Pop up - supposedly from Microsoft??

S

soulman1015

New Member
Hi,

I use the latest version of Firefox. I will get a message saying that I'm in unsecure mode, and the way to fix it is to install a program from Microsoft (attached is a screenshot).

However, even though it says that it's from Microsoft, if I double click it, it says it's from an unknown publisher.... what gives? And if I keep running the stupid AV and spyware bull, then why does this keep happening????
 

Attachments

  • Windows AV pop up.jpg
    Windows AV pop up.jpg
    118.5 KB · Views: 137

My Computer

System One

It can't be from Microsoft, especially if your using Firefox. Sounds like a Trojan to me. Please download HijackThis.

Install and start Hijackthis. Click the Do a system scan and save to logfile option. Copy contents of the log and post it for analysis.



 

My Computer

System One

  • Manufacturer/Model
    Dell Dimension 9200
    CPU
    Intel Core 2 Duo 2.66 GHz
    Memory
    2.00 GB
    Graphics Card(s)
    Nvidia 8600 GTS (Overclocked)
    Monitor(s) Displays
    Dell 2007 WFP 27 in LCD
    Screen Resolution
    1680 x 1050
    Hard Drives
    One (72.8/455 GB)
    Keyboard
    Standard Dell Keyboard (Dusty)
    Mouse
    Razer Salmosa
Macavity said:
It can't be from Microsoft, especially if your using Firefox. Sounds like a Trojan to me. Please download HijackThis.

Install and start Hijackthis. Click the Do a system scan and save to logfile option. Copy contents of the log and post it for analysis.



Click to expand...
here is the log that you asked to post up... thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:03 AM, on 9/3/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook | Facebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - AppInit_DLLs:
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\Windows\system32\msihost.exe (file missing)

--
End of file - 4233 bytes
 

My Computer

System One

Needs attention:

O1 - Hosts: ::1 localhost

O13 - Gopher Prefix:

Use HijackThis to fix these entries. Click Do a system scan only and fix it using the Fix checked button.

The following seem to be threats:

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwssvc.exe (file missing)

O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\Windows\system32\msihost.exe (file missing)

 These two, which are most likely the source, will need to be taken care of. Your current protection will most likely not be able to handle the infections.

First download Spybot Search & Destroy and do a complete scan. To do this correctly, see this tutorial.
Then download SuperAntiSpyware and do a complete scan.
You can uninstall both cleanly later.

Please report back if they have caught anything. Several options still remain.






 

My Computer

System One

  • Manufacturer/Model
    Dell Dimension 9200
    CPU
    Intel Core 2 Duo 2.66 GHz
    Memory
    2.00 GB
    Graphics Card(s)
    Nvidia 8600 GTS (Overclocked)
    Monitor(s) Displays
    Dell 2007 WFP 27 in LCD
    Screen Resolution
    1680 x 1050
    Hard Drives
    One (72.8/455 GB)
    Keyboard
    Standard Dell Keyboard (Dusty)
    Mouse
    Razer Salmosa
Hi - I will do that and get back to you... it's funny - my problems didn't really seem to start until shortly AFTER installing the VIPRE A/V.....

the following is a post that I got from the "Multi - user" forum - I don't have time for games, I just needed an answer, and what I got was harrassment, and a demeaning commentary.

Where do I begin?

for some reason, the "User Account Control" keeps turning itself off. I then log on in the administrator account to turn it back on, restart, and everything is fine for about an hour, then it happens again. I have run my AV (I have Vipre) in the deepest scan it has, and removed any issues, but it keeps happening...

I get this pop up that states that it's from microsoft, however the signature if I doubleclicked the .exe file is unknown, so it's cancelled... attached is a screen shot...

Also, I have two 512 MB SD RAM cards (which I hope to change soon) but yet, the computer states that I only have 845 MB of RAM - not even enough to really run Vista...

Spyware and adware don't get removed, and when it does, it's right back within an hour (Using VIPRE AV/AS)

Registry errors, dll errors, more things than I can say right now...

I'm ready to take a sledgehammer to this dang thing, and get a Mac. Attached Thumbnails
 

My Computer

System One

Macavity said:
Needs attention:

O1 - Hosts: ::1 localhost

O13 - Gopher Prefix:

Use HijackThis to fix these entries. Click Do a system scan only and fix it using the Fix checked button.

The following seem to be threats:

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwssvc.exe (file missing)

O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\Windows\system32\msihost.exe (file missing)

 These two, which are most likely the source, will need to be taken care of. Your current protection will most likely not be able to handle the infections.

First download Spybot Search & Destroy and do a complete scan. To do this correctly, see this tutorial.
Then download SuperAntiSpyware and do a complete scan.
You can uninstall both cleanly later.

Please report back if they have caught anything. Several options still remain.






Click to expand...

Ok, here is the issue. I cannot install either one of these two programs. I run my virus scan only in safe mode, cuz when I run it regular, it will work, and then the computer will immediately restart - no log off, just a very fast power down and restart... But it still does it even after the AV caught 2 high risk, and 1 low - and nothing after... (happened this morning). I'm kind of at a loss, for I don't know what to do now.
 

My Computer

System One

You must log in or register to reply here.
Back
Top