1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Re: Malware Defense virus

Discussion in 'Windows XP' started by rhl, Jan 17, 2010.

  1. rhl

    rhl Flightless Bird

    mindydee:

    Security Central popped up on one of my computers about 3 days ago. I
    researched this particular malware. I found that it can essentially
    disable your computer by not allowing exe or com files to run if
    Security Central believes those files might be used to go after Security
    Central. However, it will likely not blow up your computer or release
    your data to the rest of the world. I can't vouch for the truth of the
    last statement, but I took a chance and let it go for a couple of days
    with no apparent ill effects.

    Last night I had some time to take care of it. I removed it
    successfully and so far everything is right with the computer. Security
    Central appears to be history.

    Somebody else referred you to the bleepingcomputer site. I found 3
    other fixes but used the directions from bleepingcomputer. Essentially,
    you use "rkill" to temporarily disable Security Central and then you can
    use Malwarebytes anti malware program to remove it. Simple procedure
    and it seems to work. However, the full malwarebytes scan took at least
    3 hours so you may not want to be sitting in front of the computer the
    whole time.

    Follow the following link for the removal instructions.
    http://www.bleepingcomputer.com/virus-removal/remove-security-central
    This is my first post on this site and the link I just posted looks
    weird on the composing screen, so if the link doesn't work, just
    manually type into the address bar of your browser:
    "http://www.bleepingcomputer.com/virus-removal/remove-security-central".

    Follow the instructions which are pretty clear.

    Now, who can help me out?
    After removing Security Central I also find desktop shortcuts to the
    following files:
    "pev.exe" and "ncmd.cfxxe"
    I've searched the web and find several references to them but no
    satisfactory explanation. I'm not worried about them as I have already
    renamed them so I can presumably delete them. Anybody know what they do
    and can confirm that removing them will not mess anything up ?

    Thanx
    RHL
     
  2. RH:
    it sounds like we have had the same sort of problem. it just happened to me
    again! the first virus was called Malware Defense, got rid of that and 2
    days later another popped up. this one was called antivirus live. they seem
    to come in many different names, don't they! this one would not let me run a
    scan on my virus protection. i would get a pop up saying that it was
    infected and could not open my MBAM. same thing for rkill, i couldn't run
    that either. i ended up turning off my computer and going into safe mode and
    then running the MBAM, which seems to have done the trick. however, like you,
    i still have 2 questionable desktop shortcuts on my desktop that i am unsure
    about. they are the exact same one's that you have. i am also very curious
    about what to do with these or how to get rid of them. like you said, they
    are not very easy to re-search. when i type in "pev.exe" all i get is
    information about how to remove malware. i have removed the malware, but
    that desktop shortcut is still left behind and the malware is what put it
    there. if anybody out there knows what to do to get rid of these pesky
    desktop shortcuts, i would love to find out. if you come across anything, RH,
    could you please let me know? by the way....i clicked on the link you put up
    from"bleeping computer" and it worked just fine. thanks for the information.
    i had gone to that site to re-search the malware defense virus and that is
    how i found out about rkill. it was a very helpful link. thanks for the
    response. i have posted on this site a few times now. very helpful &
    knowledgeable people here that always seem to help me out when i am in a jam
    or have a question. take care! :)

