So, I guess I've been really lucky and have never used any kind of security (aside from the stock windows stuff that came with my cpu) - and haven't really had any problems. That changed this week.

It started with a few days of seemingly random redirects from sites that usually don't redirect. Then tonight I got hit with some "Security Shield 2012". That thing was blasting pop ups left and right, trying to get me to buy it and notifying me of this and that. I didn't click anything on it (not even to close the pop up windows). It had also shut off my Windows security.

I was able to run a system restore to a couple weeks ago, and things seem better - but I'd like to run some scans and whatnot to be sure. Can anyone suggest something good for me to make sure I'm "clean" ?

Thanks :)

Run scans with Malwarebytes and Kapersky. AVG would be the next one to try.

Security Shield 2012....I just had to deal with that bitch at work. I used MalwareBytes Anti-malware to get rid of it (they have a free version). And my choice in antivirus software is Avast (also has a free version).

Cool, I'm actually looking for the free stuff right now. I don't have a problem paying for a good one - just with this stuff potentially running around my cpu, I'm a little leery of putting in any money information until I feel a little more secure.

Edit : And it seems the recommended ones are free, with upgradeable "better protection" - which is perfect. I can clean up, and then upgrade when things are clear :).

Thank you.

AVG 2012 is also a very solid free anti-virus

Googling the primary phrase "Security Shield 2012" brings up all sorts of suggestions/tips, including this one

Remove My Security Shield (Uninstall Guide) (http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield)

The walkthroughs on that site have bailed my ass out at least twice, they're generally awesome. (A bit touchy about what/how you post questions, but the walkthroughs kill).

edit to add: The walkthrough is from bleepingcomputer (just realized the link didn't reveal the source)

haha, Thanks everyone. And JIMG, yeah -that's where google had landed me - I was actually reading that walkthrough when I posed the question to this trusted board :). I was going to start following it, when paranoia set it, and I began to get concerned that it was all part of a huge conspiracy to further hijack my computer haha. So, I came here :)

haha, Thanks everyone. And JIMG, yeah -that's where google had landed me - I was actually reading that walkthrough when I posed the question to this trusted board :). I was going to start following it, when paranoia set it, and I began to get concerned that it was all part of a huge conspiracy to further hijack my computer haha. So, I came here :)

As long as you follow a direct link to bleepingcomputer you should be fine. That site absolutely rocks afaic & has become one of my primary go-to places when things ain't right.

Microsoft Security Essentials is also a good free anti-virus. One issue I thought I had with it was my own doing. I totally forget it's running since it never interferes with what I'm doing.

there are a lot of you tube videos with fixes, had this myself and you will need to delete the file.

http://www.youtube.com/results?search_query=security+shield+2012+removal&oq=security+shield+2012&gs_l=youtube.1.0.0l7j0i5l3.784.5424.0.7421.20.16.0.4.4.0.104.977.15j1.16.0...0.0...1ac.__60xf-Sbb0

ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) is usually good for removing malware.

Update the virus databases & run the scans in safe mode.

Some of the crap that infects hides as system files. These are typically exposed when you run in safe mode.

I second/third Malwarebytes & AVG. Super Anti-Spyware is good too.

If Virus and Spyware were condom brands, this would have been a more interesting question.

That said, I have to agree with the Malwarebytes stuff. Solid product. I'm also pretty partial to Spybot.

AVG and Superantispyware - both free, both excellent products when used together.

Damn. Things much worse now. I got things up and going, and had to uninstall and reinstall my Microsoft Security Essentials - and now I get about 10 seconds after logging in, and MSE tells me it's found a critical and is going to shut down my system (and, it isn't fixed when it reboots .. same thing, over and over and over) ... Seems the problem is Sirefef ? idk .. very frustrated now :(.

Had to quickly uninstall MSE again, to be able to stay on and surf for an answer. Although, that might just be hurting me more :(

Damn. Things much worse now. I got things up and going, and had to uninstall and reinstall my Microsoft Security Essentials - and now I get about 10 seconds after logging in, and MSE tells me it's found a critical and is going to shut down my system (and, it isn't fixed when it reboots .. same thing, over and over and over) ... Seems the problem is Sirefef ? idk .. very frustrated now :(.

Had to quickly uninstall MSE again, to be able to stay on and surf for an answer. Although, that might just be hurting me more :(

Try running ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you haven't yet.

