Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
Hello there,

Xp media edition pc infected with nasty XP security 2011, proicess ssc.exe :(

In desperate need of your expertise... XP media edition is almost crippled my this fake XP security 2011...malwarbytes and superantispyware wont run especially on main user account logon. when you try to connect or run scans the Windows securtity center box opens and it says that the firewall and antivirus is off. if you try to click to enable the firewall this inc\sideaous XP security 2011 box opens and starts scanning listing all kinds of trojans:mad:, worms and viruses if you try to click to stop it it comes up with a box that wants you to register or manually register and wont go away untill u kill the process in task manager. in this particuilar user account it lists like 40 ssc.exe processes. the browser wont work i couldnt even get msconfig or the command prompt or any virus scans:( another user account malwarebytes and other scans would run but still no browser. the pc is at a crawl and no programs will run :( was even gonna reinstall XP but DVD would not run to burn copys of my documents an d my pictures etc to save before reinstalling.:( please help:mad: is their anything I can run or post a hijack this log?

oh ya and even if i do reinstall windows but cant back up the documents i want to save cant I just do a repair install that wont erase pictures documents etc? someone said if i save the Windows folder al Windows2 that it will install windows without erasing files I want to keep.

Anxiously awaiting you reply.

Thank you,

Greta
 

·
TSF-Emeritus
Joined
·
8,956 Posts
If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Link 1
Link 2
Link 3
Link 4



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.phphttp://www.gmer.net/download.php to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top