Jump to content

  • Welcome!

    Register and log in easily with Twitter or Google accounts!

    Or simply create a new Huddle account. 

    Members receive fewer ads , access our dark theme, and the ability to join the discussion!

     

Security Shield Rogueware

lightsout

By lightsout,
in Huddle Lounge

Recommended Posts

lightsout Grand Master

lightsout

Posted
Posted

So, this thing popped up about 30 minutes ago. I hit the "x" in the corner because I didn't recognize it. Then it said my computer found all these viruses and whatnot. I ran Microsoft Security Essentials scan, said my computer was A-OK. I searched and found out this is a virus. Anybody know how to get rid of it? Conveniently, every link I click to try and figure out how to remove it doesn't work. So, somebody is going to have to spell it out on here.

Link to comment
Share on other sites
lightsout Grand Master

lightsout

Posted
  • Author
Posted

I wasn't looking at anything but the huddle and facebook. It popped up and said it found 6 issues. I closed it, it waited 3 minutes, and popped up again as a different window interface.

I have malwarebytes. Unfortunately, this virus claims it is affected by a Trojan (ran Microsoft Security Essentials check on it, says it is clear) and won't let me open it.

Link to comment
Share on other sites
mav1234 Grand Master

mav1234

Posted
Posted

Blargh...

EDIT: Try this first:

Important note: If Malwarebytes is blocked by malware then run Chameleon (Start Menu → All Programs → MalwareBytes' Anti-Malware → Tools → Malwarebytes' Anti-Malware Chameleon).

NOTE: I Have NOT used this method. Use at your own risk. But, this is the list of files related to it supposedly. Deleting them, as well as the registry keys, could fix the issue. Or it might not...

Affected Files and Registry Keys:

c:Documents and SettingsAll UsersApplication Data345d567

c:Documents and SettingsAll UsersApplication Data345d5674475.mof

c:Documents and SettingsAll UsersApplication Data345d567mozcrt19.dll

c:Documents and SettingsAll UsersApplication Data345d567MS345d_2129.exe

c:Documents and SettingsAll UsersApplication Data345d567MSS.ico

c:Documents and SettingsAll UsersApplication Data345d567sqlite3.dll

c:Documents and SettingsAll UsersApplication Data345d567BackUp

c:Documents and SettingsAll UsersApplication Data345d567MSSSys

c:Documents and SettingsAll UsersApplication Data345d567MSSSysvd952342.bd

c:Documents and SettingsAll UsersApplication Data345d567Quarantine Item

c:Documents and SettingsAll UsersApplication DataMSHBXRCOBWS

c:Documents and SettingsAll UsersApplication DataMSHBXRCOBWSMSJYQMS.cfg

%UserProfile%Application DataMicrosoftInternet ExplorerQuick LaunchMy Security Shield.lnk

%UserProfile%Application DataMy Security Shield

%UserProfile%Application DataMy Security Shieldcookies.sqlite

%UserProfile%Application DataMy Security ShieldInstructions.ini

%UserProfile%DesktopMy Security Shield.lnk

%UserProfile%Recentcid.drv

%UserProfile%RecentCLSV.tmp

%UserProfile%RecentDBOLE.exe

%UserProfile%Recentdelfile.sys

%UserProfile%Recentfan.dll

%UserProfile%Recentgrid.sys

%UserProfile%Recentkernel32.exe

%UserProfile%Recentkernel32.sys

%UserProfile%RecentPE.dll

%UserProfile%RecentPE.tmp

%UserProfile%Recentrunddlkey.drv

%UserProfile%RecentSICKBOY.drv

%UserProfile%Recentstd.dll

%UserProfile%Recenttempdoc.tmp

%UserProfile%Recenttjd.sys

%UserProfile%Start MenuMy Security Shield.lnk

%UserProfile%Start MenuProgramsMy S

HKEY_CURRENT_USERSoftware3

HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_CLASSES_ROOTMS345d_2129.DocHostUIHandler

HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"

HKEY_CURRENT_USERSoftwareClassesSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"

HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform "control/7.02129"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "My Security Shield"

HKEY_CLASSES_ROOTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = "no" ecurity Shield.lnk

EDIT2: Note that 345d567 is a random number/key that is created, so yours may be different. Look for some random string of numbers. Also, check if you can use ctrl alt del to open up the task manager; if so, see if you can find a random number.exe file and end the process. If not, proceed with the other stuff...

Link to comment
Share on other sites
lymelizzard Newbie

lymelizzard

Posted
Posted

So, this thing popped up about 30 minutes ago. I hit the "x" in the corner because I didn't recognize it. Then it said my computer found all these viruses and whatnot. I ran Microsoft Security Essentials scan, said my computer was A-OK. I searched and found out this is a virus. Anybody know how to get rid of it? Conveniently, every link I click to try and figure out how to remove it doesn't work. So, somebody is going to have to spell it out on here.

Download and run combofix

Link to comment
Share on other sites
ChefAdam Newbie

ChefAdam

Posted
Posted

Ive never gotten a bug from The Huddle for the past 6 or 7 years that I have been lurking around here. Not once.

I dont know where you got your bug from, my machine is running just fine. I doubt it was from here.

OP said he was on facebook.....that place is a breeding ground for viruses/malware/spybots

I got a malware like that once, had to format and reinstall everything.....hope you have back ups or use a cloud service

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • PMH4OWPW7JD2TDGWZKTOYL2T3E.jpg

  • Topics

  • Posts

    • Shotgun
      Bryce Young 5th year option exercised

      By Shotgun · Posted

      As long as Morgan is the GM, Young will be the QB. Young is 100% Morgan's guy. The contract extension is pretty much guaranteed unless Young suffers a career ending injury this season.
    • frankw
      Bryce Young 5th year option exercised

      By frankw · Posted

      People really need to stop placing Dan Morgan on some kind of infallible pedestal. He is absolutely in lockstop with Tepper regarding Bryce and has been all along. As far as the team being okay with 185 passing yards per game. We better have a proven monster RB in our backfield then. Presently that guy is not on the roster. Chuba has one outlier season so far and the other guys have proven nothing. Not what you would call a great recipe. The only thing we can hope at this juncture is that the highest paid OL in the league for the second year in a row elevates their play from last season and opens up some massive holes even our RB's can get through. But it still doesn't resolve the issue of predictability. With no viable passing game it is much easier to shut down any run game. No defenses are scared of Bryce's arm. It is what it is.
    • bandu
      Top 10 worst qb rooms from CBS sports. Panthers number 9

      By bandu · Posted

      i lived in Atlanta from 84'to 92' & back then it was indeed a very different time without the internet & access to information 24/7. shortly after i moved back home to western NC around 93' or 94' the Carolina Panthers were awarded an NfL franchise & began their inaugural season in 95' so ike you i have seen the Carolina Panthers, ,the NFL ,technology, fans all evolve over the many a moon & years now some for the better & others not so ...just saying 
×
×
  • Create New...