You may be at the point where you will have to take care of things outside of Windows. You could try the Avira Rescue CD https://www.avira.com/en/downloads#tools or another tool like it.

I know a lot of people who swear by Hitman Pro to clean up their mess but I personally have never used it. Home - SurfRight (http://www.surfright.nl/en)

If I think something is fucked, this is the method I follow.


rKill > CCleaner (I uncheck my cookies and stuff for the browser I use. I don't like having to re-enter my passwords and stuff) > Turn off Real-Time Protection in MSE > TDSSKiller > Malwarebytes > MSE Scan > Turn Real-Time Protection back on in MSE

rKill: RKill - What it does and What it Doesn't - A brief introduction to the program (http://www.bleepingcomputer.com/forums/topic308364.html)
TDSSKiller: Anti-rootkit utility TDSSKiller (http://support.kaspersky.com/faq/?qid=208283363)

have you tried going back to an earlier "system point" (before the infection !) via the system recovery after starting the system in "safe mode" (press F8 when starting) ? As far as i know this security shield thing is not something that corrupts your whole system but stays rather superficial but does mess with windows functions (like the MSE).
A friend of mine did it that way and so far there hasn´t been any backlash, neither have various software detected anything wrong with the system after doing so. Normally i´d be sceptical here, but the virus in question isn´t exactly operating stealthily, if you have it you notice it.

Thanks again to everyone who has posted - I have run a few scans and whatnot, and fired up a "help me" post on bleeping computer. We'll see where that leads :)

@mckerney, Thanks for the ComboFix tip, but I've been holding off on that one - I noticed when I was posting @ bleepingcomputer, they advised to not run that unless/until they instruct me to.

have you tried going back to an earlier "system point" via the system recovery after starting the system in "safe mode" (press F8 when starting) ? As far as i know this security shield thing is not something that corrupts your whole system but stays rather superficial, thus the recovery could take care of things.
A friend of mine did it that way and so far there hasn´t been any backlash, neither have various software detected anything wrong with the system after doing so.

Yeah, I did that; and it cleaned the Security Shield. But, the redirects continued and a couple days later security shield reappeared. Trying to squash these bugs for good haha.

@mckerney, Thanks for the ComboFix tip, but I've been holding off on that one - I noticed when I was posting @ bleepingcomputer, they advised to not run that unless/until they instruct me to.

Ah, right. I remember seeing that though I'd just gone ahead and used it in the past fixing others computers and it worked to quickly remove any problems. In one case my boss had a virus on his computer that the tech support he contacted with could fix after 2 or 3 days so they wanted to just wipe the hard drive and reinstall everything. ComboFix had the system clean and everything removed in about half an hour. It's become my go to on anything that gets around standard antivirus software.

Thanks to all.

In the event someone else in the future runs into anything similar, and searches - The steps (after my posts) I took (which seem to have me cleaned up) are :

After uninstalling MSE, I installed Avast. I installed Malewarebytes, I installed CCleaner, I installed rkill, I installed tdskiller.

I ran Malewarebytes, rkill, CCleaner, tdskiller, Avast (from Windows), then Avast again (it also has an option to run it on a restart before Windows starts). Then I started getting direction from bleepingcomputer. They had me run some scans that I guess gave them an idea what was going on. Then ran Combofix, then another info type scan, then ran a program called ESET (cleaned some browser stuff).

(Bleepingcomputer was very helpful, took my issues on a personal problem level, and although they said to expect a 5 day wait, it's been less than 1 - and I think it's done. Definitely donating to them.)

My gut says, as Mckerney suggested - Combofix was the key.

Sounds like you had quite the infestation.

http://cache.jalopnik.com/assets/resources/2007/04/spider_squareback_1.jpg

I was able to run a system restore to a couple weeks ago, and things seem better - but I'd like to run some scans and whatnot to be sure. Can anyone suggest something good for me to make sure I'm "clean" ?

Thanks :)

Some of these viruses are so bad they cling on to the system restore so you can never really get rid of them. If you notice this virus wont go away you may have to shut off your system restore before you run the scan.

ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) is usually good for removing malware.

And yes this is awesome.

Id 1. shut of your system restore 2. run malwarebytes 3 run combofix 4 Turn back on system restore 5 get the free Microsoft Security Essentials downloaded and turned on. This should eliminate the problem.

