse button in the FRST and select run as Administrator.
* Click [Fix] and save the Fixlog.txt report created on the Desktop.
* Download the tool OTL and save it in Desktop.
* Click the right mouse button in the FRST and select run as Administrator.
* Select
Check All Users
Ignore Microsoft files
Check Lop
Check Purity
*Clik [Scan] and wait the end of the process.
*Post the reports OTL.txt e Extras.txt e Fixlog.txt located on Desktop.
* Obs. As these reports are certainly very large, just access the same site that you accessed prior to host the reports requested and then you only need to cite here the links of these reports hosted:
Wikisend: free file sharing service
________________________________________
ME
I followed all the instructions and I sent the report.
________________________________________
02 Dez. ANALIST:
Run the OTL, copy and paste the lines below, in the space below Custom Scans/fixes
:OTL
O4 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found
O4 - Startup: C:\Users\user name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk = C:\Users\user name\AppData\Local\Temp\_uninst_55769330.bat ()
[2013-11-27 19:38:33 | 000,001,020 | ---- | M] () -- C:\Users\user name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk
:Commands
[emptytemp]
*Clik [Fix]
*Clik [OK] to restart PC
* When you restart, if UAC is active, will display a window of Windows Security Warning asking if you want to run the OTL. Click [Run].
* send the report in C:\_OTL\MovedFiles\ month day year day minutes seconds.log for the site
Wikisend: free file sharing service and post here in your topic the link to be analyzed.