"System Security Warning"

“System Security Warning” since Norton installation, I get this message. Is this from Microsoft’s built in system of from AOL, and can I get rid of this warning. Is it superfluous now that I have Norton?

Thanks for the response.

 

I am using XP, Service Pack 3.

 

How do I send a "screen Shot?"

 

The messages always include an opportunity to purchase "System Security", a program with an icon of a shield with diagonal black & yellow stripes.  If that program doesn't belong on my hard drive, if safe, I would like to get rid of it, as I have Norton working for me.

“System Security Warning” since Norton installation, I get this message. Is this from Microsoft’s built in system of from AOL, and can I get rid of this warning. Is it superfluous now that I have Norton?

What Norton Product are you using, e.g. Norton Internet Security 2009?

 

Could you run LiveUpdate and Boot in to Safe Mode and do a Full System Scan, Dis-connected from the Internet.  Let us know the Result.

 

If the Norton Full System Scan does not Detect anything, please could you Download Malwarebytes' Anti-Malware, Install, Update, then Boot in to Safe Mode then do a Full Scan, Dis-connected from the Internet, of all Drives and then let us know this Results.  Thanks!

 

 

Malwarebytes' Anti-Malware for Windows: http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=contentBody;mostPopTwoColWrap&cdlPid=10984636.

 

How to Start your Computer in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam.

 

Message Edited by Floating_Red on 01-18-2009 03:59 PM

Hello Rohatyner,

 

If any part of the window looks like this, then you are infected with a rogue antispyware application.

 

 

Please follow Floating_Red's advice to run both a Norton and Malwarebytes Full System scan in SAFE MODE while disconnected from the internet.

 

If items are detected and resolved on the first scan, it is advisable to run the scans again.

 

This next step is optional but recommended. Delete your System Restore Points by turning off System Restore. Many infections will become embedded in your previous restore points - therein lies the possibility that they may return. Also you may find that the malware has already erased your restore points.

 

Restart your computer in Normal Mode and check how things are working.

 

Once you are completely sure your computer is clean, you can turn ON System Restore.

 

Please let us know how you do with this.

 

The Malaware Removal Bot is not free but wants me to register and purchase.  Is this supposed to improve upon and supercede my recently purchased Norton Internet Security 2009?


Rohatyner wrote:
The Malaware Removal Bot is not free but wants me to register and purchase.  Is this supposed to improve upon and supercede my recently purchased Norton Internet Security 2009?

 

This is a Mis-leading Application on your Computer.  Please do what I have suggested to do.

 

Malware RemovalBot is another rogue antispyware infection.

 

DO NOT register or click on anything!!!

 

Have you run the suggested scans?

 

[edit: duplicate suggestion- typing as Floating_Red was posting]

Message Edited by Phil_D on 01-18-2009 04:47 PM

I made a few mistakes, but ultimately successfully installed Malwarebytes, ran it, and it appears to have been completely successful. Thanks for your help, for which I'm very grateful.

 

I still have the question, what went wrong with my new Norton Internet Security 2009?  I thought it was going to be perfect protection.

 

Do I need to upgrade Malwarebytes to a paid plan?

 

By the way, I now have icons for "BluePhone, WikiTalk, Bytecrusher and SAVE$."  How do I get rid of these newly acquired items?

 

 

Hi Rohatyner,

 

First, if you still have strange icons you may not be rid of the infection. Run another full Norton Scan and Malwarebytes scan in safe mode while disconnected from the internet and see if more items are detected. I would also delete your System Restore points. If the icons are still there, try to delete them and see if they return.

 

Nothing went wrong with your NIS 2009.

 

Generally these types of infections are user initiated.

 

Someone may have clicked on a bogus ad or it may have come in bundled with something you downloaded.

 

You do not want to upgrade to the Malwarebytes paid program. It will run in realtime and will interfere with you Norton Program.

 

Let us know how you do.


Rohatyner wrote:

I made a few mistakes, but ultimately successfully installed Malwarebytes, ran it, and it appears to have been completely successful. Thanks for your help, for which I'm very grateful.

 

I still have the question, what went wrong with my new Norton Internet Security 2009?  I thought it was going to be perfect protection.

 

Do I need to upgrade Malwarebytes to a paid plan?

 

By the way, I now have icons for "BluePhone, WikiTalk, Bytecrusher and SAVE$."  How do I get rid of these newly acquired items?

 

 


 

What were the "few mistakes"?

 

It looks like you still have the Mis-leading Application still on your computer; if not all of it, parts of it are still on your computer, as Phil_D points out also.

 

Was the Scan in Safe Mode?  If not, please do it in Safe Mode because you really have to do it with this Infection.  And if it was not a Full Scan, please do the Full Scan in Safe Mode. 

 

It all goes on Virus Definitions; obvious, the Virus Definitions have not got the Latest Modifications.

 

No, you do not need to pay for Malwarebytes as you have N.I.S. 2009.  And yes, you can keep the Free Version of Malwarebytes on your computer because there is no Real-Time Protection.

 

Any Files you have, please Submit to symantec Security Response: https://submit.symantec.com/websubmit/retail.cgi.

 

Message Edited by Floating_Red on 01-18-2009 11:51 PM

How do I delete my system restore points?

 

Sorry for my limited knowledge.  My grandchildren can, no doubt, do it better!

Right click on My Computer, then click Properties.

 

Click on the System Restore Tab and check the box "Turn off System Restore on all drives".

 

Click Apply and Ok.  You will get a warning that all Restore Points will be deleted.

Hi

 

Symantec knows about Malware Removal Bot, I have had fun,  But Norton won't detect it as Symantec say nothing is wrong with it, it's legit

Unless we are talking about another malware Removal Bot 

 

 

 

Quads 

Message Edited by Quads on 01-19-2009 01:19 PM

I followed all of the instructions I was given, I now have the right program installed and working, and all seems well.  Thank you very much for your interest.

I did it all, as instructed, and now seem to have no major intruders, according to Norton and Malwarebytes, but the strange icons when Windows Internet Explorer is open persist. It was suggested that I try to simply delete them.  A right click doesn't reveal a delete option, and a left click opens their windows.  How can I try to delete them?

 

If Malwarebytes doesn't run in realtime, does that mean that it (and Norton?) are not working and watching in the background?  Do I have to run scans whenever I finish with the Internet?

 

Having "Turn(ed) Off System Restore", do I now have to turn it on again?

Unfortunately it sounds like you are still infected.

 

You should download and run the HijackThis utility and create a log and then post the log here. It will show where the problem is. Do not do anything other than create the log file.

 

The link I gave you for HijackThis has a video tutorial which should help you with creating the log.

This is the result....

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:46 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/43.10/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228075244609
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrivePlugin -  Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

--
End of file - 9743 bytes

Hi

 

Start Hijackthis again and tick (check) these entries.

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup    (Not needed on startup)

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start  (Not needed on startup)

O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\dssagent.exe    (seen as a security risk)

O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot    (MalwareRemovalBot)

O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe  (Not needed on startup)

 

Now click "Fix Checked"

 

Now restart your PC.  In the add and remove programs you will find MalwareRemovalBot.

 

You have a few toolbars like the Ask bar, if you wanted it., so if they are still there after that can you please do a screenshot of what you are looking at in IE??

 

You can also download SuperAntispyware Free, Install, update definitions then do a full scan. 

 

Quads 

 

 

I used Hijackthis, and then Superantispyware, and followed all the prompts, and made the deletions you and they suggested, but the icons on my IE persist.

 

How do I send a "screen shot?"