Thank you for this thread. I'm dealing with my own malware problems. Mostly one that keeps opening another stupid webpage. AVG keeps finding a whitelisted trojandropper and doing nothing about it. So I'm trying MS Security Essentials. It found a lot more things. RUnning malwarebytes too.

Thank you for this thread. I'm dealing with my own malware problems. Mostly one that keeps opening another stupid webpage. AVG keeps finding a whitelisted trojandropper and doing nothing about it. So I'm trying MS Security Essentials. It found a lot more things. RUnning malwarebytes too.

If the same ones keep coming back after you have deleted them id shut down system restore and run it. I had this problem a few years back and these viruses just attached on to my system restore so despite deleting them over and over they would keep coming back. Finally I read somewhere to shutdown system restore and run the scan and they were gone.

Thank you for this thread. I'm dealing with my own malware problems. Mostly one that keeps opening another stupid webpage. AVG keeps finding a whitelisted trojandropper and doing nothing about it. So I'm trying MS Security Essentials. It found a lot more things. RUnning malwarebytes too.

I really think the Combofix was what 'cleansed' me, but if you followed along, you'll see I ran a bunch of scans/cleans - so I can't really be sure. I was really impressed with the personal help I received from bleepingcomputer.com. I was surprised that I didn't get a "gawd you're such a noob, why don't you use the search function and fix it yourself". They actually encourage folks to create a thread about their specific problems, and work through it case by case. Very thorough, even after getting the things I was complaining about removed, they had me run some scans for other general cleaning. They were also pretty quick in my case (although their site says could be about 5 days for a responce).

they aren't being delteed cause AVG isn't deleting them. I'm running some other things now tho.

I think I'm just going to remove AVG. It just seems to make noise and take over my browser home page :P

I really think the Combofix was what 'cleansed' me, but if you followed along, you'll see I ran a bunch of scans/cleans - so I can't really be sure. I was really impressed with the personal help I received from bleepingcomputer.com. I was surprised that I didn't get a "gawd you're such a noob, why don't you use the search function and fix it yourself". They actually encourage folks to create a thread about their specific problems, and work through it case by case. Very thorough, even after getting the things I was complaining about removed, they had me run some scans for other general cleaning. They were also pretty quick in my case (although their site says could be about 5 days for a responce).

Haha, the fact that you could find their website probably puts you ahead of 80 percent of the population.

they aren't being delteed cause AVG isn't deleting them. I'm running some other things now tho.

I think I'm just going to remove AVG. It just seems to make noise and take over my browser home page :P

You got a bad one it sounds like. Has it disabled any websites you are trying to go to? Id listen to Doug on this. Combofix has NEVER let me down. Takes around a half hour but it cleans this crap out.

what do you guys think of MS Security jazz?

what do you guys think of MS Security jazz?

I think you should stop messing around and combofix it ;) Actually never heard of it so sorry for the smartass remark.

Here is another thread on this type of stuff

http://www.operationsports.com/fofc/showthread.php?t=76822&highlight=virus

what do you guys think of MS Security jazz?

If you mean MS Security Essentials, I like it, but it seems DougW was using it and his virus got past it.

malwarebytes worries me. :/

It found things but it let's ME decide what to remove. ANd some of the things it is finding is simply other programs. For example it found AVG 2012 and called it a Rogue. It found the executable for Hollywood mugl as something. How do I know I can trust what it is finding.

Should I just not bother removing things from it and just use that combo fix thing instead?

If you mean MS Security Essentials, I like it, but it seems DougW was using it and his virus got past it.

Microsoft Security Essentials is the best antivirus program I've used. I always try to use it first for preventing/removing malware and then ComboFix comes out for anything that manages to get past it or hangs around after MSE attempts to remove it.

If you mean MS Security Essentials, I like it, but it seems DougW was using it and his virus got past it.

Well to be fair, MSE found the stuff just fine - it just wasn't strong enough to delete the problems. On the other hand, it did let things in I guess. Overall, I like MSE still, and am back to it now (removed Avast). I like how it's been quiet for years, and I only know it's even there when I have something like that.

I am keeping Malewarebytes around too though, I think they'll be a good combo. And with bleepingcomputer & Combofix out there for some heavy shit, I actually feel pretty safe now.

malwarebytes worries me. :/

It found things but it let's ME decide what to remove. ANd some of the things it is finding is simply other programs. For example it found AVG 2012 and called it a Rogue. It found the executable for Hollywood mugl as something. How do I know I can trust what it is finding.