    rhl wrote:
    >mindydee:
    >
    >Security Central popped up on one of my computers about 3 days ago.
    >researched this particular malware. I found that it can essentiall
    >disable your computer by not allowing exe or com files to run i
    >Security Central believes those files might be used to go after Securit
    >Central. However, it will likely not blow up your computer or releas
    >your data to the rest of the world. I can't vouch for the truth of th
    >last statement, but I took a chance and let it go for a couple of day
    >with no apparent ill effects.
    >
    >Last night I had some time to take care of it. I removed i
    >successfully and so far everything is right with the computer. Securit
    >Central appears to be history.
    >
    >Somebody else referred you to the bleepingcomputer site. I found
    >other fixes but used the directions from bleepingcomputer. Essentially
    >you use "rkill" to temporarily disable Security Central and then you ca
    >use Malwarebytes anti malware program to remove it. Simple procedur
    >and it seems to work. However, the full malwarebytes scan took at leas
    >3 hours so you may not want to be sitting in front of the computer th
    >whole time.
    >
    >Follow the following link for the removal instructions.
    >http://www.bleepingcomputer.com/virus-removal/remove-security-central
    >This is my first post on this site and the link I just posted look
    >weird on the composing screen, so if the link doesn't work, jus
    >manually type into the address bar of your browser:
    >"http://www.bleepingcomputer.com/virus-removal/remove-security-central".
    >
    >Follow the instructions which are pretty clear.
    >
    >Now, who can help me out?
    >After removing Security Central I also find desktop shortcuts to th
    >following files:
    >"pev.exe" and "ncmd.cfxxe"
    >I've searched the web and find several references to them but n
    >satisfactory explanation. I'm not worried about them as I have alread
    >renamed them so I can presumably delete them. Anybody know what they d
    >and can confirm that removing them will not mess anything up ?
    >
    >Thanx
    >RH


    --
    Message posted via http://www.windowskb.com
     
  3. RH:

    I finally got an answer to what those desktop icons are! it took a few days
    but I figured it out! I found a forum dedicated to rkill, here is the link...
    ...

    http://www.technibble.com/rkill-repair-tool-of-the-week/comment-page-1/#comment-12137


    i wrote a question in the forum about the desktop icons & this is the answer
    i was given:

    MindyDee, those 3 files can be deleted. They were extracted by the program
    when it runs, and as the rogue terminated it, they were left behind. Now that
    your infection is gone, you can just run rkill again to delete the files or
    delete them manually.

    i think they mean to put those 2 files, not 3, as the question was asking
    about "pev.exe" and ncmd.cfxxe". so there you have it, we can delete them
    with no harm. have a great day! :)

    rhl wrote:
    >mindydee:
    >
    >Security Central popped up on one of my computers about 3 days ago.
    >researched this particular malware. I found that it can essentiall
    >disable your computer by not allowing exe or com files to run i
    >Security Central believes those files might be used to go after Securit
    >Central. However, it will likely not blow up your computer or releas
    >your data to the rest of the world. I can't vouch for the truth of th
    >last statement, but I took a chance and let it go for a couple of day
    >with no apparent ill effects.
    >
    >Last night I had some time to take care of it. I removed i
    >successfully and so far everything is right with the computer. Securit
    >Central appears to be history.
    >
    >Somebody else referred you to the bleepingcomputer site. I found
    >other fixes but used the directions from bleepingcomputer. Essentially
    >you use "rkill" to temporarily disable Security Central and then you ca
    >use Malwarebytes anti malware program to remove it. Simple procedur
    >and it seems to work. However, the full malwarebytes scan took at leas
    >3 hours so you may not want to be sitting in front of the computer th
    >whole time.
    >
    >Follow the following link for the removal instructions.
    >http://www.bleepingcomputer.com/virus-removal/remove-security-central
    >This is my first post on this site and the link I just posted look
    >weird on the composing screen, so if the link doesn't work, jus
    >manually type into the address bar of your browser:
    >"http://www.bleepingcomputer.com/virus-removal/remove-security-central".
    >
    >Follow the instructions which are pretty clear.
    >
    >Now, who can help me out?
    >After removing Security Central I also find desktop shortcuts to th
    >following files:
    >"pev.exe" and "ncmd.cfxxe"
    >I've searched the web and find several references to them but n
    >satisfactory explanation. I'm not worried about them as I have alread
    >renamed them so I can presumably delete them. Anybody know what they d
    >and can confirm that removing them will not mess anything up ?
    >
    >Thanx
    >RH


    --
    Message posted via WindowsKB.com
    http://www.windowskb.com/Uwe/Forums.aspx/windowsxp/201001/1
     

Share This Page