Windows 7 Internet Security 2012

[mike12]

Hi, I started getting messages about the above subject. It keeps wanting me to run a scan, saying my computer is infected. I never ran the scan, but it tells me that there are are least 29 infections etc. I can not get on the internet, when I try, I get a message to purchase the Windows 7 Internet Security etc. I am running Windows 7, I have Adaware (the free antivirus) installed. I was able to do a full scan...nothing showed up. I was able to run CCleaner, nothing showed up. I also ran Microsoft Internet Securities, nothing showed. I can NOT run Malwarebytes, or Superantispyware etc. When I try to run those programs, I get the same message to buy Windows 7 Internet Security 2012 etc. I even tried to run those two programs in SAFE mode..no luck..same message. Sometimes it tells me that I am infected with the TROJAN-BNK.WIN32.KEYLOGGER.GEN (by this program.). I guess I could remove the hard drive, slave it to another computer, and then run those two programs from that computer, but I would rather find an easier solution. suggestions..please, Thanks, Mike

[auen1]

You might check out this link for more info.
Win 7 Internet Security 2012

[glc]

Using another computer, download Microsoft System Sweeper and burn the bootable CD.

[mike12]

Thanks Auen1 and glc for the info.
glc--I downloaded and ran that Microsoft System Sweeper as you advised. It scanned 747,143 files and said it found no problems. I did try to access the Internet, I was sussessful, however I got that same message back again. I tried to run Malwarebytes, but it would not start. I was able to start Superantispyware, and it is running now. So far it found 11 items, and one of those items is TROJAN .AGENT\GEN-FRAUDER. That is a different Trojan that was mentioned before. I am going to see what else this Superantispyware finds. Maybe then I can run Malwarebytes. Any other suggestions if this does not work ?? Will I have better success if I remove the hard drive, and hook it up to another computer (slave) and then run Malwarebytes from that computer. Thanks again, Mike

[auen1]

I had an infection that blocked Malwarebytes and I had to use this method.

Quote:

Malwarebytes' wont start If you attempt to run Malwarebytes' and it does not start then there is a good chance that you have an infection that is trying to stop the program from running. To get around this, try renaming C:\program files\Malwarebytes' Anti-Malware\mbam.exe to other names like: mbam.com iexplore.exe explorer.exe userinit.exe winlogon.exe After each rename, try and run mbam.exe again. If that does not work, then you may to download and run Rkill to terminate the malware processes that are stopping you.

[mike12]

Thanks Auen1 for the info, but now I have another problem. After I had Superantispyware remove 14 infections I restarted the computer. Now when I click on any program, Malwarebytes, CCleaner, Internet explorer, I am asked what program do I want to open the program. When I tried opening IE, I got that message about what program to use to open the program. One of my choices was IE, so I chose it. But IE did not work. I think I will just remove the hard drive and scan it from another computer. I have a bad feeling that eveything is messed up and I am looking at a format and reinstall.
Mike

[auen1]

Can you use Windows "System Restore"' or do you have a system image?
I don't know if this will help you, just tossing out ideas.

[jdeb]

Quote:

Originally Posted by mike12 Hi, I started getting messages about the above subject. It keeps wanting me to run a scan, saying my computer is infected. I never ran the scan, but it tells me that there are are least 29 infections etc. I can not get on the internet, when I try, I get a message to purchase the Windows 7 Internet Security etc. I am running Windows 7, I have Adaware (the free antivirus) installed. I was able to do a full scan...nothing showed up. I was able to run CCleaner, nothing showed up. I also ran Microsoft Internet Securities, nothing showed. I can NOT run Malwarebytes, or Superantispyware etc. When I try to run those programs, I get the same message to buy Windows 7 Internet Security 2012 etc. I even tried to run those two programs in SAFE mode..no luck..same message. Sometimes it tells me that I am infected with the TROJAN-BNK.WIN32.KEYLOGGER.GEN (by this program.). I guess I could remove the hard drive, slave it to another computer, and then run those two programs from that computer, but I would rather find an easier solution. suggestions..please, Thanks, Mike

Whenever you see anything like this, turn off the computer and do not touch the mouse or keyboard. When you click on something it activates the Malware. It is a Java based trojan. I am surprised that System Sweeper did not catch it. Did you create the disc from the infected computer?

The other option is to pull the hard drive and use a USB/SATA adapter, plug into a clean pc and run Malwarebytes.

