My sister's PC has the paid version of PrevX. My brother went to some tourism Web site and clicked on a picture. Lo and behold, malware took over the machine. It was one of those fake "your machine is infected" things, along with references to a spambot that sends out e-mails. I managed to stop a couple of processes (start.exe was one, I forget the other.) One of the many symptoms was a large gay porn picture on the desktop! Anyway, I am going to attempt to clean this up. I might download Combofix, which has saved me on more than one occasion. What concerns me is that we ran a PrevX scan, and it found nothing. This surprised me, as I've had good results with PrevX thus far.
Hello, If you could please try the instructions in this post: https://www.wilderssecurity.com/showthread.php?t=245129 one of our researchers will see what Prevx is missing and add the detection Thank you for your help!
Can you save a report and send it to them the steps are in this post! https://www.wilderssecurity.com/showthread.php?t=245129 TH Edit: Joe You beat me to it again LOL
Thanks, I will do that. Won't be until this weekend, however. I managed to kill the process, but I don't want my sister to turn on her PC until I can do so in Safe Mode.
Update: I did clean up the PC, but did not get a chance to zip up the rogue program. However, I now know what it was: the malware called "Safety Center", which pops up a phony Windows-like "security center" window which tells you that you have all sorts of infections and that you need to click here or there to fix them. The main file that it installed was "start.exe", and it changed the startup config so that it would run when Windows loads. It actually created a "Safety Center" folder in "Program Files", so finding and deleting it wasn't very hard. Killing the process stopped it, and then I used ComboFix to get rid of any traces of it in the Registry, etc.