Go Back   WorldStart Tech & Computer Help Forums > PC Ask and Answer Questions

Reply
 
Thread Tools Display Modes
  #1  
Old 03-15-2017, 12:00 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Got a Red Screen "Windows Defender" message while online

While doing some research online this a.m., I got a Red Screen with lots of beeps and whistles and a voice telling me that my system was in jeopardy. Turned off the computer immediately, then restarted and started Firefox again. That same screen came up again, and there is no way to close it or go to any other tab. Can anyone help?
Attached Images
File Type: jpg Screenshot (41).jpg (93.7 KB, 48 views)
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #2  
Old 03-15-2017, 12:06 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Quote:
Originally Posted by imanovice View Post
While doing some research online this a.m., I got a Red Screen with lots of beeps and whistles and a voice telling me that my system was in jeopardy. Turned off the computer immediately, then restarted and started Firefox again. That same screen came up again, and there is no way to close it or go to any other tab. Can anyone help?
Do not, under any circumstances do anything that screen tells you do do, don't type in any password, don't call the phone number given. You have an infection/hijacker on the computer.

Do you actually use Windows Defender as your anti-virus program?
Are you using this computer to create this thread?
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #3  
Old 03-15-2017, 12:10 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Quote:
Originally Posted by jholland1964 View Post
Do not, under any circumstances do anything that screen tells you do do, don't type in any password, don't call the phone number given. You have an infection/hijacker on the computer.

Do you actually use Windows Defender as your anti-virus program?
Are you using this computer to create this thread?
Judy, no, I do not use Windows Defender, and I am NOT using that computer to write this thread.

I use BitDefender.

I have the affected computer on in safe mode and am running a Malwarebytes scan. I will need to be out of the office for a couple of hours, but will check back here as soon as possible for some guidance. Thank you in advance.
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #4  
Old 03-15-2017, 12:17 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Quote:
Originally Posted by imanovice View Post
Judy, no, I do not use Windows Defender, and I am NOT using that computer to write this thread.

I use BitDefender.

I have the affected computer on in safe mode and am running a Malwarebytes scan. I will need to be out of the office for a couple of hours, but will check back here as soon as possible for some guidance. Thank you in advance.
Perfect! Safe mode or Safe Mode with Networking?

Were you able to update Malwarebytes' before you began the scan?

It may not take very long, or at least it shouldn't.

Once it is finished then copy/paste the log and paste it here. There will be other tools necessary.

F.Y.I what you have is the Microsoft Security Essentials Alert Trojan or at least something very similar.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up

Last edited by jholland1964; 03-15-2017 at 12:26 PM. Reason: additional info
Reply With Quote
  #5  
Old 03-15-2017, 03:05 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Quote:
Originally Posted by jholland1964 View Post
Perfect! Safe mode or Safe Mode with Networking?

Were you able to update Malwarebytes' before you began the scan?

It may not take very long, or at least it shouldn't.

Once it is finished then copy/paste the log and paste it here. There will be other tools necessary.

F.Y.I what you have is the Microsoft Security Essentials Alert Trojan or at least something very similar.
Judy, I am using safe mode with networking. I did not try to update MalwareBytes, because I had just done so yesterday. May I use the "infected" computer in safe mode to copy/paste the log here?
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #6  
Old 03-15-2017, 03:10 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Quote:
Originally Posted by imanovice View Post
Judy, I am using safe mode with networking. I did not try to update MalwareBytes, because I had just done so yesterday. May I use the "infected" computer in safe mode to copy/paste the log here?
You must always make sure that Malwarebytes' has updated before a scan, even if you do multiple scans in one day. Malwarebytes' releases multiple updates daily, sometimes as many as 10! That is why the program is still considered the best scanner available. It should have automatically checked for updates before the scan began but since you are working on a known infected computer that may not have happened.