[mike12]

Auen1....Right now, i can not open anything. When I try to open anything, I get a message asking me what I want to open the program with. Whether it be Malwarebytes, Internet Explorer, Outlook etc. I can't open anything now. I ran Superantispyware and it found 14 items. I deleted them as I always do. But when the computer rebooted, is when I lost control. So to answer your question----I can not do a system restore because I can't open it. I even tried in SAFE mode.

jdeb---NO, I did not create the disc on the infected computer. I created it on this, my backup computer.

I removed the infected hard drive and slaved it to this good computer. I started running Malwarebytes. After over 90 minutes, nothing was found so I shut it down. Maybe the Trojan is now gone, but I have the problem of not being able to open anything. Any suggestion---anyone.. Thanks, Mike

[Nuclear Krusader]

Default File Type Associations - Restore - Windows 7 Forums

[mike12]

Nuclear Krusader...Thanks for the info. I did as you suggested. I MERGED all the file extensions. I can now get on the internet without any problems, and open up Outlook etc. I will try other programs after I run Malwarebytes, hopefully I can. I will post back tomorrow if all is STILL fine. Thenks again to you, and ALL others that have offered suggestions. Maybe I will not have to format and reinstall everything afterall. hope hope. Mike

[Nuclear Krusader]

Hopefully you won't. Formatting and reinstalling is not only a hassle, it also can't by itself guarantee that you won't get hit again.

There's more reward in repairing than in starting over.

[mike12]

Another update----I just successfully ran Malwarebytes, it only found one tracking cookie, I think. I removed it. Everything still seems fine.
A few questions :
1). I have about 100 of those file extension icons on my desktop, that i did the MERGE on. Can I drag them to the RECYCLE BIN, and then empty it ??
2). I have CCleaner on my computer. It has a function to check and remove unnecessary entries in the REGISTRY. Can I run that program ?? Will it clean up a lot of the old garbage ??
Thanks again EVERYONE. I think I (we) fixed the computer. Mike

[quartet-man]

I've never done the merge before (I don't even have Win7) however CCLeaner's registry cleaner is very good. Although some don't even do a registry backup when it asks, I would. I have seen an instance or two where some problems MIGHT have been caused by it, but it typically does a good job. Nonetheless, having it backup the registry first (when asked) is a situation where it is better to be safe than sorry.

[Nuclear Krusader]

Run CCleaner before moving those files to the Trash; let it clean up your registry: run the registry cleaner till it comes up with no problems to solve. Then close CCleaner and move the files to the Trash, but don't purge it; leave it alone for a few days till you're sure everything's running fine, then you can empty the Trash.

[auen1]

Good to hear you got it cleaned up.

[mike12]

It has been a few days now, and I did not get that message about "Windows 7, Internet Security 2012" etc. I ran Adaware Antivirus, MSE, Superantispyware, CCleaner, Malwarebytes a few times. I then deleted Adaware, and downlaoded Avast and ran that, all clear. Avast has a feature you can have it run at BOOTUP before Windows starts...I did that and it found some Java script things that I told it to delete. It also told me that Superantispyware was corrupted. That was the program that I believe found and removed that Windows 7 Internet thingy. So, I removed the Superantispyware program and reinstalled it.
NOW..I noticed in MSCONFIG, STARTUP, there is an entry called CONIME. I googled it and it seems like it can be a legitmite Windows file associated with Asiatic languages, or it could be a "Backdoor Input Method Remote de BFGhost" problem. The article says to look for BFghost, editmm.exe, and conime.exe in Task Manager. I do not see those three items in Task Manager. I never saw CONIME in the Startup items in MSCONFIG before. Maybe it got there when I did that "Default File Associations Restore per Nuclear Krusader suggestion because I could not open anything. Doing the restore fixed that problem, but maybe that is how that CONIME got there. If that is the case, that is fine. I guess I am a little leary right now. Suggestions, comments, please. Thanks again to everyone who gave suggestions and advice, Mike
OH, I forgot..If i remove the check mark in fron of CONIME, it eventually re-appears.

[edfair]

Been through a duplicate of yours in the last couple of days. Fortunately just .exe and exefile were corrupted.

Ended up with 2 entries in msconfig/startup consisting of wierd characters. Just unchecked the entries and ignored it. There was nothing matching in the registry.

In addition to mbam to eliminate 4 major issues I used spybots&d and adaware to clear out a bunch of stuff. And after things were reasonably clear the AV on the machine picked up another item.