virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Elluziion

Thread Starter
Joined
Apr 14, 2010
Messages
8
My computer has downloaded a program called "security tool" this program is blocking me from using anything in my control panel, or my notepad. The first time i tried to delete the program i went to start and searched the harddrive and when i found it i right clicked it and then a pop up came up and then i got a blank blue screen and my computer shut off. Then when i tried to go to control pannel a pop up came up that said :

>rundll32.exe is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using rundll32.exe to connect to remote host.

A similar one pops up for notepad, run, and other things.
I really need to get rid of this security program so any help given will help. Thanks
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,204
I'm going to move you to the hijackthis forum. If you do not have a response in 48 hours, please post back in this thread, and I'll flag down a security expert for you. In the meantime;

1. Welcome to TSG. :)

2. Please do the following:

CLICK HERE
to download the HijackThis Installer:
1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 

Elluziion

Thread Starter
Joined
Apr 14, 2010
Messages
8
when i tried to install the program my desktop icons dissapeared and then my screen went blue and then my computer restarted. I tried again and the pop up said msiexec.exe then is infected with worm Lsas.Blaster.Keyloger.....
 

Elluziion

Thread Starter
Joined
Apr 14, 2010
Messages
8
I finally got HijackThis installed but my desktop icons are still not visable. when i go to the start bar and select the HijackThis it gives me the same error message. Infected by a worm.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,204
try renaming hijackthis.exe to puppy.exe and see where that gets you. Sometimes malware will look for specific apps to blow out, and hjt is one of those.

thanks,

v
 

Elluziion

Thread Starter
Joined
Apr 14, 2010
Messages
8
I tried to save the program as puppie.exe but when i went into the file to open it a black command screen poped up and then dissapeared.


Then i tried to save it under a different name. and an error message came up that said.
>A network error occured while attempting to read from the file.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,235
Do you have access to a USB external drive (or a flash drive) that you can use to transfer files to the infected computer?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,235
Sorry, I meant to also ask if you have access to another computer.

We have to download a couple of programs to the USB drive on another computer and then transfer them over.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,235
OK, that's good.

Download both of these files to the USB flash or external drive using another computer. Right-click and save as you don't want to execute them.

http://download.bleepingcomputer.com/reg/antivirus-vista-2010/FixExe.reg

http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

Remove the USB drive and insert it into the infected computer.

Now make the sure the rogue Security Tool program is running if it's not already. Can you do something that will trigger one of those alerts? Then you'll know it's running.

Now open the drive that is the USB device on the infected computer and double-click on the FixExe.reg file to run it. Windows will prompt and ask you if you want to allow the data to be added to your computer so click Yes when that happens.

Now you should be able to run the MBAM set up (the other file I had you download) from the USB device and follow the prompts to install the program on the infected computer. Don't change any of the default settings. Once it's installed, update it by clicking on the update tab and then run a Full scan.

When this is done, you should be able to post a HijackThis log from that computer so please do that and post the MBAM log as well.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,235
I will be away from the computer for a bit but will definitely check back later on.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top