Security Essentials 2010 Infection

Discussion in 'malware problems & news' started by chris18, Aug 13, 2010.

Thread Status:
Not open for further replies.
  1. chris18

    chris18 Registered Member

    Joined:
    Sep 26, 2003
    Posts:
    36
    Just recently two family members have had their laptops infected with the Security Essentials 2010 trojan.

    Both are working behind a router and have basic firewall and anti-virus protection i.e free versions I believe.

    Despite all my best efforts I was unable to clear the infection. I was unable to boot into safe mode or run cmd. In the end on one machine I had to do a complete reinstall of windows XP. The other machine, running Vista, is still infected as I am not in the vicinity to look at it. Neither of the users is particularly computer savvy which makes giving help over the phone very difficult. I should mention I'm not a complete novice but trojan infections isn't something I have much experience with.

    On both machines the children/grandchildren had been the last users so I am assuming the most likely source of the infection could be social networking or file sharing.

    There is a lot of information around about how to clear the infection manually but these all assume that it's possible to actually get into the system, not so in either case all I kept getting was the initial warning messages.

    I would appreciate any help/advice to pass on as to the likely source of the infection and steps I can suggest be taken to prevent it again.

    Also is there any way, other than a complete reinstall whereby the infection can be cleared if as in the remaining case it's not possible to get into the system.

    Thanks in anticipation.
     
  2. codylucas16

    codylucas16 Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    267
  3. chris18

    chris18 Registered Member

    Joined:
    Sep 26, 2003
    Posts:
    36
    Hi, thanks for the reply.

    As I said, the problem is I don't know how to bypass the infection so as to connect to the internet to download or do anything else, all I get is the rogue front screen about scanning for infections.

    Even if I download fix files to another laptop and transfer them to a USB stick how can I run them when I can't get into the system e.g Windows Explorer, or am I missing a basic first step.
     
  4. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    I would burn a bootable anti-virus rescue disk and boot the computer from those and scan/clean for malware. By booting from a rescue CD you bypass the malware completely.

    Avira rescue CD:

    http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html

    Kaspersky Rescue disk:

    http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable

    Dr. Web Live CD:

    http://www.freedrweb.com/livecd/?lng=en

    Hopefully you would be able to clean up enough of the malware so you can boot into Windows normally and run programs like:

    http://www.malwarebytes.org

    http://www.superantispyware.com
     
    Last edited: Aug 13, 2010
  5. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    Bootable AV disks are the way to go. Even if the system is accessible, bootable CDs do a better job at detection and clean up. I would suggest starting with Avira and finishing up with Kaspersky. If Windows XP becomes unbootable due to cleanup, perform a repair install of Windows XP. This will make sure all software and drivers are kept intact. You will have to apply all Windows updates though.
    Also, once the system becomes accessible - run the a-squared emergency kit. It's one of the most thorough apps on the market. If you need more help, feel free to PM.
     
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Unless this is a new variant then there must be underlying/other problems as the rogue needs an internet connection in order to rip you off for 50 bucks?

    Haven't seen an installer for this rogue in a couple of months.
     
  7. chris18

    chris18 Registered Member

    Joined:
    Sep 26, 2003
    Posts:
    36
    Thanks for the replies, I feel I am getting somewhere now. I have downloaded all the files mentioned and will keep them safe just in case someone else phones me with the same problem.

    Am I correct in assuming that the most likely culprit for being infected is when the children/grandchildren download music etc. or is there another way too.

    Should a good AV program stop this sort of thing or is there a better recommendation.
     
  8. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    Those rescue CD's are updated daily with the latest virus signatures. So, I would suggest downloading that day's rescue CD before use and not using one download days, weeks, months earlier.

    There is no way to tell for sure but I would guess that was the likely cause of the infection. They could have visited a website that infected them.

    No AV can detect every piece of malware immediately. But running a reputable AV and keeping it updated is a good idea. Also, make sure the children are logged into Windows under a limited user account. Not an administrative account. While logged in as a limited user, this will prevent most malware from installing and stop the the children from installing questionable software.

    Edit:

    Also, switch to Firefox browser if they are using Internet Explorer. Install the "noscript" and "ad block" add-ons.
     
    Last edited: Aug 13, 2010
  9. chris18

    chris18 Registered Member

    Joined:
    Sep 26, 2003
    Posts:
    36
    Thanks for all the advice which I have passed on to the respective family members.

    As always good advice from everyone.

    Thanks
     
  10. wat0114

    wat0114 Guest

  11. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  12. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    chris18,

    Out of curiosity, what security software were they running when they got infected?
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    A friend got infected with a rogue that would not let him download MBAM. I took a CD with MBAM exe on it, and was able to install it. A Quick Scan got rid of the rogue.

    He was using Norton. That convinced me that I need to run MBAM alongside my AV in real time. Evidently AVs do not pick up the rogues as well as AM applications.

    Regards,
    Jerry
     
  14. chris18

    chris18 Registered Member

    Joined:
    Sep 26, 2003
    Posts:
    36
    InfinityAz
    Can't say for certain but as the laptop is only about 6 months old I suspect it was preinstalled and had probably run out of it's trial period. Most likely McAfee or Kaspersky as they seem the usual options on new laptops that I have seen recently.

    Couple of point if I may. I checked the AVIRA site but this seems to be a Linux based system (or am I looking at the wrong product). If that's case how can I use it on a Windows based system.

    Also during my research either here or on another site I came across a recommendation to use Macrium Reflect to create an image file. I have installed it on my own laptop but was wondering how I can create a bootable DVD so as to be able to restore the image in the event of an emergency. Bit confused as to whether it's possible with the FREE version.

    My initial thought is to create the file on a external drive but not much point if I can't get it to run a restore.

    Thanks
     
  15. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Yes, the AVIRA Rescue CD is a Linux based system. You boot the AVIRA Rescue CD on a Windows PC and the AVIRA Rescue CD is loaded from the CD into the PC's memory. You then run the AVIRA scan from the PC's memory. See the following:

    https://www.wilderssecurity.com/showpost.php?p=1729496&postcount=4
     
  16. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    My dear fellow, Linux can now access NTFS file systems with no issues; many of the antivirus CDs are now based off Linux :)

    In fact, many of the boot antivirus systems now contain a Linux system with a window manager, some basic tools, web browser, and other utilities, so that you can use the CD to tran sfer files off the HDD onto an external drive. :)
     
  17. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I use Antivirus Rescue CD's primarily for scanning and cleaning an infected PC. I prefer Puppy Linux for data recovery from an infected PC. I have used Puppy Linux to burn data to DVD's and to copy files to USB Flash Drives and USB Hard Drives.
     
Loading...
Thread Status:
Not open for further replies.