If you can get online with the infected computer then certainly you can copy/paste the log here. It would certainly be easier for you.
I would recommend that you first post the log you just received, let me look at it and then if it didn't automatically check for updates before the scan I will tell you to do it again.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #7  
Old 03-15-2017, 03:13 PM
Funtimes's Avatar
Funtimes Funtimes is offline
Epic Member
 
Join Date: Mar 2012
Location: At my house
Posts: 2,749
Quote:
Originally Posted by imanovice View Post
Judy, I am using safe mode with networking. I did not try to update MalwareBytes, because I had just done so yesterday. May I use the "infected" computer in safe mode to copy/paste the log here?
MalwareBytes has updates every day and some times more than 1 every day. When you go to run MBAM, it should check for updates. I just checked and told it to scan and the first thing I see is that it is updating itself.
__________________
Asus laptop i7-5500U CPU @2.40 GHz, Win 10 Home 64bit, 6 GB of RAM. Office 2003, WLM, MSE, MBAM, SpywareBlaster, Windows Firewall.
Reply With Quote
  #8  
Old 03-15-2017, 03:18 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Here is the log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2017
Scan Time: 10:03 AM
Logfile: Scan log 3 15.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.14.07
Rootkit Database: v2017.03.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320661
Time Elapsed: 21 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #9  
Old 03-15-2017, 03:19 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Quote:
Originally Posted by Funtimes View Post
MalwareBytes has updates every day and some times more than 1 every day. When you go to run MBAM, it should check for updates. I just checked and told it to scan and the first thing I see is that it is updating itself.
Exactly what I said above but when dealing with a computer already known to be infected then the recommendation is always check for manual updates if possible because there is no guarantee the program, any security program that is supposed to automatically update, will automatically update before scanning. That automatic update portion may have been disabled by the infection.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #10  
Old 03-15-2017, 03:32 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Quote:
Originally Posted by imanovice View Post
Here is the log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2017
Scan Time: 10:03 AM
Logfile: Scan log 3 15.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.14.07
Rootkit Database: v2017.03.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320661
Time Elapsed: 21 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Note items I have bolded and put in Red
The Malware Database was out of date when scan was run.
Scan for Rootkits should be Enabled
PUP & PUM settings should both be set to Treat Detections as Malware


Update the program and run another scan. As you see, it took 21 minutes and that is correct.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #11  
Old 03-15-2017, 04:02 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Scan after updating MalwareBytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2017
Scan Time: 1:39 PM
Logfile: scan log 2 3 15.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.15.07
Rootkit Database: v2017.03.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321111
Time Elapsed: 20 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #12  
Old 03-15-2017, 04:07 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Quote:
Originally Posted by jholland1964 View Post
Note items I have bolded and put in Red
The Malware Database was out of date when scan was run.
Scan for Rootkits should be Enabled
PUP & PUM settings should both be set to Treat Detections as Malware


Update the program and run another scan. As you see, it took 21 minutes and that is correct.
Looking back at the last 2 or 3 scans I've done, all three of those items state the same as above. Is it something I manually set?
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #13  
Old 03-15-2017, 04:08 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Quote:
Looking back at the last 2 or 3 scans I've done, all three of those items state the same as above. Is it something I manually set?
Those are manually set: Open the Program, go to Settings, Detection and Protection. Those are all located there. You do need to change those for sure before you do another scan later on.



Looks good thus far.

Still in Safe mode w/Networking?

Do this:

Download AdwCleaner by Xplode from this link:

http://www.bleepingcomputer.com/download/adwcleaner/

Save it to your desktop.

PLEASE NOTE: THIS IS A SPECIALIZED TOOL RUN ONLY WHEN DIRECTED TO DO SO WHEN SPECIFIC TYPES OF MALWARE ARE ALREADY SHOWN via a DDS Scan Logs and/or other tool logs to be on the computer.
IT SHOULD BE RUN ONLY ONE TIME.
THERE ARE TWO STEPS REQUIRED BUT RUN THE TOOL ITSELF ONCE ONLY. IF RUN MORE THAN ONCE THEN ORIGINAL REMOVALS DONE WILL NOT BE ABLE TO BE SEEN

CLOSE ALL other programs you have running....browsers, email programs. Letting those run while clean up tools to run slows the clean up immensely AND may not allow full clean up because many, if not most tools, cannot clean an open program. So close all that. Only open browser window AFTER the a tool has been run and used to clean and produces a log. Then open the one window and come back here and post the logs required.
Double click AdwCleaner to open it.
1. Hit the Scan button to have AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs. Once this search is complete you will see the words “PENDING” immediately move on to step 2.

