Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

Trending News

Promoted
Jeff H
Lv 5
Jeff H asked in Computers & InternetSecurity · 1 decade ago

How can virus XPSecurityCenter attack two PCs the same day?

Last night- all was well. About 8 AM this morning, my computer got bit and bit badly by the XPSecurityCenter computer virus. I have no clue how it came upon me or I upon it. I shut off my PC and went to work.

This evening, the PC virus insisted that I purchase it's software or it would not let me use IE8. It insisted files that I do not have were infected. I did not purchase, I just shut it down.

After dinner, my Mom got bit by the same bug. She has IE7. and Firefox.

We share a router to the high speed Internet box. We have a hard wired firewall in addition to the firewall on the PC software.We are not networked. File and printer sharing are disabled on both PCs.

We did not browse the same sites in the last 24 hours.

We have different kinds of PCs manufactured by different companies.

How does this thing find victims? What do I do to avoid it?

So far, it appears that I have the systems back up and running. I ran regedit and modified the related entries.

I really want to know how this one attacks since it is the first time anything has been successful.

The fact that two PCs got clobbered in the same house over 12 hours apart really has my curiosity.

I am not interested in really technical answers. Just concepts will do fine.

Thank you.

Update:

It appears not to find that son of a gun. Thank you.

HKU\S-1-5-21-1343024091-2077806209-725345543-1003\Software\Microsoft\Keyboard\Native Media Players\QuickTime Player\ExePath 11/15/2009 6:09 AM 49 bytes Data mismatch between Windows API and raw hive data.

HKLM\SECURITY\Policy\Secrets\SAC* 5/3/2009 12:47 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 5/3/2009 12:47 PM 0 bytes Key name contains embedded nulls (*)

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 3/24/2010 12:12 AM 64.00 KB Visible in Windows API, but not in MFT or directory index.

Update 2:

So says rootkit revealer.

5 Answers

Relevance
  • Wide Glide
    Lv 7
    1 decade ago
    Favorite Answer

    There are 60 different names for this rogue depending on which operating system it attacks.

    When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches XP Security Tol 2010, XP Defender Pro, or Vista Defender Pro. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.

    Link to removal guide--->http://www.bleepingcomputer.com/virus-removal/remo...

  • technocrate
    Lv 5
    1 decade ago

    This is a rogue antivirus program.

    It pretends to be fake XP security center, because most people have windows XP. And they are idiots.

    And by the way, if you cant download these you will have to buy a usb flash drive and have a friends computer.

    P.S. Unplug your internet when you have the programs downloaded to prevent more spyware from downloading.

    Download SmitFraud Fix.

    Put it onto your desktop and run it.

    If it does not run from your desktop, move it into the C:\ Drive and run it from there.

    (Go to run and put in C:\ and drag it and run it from there.)

    Once you have it running,

    * Double-click SmitfraudFix.exe

    * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Now to clean.

    * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

    * Double-click SmitfraudFix.exe

    * Select 2 and hit Enter to delete infect files.

    * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

    * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

    * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Also, process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user, so ignore the warnings and let the program continue.

    Your computer shall be cleaned by now, but time to get some other antivirus programs so it doesn't happen again.

    Keep SmitFraudFix just encase.

    You're going to want firefox if you dont have it already.

    It's so much better than internet explorer, safer and faster.

    Ad-Aware. Detects most viruses I guess.

    SpyBot S&D, will detect alot of rogue antivirus programs, spyware junk..

    And a regular antivirus program. Free, and is really good.

    And just encase you want regular protection..

    All of this stuff is free

    Hope this helped you clean out your computer.

    Source(s): http://www.iyogi.co.uk/antivirus/anti-malware.html
  • katie
    5 years ago

    because its for very little you can try and take them to small claims court but actually suing isn't worth it as you can really only sue for the vet bills and to get a lawyer would just cost way more in the long run and it would probaly go no where since dog attacks these days are common. I would also make complaint to your local animal by-law. Any dog is allowed to be off leash on there own property so once it goes off its property and its not on leash its breaking the law. Good luck and don't let it go every time those dogs are off leash and off property call animal control enough complaints and something will have to be done. Its really said for the irresponsible owners in this world that give many dogs a bad rep. Good luck

  • Harley Drive
    Lv 7
    1 decade ago

    it downloads from websites using a security hole in the browsers structure to do with javascript and http protocols, it is a rootkit and does not register in the windows gui, even if you think you have eliminated it run rootkit revealer from microsoft (sysinternals) to make sure, autoruns is also worth having, rootkits were very useful in Unix but the inability of the windows gui to even detect them is a major security hole in windows

  • How do you think about the answers? You can sign in to vote the answer.
  • SassyChasca
    1 decade ago

    Security Center is the latest rogue antispyware application.

    Do Not trust it whatever you do!

    Check out the link provided for instructions on how to remove this parasite:

    http://www.pcthreat.com/parasitebyid-8180en.html

    Remember you heard it here first!

Still have questions? Get your answers by asking now.