Should I just not bother removing things from it and just use that combo fix thing instead?

This is quite common with scanners. They will often times consider another virus protection a virus. As for Hollywood mogul it probably came from a smaller company. Some of my sims essentials blocked as well if they came from a company they were not familiar with.

Perfectly normal to have executables show up. If you know where it´s from and that you´ve actually installed it i wouldn´t worry about it.
I´m using Avira Antivir and when scanning, it marks it´s own install.exe (not the executable, the file you download) under alerts ;)

Some software will also request that you turn off another virus detection software when running their scan. For that reason i basically have installed two where i know that they are compatible and somewhat complement each other afaik (avira antivirus and superantispyware) and have a couple other programs where i download the exe every couple weeks so that i can install them if need be.

Theese false security programs seem to be all the rage now as well, just looking at the last tutorials at bleeping computer there are a ton of those.

Bump

Somehow my work computer picked up a rootkit - pihar.c , which I am having a fuckload of a time removing. Aside from "go to bleeping computer" does anyone have any experience removing this, or know of a freeware program that will pick it up and remove it? Kaspersky's antirootkit seems to see it, but can't cure it. Ditto for Avast's antirootkit.

Bump

Somehow my work computer picked up a rootkit - pihar.c , which I am having a fuckload of a time removing. Aside from "go to bleeping computer" does anyone have any experience removing this, or know of a freeware program that will pick it up and remove it? Kaspersky's antirootkit seems to see it, but can't cure it. Ditto for Avast's antirootkit.

Have you tried this yet?

http://blog.teesupport.com/how-to-remove-rootkit-boot-pihar-c-completely-rootkit-boot-pihar-c-manual-removal-help/

Have you tried this yet?

How to Remove Rootkit.Boot.Pihar.c Completely - Rootkit.Boot.Pihar.c Manual Removal Help - Tee Support Blog (http://blog.teesupport.com/how-to-remove-rootkit-boot-pihar-c-completely-rootkit-boot-pihar-c-manual-removal-help/)

the link looks familiar - tried it I think, but for some reason I couldn't find any of the files that it listed (maybe i have some new variant)?

might have it licked...cautiously hopeful

Hah. So Kaspersky's TDSS killer and Combofix and TrendMicro's Rootkit buster couldn't conquer it over the past couple months. I've just been basically living with it and not doing anything personally sensitive on this work machine (banking, gmail, etc).

Got fed up again though. Went googling around.

Booting into recovery console and running "fixmbr" and "fixboot" and then booting up and running MalwareByte's Anti-Rootkit seems to have done the trick. Rebooted and ran another scan after it found it and cleaned and I'm clean.

I love how it's easy time find someone sharing your issues on a virus/car problem/problem with something else. But finding out how they solved the issue is usually nonexistent.

I love how it's easy time find someone sharing your issues on a virus/car problem/problem with something else. But finding out how they solved the issue is usually nonexistent.

Yeah - I googled a fuckload before finally finding on bleepingcomputer that malwarebyte's had an anti-rootkit product out now, which is what finally did it.

Plenty of sites that were not very helpful at all.

That being said, the tips to boot into recovery console and fixmbr and fixboot came off kaspersky's forum

I love how it's easy time find someone sharing your issues on a virus/car problem/problem with something else. But finding out how they solved the issue is usually nonexistent.

Oh, I know .. I hate that. Which is why I always try to make an effort to post something like the following on any site I discussed any problems I'm getting help with.

Thanks to all.

In the event someone else in the future runs into anything similar, and searches - The steps (after my posts) I took (which seem to have me cleaned up) are :

After uninstalling MSE, I installed Avast. I installed Malewarebytes, I installed CCleaner, I installed rkill, I installed tdskiller.

I ran Malewarebytes, rkill, CCleaner, tdskiller, Avast (from Windows), then Avast again (it also has an option to run it on a restart before Windows starts). Then I started getting direction from bleepingcomputer. They had me run some scans that I guess gave them an idea what was going on. Then ran Combofix, then another info type scan, then ran a program called ESET (cleaned some browser stuff).

(Bleepingcomputer was very helpful, took my issues on a personal problem level, and although they said to expect a 5 day wait, it's been less than 1 - and I think it's done. Definitely donating to them.)

My gut says, as Mckerney suggested - Combofix was the key.

yeah, I should have added that i was glad you did the write up, because usually you can't find how the user solved the issue.