System Security Version 4.52 (Inactive)

TXRancherTXRancher
edited July 2009 in Spyware & Virus Removal
Hello ppl, I have a friend who suddenly found out he was infected with the system security version 4.52. I told him I'd post here and see what kind of response I get. I tried to remove it but nothing will open on his laptop. Everything from his ADD/REMOVE to his command prompt is "infected". What I've been able to find online with regards to this malware is of no use seeing as how I can't get anything to stay open long enough to look for anything. Is there anyone out there in cyber land who can help me help him? I'd be mighty happy and so would he. Thanks in advance for all the help I know I'll get here.

Comments

  • KatanaKatana
    edited July 2009
    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly laechel.gif

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe




    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.


    Please Download GMER to your desktop

    Download GMER and extract it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click Yes.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.
  • TXRancherTXRancher
    edited July 2009
    Thanks for the reply Katna unfortunatly I can't do any of those things because I can't even open a simple folder like pictures or even IE. As soon as I click on an icon it pops up then disappears. All I can do is turn his laptop on and look at the pretty screen. Any other suggestions? Again thanks for the reply.
  • KatanaKatana
    edited July 2009
    Have you tried running the tools in safe mode ?

    To reboot in safe mode
    You can boot in Safe Mode by restarting your computer, then continually tapping F5 OR F8 until a menu appears.
    Use your up arrow key to highlight Safe Mode, then hit enter.
  • KatanaKatana
    edited July 2009
    @ ReineNervensache


    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.
  • KatanaKatana
    edited July 2009
    Inactive
    Whilst we appreciate that you may be busy, it has been several days since we heard from you. This topic is now closed.

    Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
Sign In or Register to comment.