2. NEXT Click on the Clean button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed. Copy/paste that log here.

Please NOTE there are TWO steps so sure to absolutely BOTH steps before you come back here and post the log.
After seeing the log I will give you the next steps.
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up

Last edited by jholland1964; 03-15-2017 at 04:11 PM. Reason: missed post, answered question
Reply With Quote
  #14  
Old 03-15-2017, 04:27 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Yes, still in safe mode with networking. And I will change those settings on MalwareBytes.

Here is the AdwCleaner log:

# AdwCleaner v6.044 - Logfile created 15/03/2017 at 14:21:13
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-15.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Kathy - BUSINESSPC
# Running from : C:\Users\Kathy\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [815 Bytes] - [15/03/2017 14:21:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1173 Bytes] - [15/03/2017 14:20:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [960 Bytes] ##########
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #15  
Old 03-15-2017, 04:32 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Now open AdwCleaner again, go to File, Uninstall. Program uninstalls itself and Quarantined file.

Next do this:

Download Junkware Removal Tool by thisisu

http://www.bleepingcomputer.com/down...-removal-tool/

PLEASE NOTE: THIS IS A SPECIALIZED TOOL RUN ONLY WHEN DIRECTED TO DO SO WHEN SPECIFIC TYPES OF MALWARE ARE ALREADY SHOWN via a DDS Scan Logs and/or other tool logs to be on the computer.
IT SHOULD BE RUN ONLY ONE TIME.


Double click on the new icon to start the program

Right click and select Run as Administrator

Follow the directions in the Black box and the program will run.

Be aware that during the scan your Desktop may disappear and a Windows Explorer window may open. These actions are Normal, DON’T PANIC.
Your computer will not be rebooted, but a logfile will be produced
Please copy/paste it back here –

With the reboot for AdwCleaner cleaning did you manually reboot to Safe?
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #16  
Old 03-15-2017, 04:47 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
The Junkware program cannot set a restore point. It says FAILED .... 0x8007043C. Can I go on anyway?

Also, once the program/black box is open, I do not get the option to run as administrator on right click. I can right click the icon on the desktop and hit run as administrator and the program starts, but I still see a message in the black box that says if I want to run as administrator, I must close the box and choose that option, or run without administrator privileges.
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #17  
Old 03-15-2017, 04:49 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Let me check and I will be right back
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #18  
Old 03-15-2017, 04:51 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Are you attempting to run Junkware in Safe Mode?
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #19  
Old 03-15-2017, 04:54 PM
imanovice imanovice is offline
Epic Member
 
Join Date: Jul 2005
Posts: 1,615
Quote:
Originally Posted by jholland1964 View Post
Are you attempting to run Junkware in Safe Mode?
Yes. Also, I closed my browser after downloading the Junkware.
__________________
HP Pavilion 15-n019wm Laptop w/Win10, HP laptop G61-511WM w/Win7 SP1 and HP Pavilion x2 10-n124dx w/Win10, all with BitDefender AV, MalwareBytes, and Spyware Blaster.
Reply With Quote
  #20  
Old 03-15-2017, 04:58 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 35,901
Quote:
Originally Posted by imanovice View Post
Yes. Also, I closed my browser after downloading the Junkware.
Please try rebooting to Normal Mode. While using these tools in safe mode is "ok" if there is no other way to run them, none of them run exactly at 100% because some files that should be running are not in safe mode, therefore the tools run at a "lower level" than normal and possibly not finding everything.

Please try Normal mode and let me know if the computer boots to Normal mode before attempting anything else
__________________

1.Dell Inspiron 17 5759
Windows 10 64bit
Firefox v.54.0. ;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Laptop Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 05:31 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2000-2011 WorldStart, Inc