• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Re: Malware Defense virus

R

rhl

Flightless Bird
mindydee:

Security Central popped up on one of my computers about 3 days ago. I
researched this particular malware. I found that it can essentially
disable your computer by not allowing exe or com files to run if
Security Central believes those files might be used to go after Security
Central. However, it will likely not blow up your computer or release
your data to the rest of the world. I can't vouch for the truth of the
last statement, but I took a chance and let it go for a couple of days
with no apparent ill effects.

Last night I had some time to take care of it. I removed it
successfully and so far everything is right with the computer. Security
Central appears to be history.

Somebody else referred you to the bleepingcomputer site. I found 3
other fixes but used the directions from bleepingcomputer. Essentially,
you use "rkill" to temporarily disable Security Central and then you can
use Malwarebytes anti malware program to remove it. Simple procedure
and it seems to work. However, the full malwarebytes scan took at least
3 hours so you may not want to be sitting in front of the computer the
whole time.

Follow the following link for the removal instructions.
http://www.bleepingcomputer.com/virus-removal/remove-security-central
This is my first post on this site and the link I just posted looks
weird on the composing screen, so if the link doesn't work, just
manually type into the address bar of your browser:
"http://www.bleepingcomputer.com/virus-removal/remove-security-central".

Follow the instructions which are pretty clear.

Now, who can help me out?
After removing Security Central I also find desktop shortcuts to the
following files:
"pev.exe" and "ncmd.cfxxe"
I've searched the web and find several references to them but no
satisfactory explanation. I'm not worried about them as I have already
renamed them so I can presumably delete them. Anybody know what they do
and can confirm that removing them will not mess anything up ?

Thanx
RHL
 
M

mindydee113 via WindowsKB.com

Flightless Bird
RH:
it sounds like we have had the same sort of problem. it just happened to me
again! the first virus was called Malware Defense, got rid of that and 2
days later another popped up. this one was called antivirus live. they seem
to come in many different names, don't they! this one would not let me run a
scan on my virus protection. i would get a pop up saying that it was
infected and could not open my MBAM. same thing for rkill, i couldn't run
that either. i ended up turning off my computer and going into safe mode and
then running the MBAM, which seems to have done the trick. however, like you,
i still have 2 questionable desktop shortcuts on my desktop that i am unsure
about. they are the exact same one's that you have. i am also very curious
about what to do with these or how to get rid of them. like you said, they
are not very easy to re-search. when i type in "pev.exe" all i get is
information about how to remove malware. i have removed the malware, but
that desktop shortcut is still left behind and the malware is what put it
there. if anybody out there knows what to do to get rid of these pesky
desktop shortcuts, i would love to find out. if you come across anything, RH,
could you please let me know? by the way....i clicked on the link you put up
from"bleeping computer" and it worked just fine. thanks for the information.
i had gone to that site to re-search the malware defense virus and that is
how i found out about rkill. it was a very helpful link. thanks for the
response. i have posted on this site a few times now. very helpful &
knowledgeable people here that always seem to help me out when i am in a jam
or have a question. take care! :)

rhl wrote:
>mindydee:
>
>Security Central popped up on one of my computers about 3 days ago.
>researched this particular malware. I found that it can essentiall
>disable your computer by not allowing exe or com files to run i
>Security Central believes those files might be used to go after Securit
>Central. However, it will likely not blow up your computer or releas
>your data to the rest of the world. I can't vouch for the truth of th
>last statement, but I took a chance and let it go for a couple of day
>with no apparent ill effects.
>
>Last night I had some time to take care of it. I removed i
>successfully and so far everything is right with the computer. Securit
>Central appears to be history.
>
>Somebody else referred you to the bleepingcomputer site. I found
>other fixes but used the directions from bleepingcomputer. Essentially
>you use "rkill" to temporarily disable Security Central and then you ca
>use Malwarebytes anti malware program to remove it. Simple procedur
>and it seems to work. However, the full malwarebytes scan took at leas
>3 hours so you may not want to be sitting in front of the computer th
>whole time.
>
>Follow the following link for the removal instructions.
>http://www.bleepingcomputer.com/virus-removal/remove-security-central
>This is my first post on this site and the link I just posted look
>weird on the composing screen, so if the link doesn't work, jus
>manually type into the address bar of your browser:
>"http://www.bleepingcomputer.com/virus-removal/remove-security-central".
>
>Follow the instructions which are pretty clear.
>
>Now, who can help me out?
>After removing Security Central I also find desktop shortcuts to th
>following files:
>"pev.exe" and "ncmd.cfxxe"
>I've searched the web and find several references to them but n
>satisfactory explanation. I'm not worried about them as I have alread
>renamed them so I can presumably delete them. Anybody know what they d
>and can confirm that removing them will not mess anything up ?
>
>Thanx
>RH


--
Message posted via http://www.windowskb.com
 
M

mindydee113 via WindowsKB.com

Flightless Bird
RH:

I finally got an answer to what those desktop icons are! it took a few days
but I figured it out! I found a forum dedicated to rkill, here is the link...
...

http://www.technibble.com/rkill-repair-tool-of-the-week/comment-page-1/#comment-12137


i wrote a question in the forum about the desktop icons & this is the answer
i was given:

MindyDee, those 3 files can be deleted. They were extracted by the program
when it runs, and as the rogue terminated it, they were left behind. Now that
your infection is gone, you can just run rkill again to delete the files or
delete them manually.

i think they mean to put those 2 files, not 3, as the question was asking
about "pev.exe" and ncmd.cfxxe". so there you have it, we can delete them
with no harm. have a great day! :)

rhl wrote:
>mindydee:
>
>Security Central popped up on one of my computers about 3 days ago.
>researched this particular malware. I found that it can essentiall
>disable your computer by not allowing exe or com files to run i
>Security Central believes those files might be used to go after Securit
>Central. However, it will likely not blow up your computer or releas
>your data to the rest of the world. I can't vouch for the truth of th
>last statement, but I took a chance and let it go for a couple of day
>with no apparent ill effects.
>
>Last night I had some time to take care of it. I removed i
>successfully and so far everything is right with the computer. Securit
>Central appears to be history.
>
>Somebody else referred you to the bleepingcomputer site. I found
>other fixes but used the directions from bleepingcomputer. Essentially
>you use "rkill" to temporarily disable Security Central and then you ca
>use Malwarebytes anti malware program to remove it. Simple procedur
>and it seems to work. However, the full malwarebytes scan took at leas
>3 hours so you may not want to be sitting in front of the computer th
>whole time.
>
>Follow the following link for the removal instructions.
>http://www.bleepingcomputer.com/virus-removal/remove-security-central
>This is my first post on this site and the link I just posted look
>weird on the composing screen, so if the link doesn't work, jus
>manually type into the address bar of your browser:
>"http://www.bleepingcomputer.com/virus-removal/remove-security-central".
>
>Follow the instructions which are pretty clear.
>
>Now, who can help me out?
>After removing Security Central I also find desktop shortcuts to th
>following files:
>"pev.exe" and "ncmd.cfxxe"
>I've searched the web and find several references to them but n
>satisfactory explanation. I'm not worried about them as I have alread
>renamed them so I can presumably delete them. Anybody know what they d
>and can confirm that removing them will not mess anything up ?
>
>Thanx
>RH


--
Message posted via WindowsKB.com
http://www.windowskb.com/Uwe/Forums.aspx/windowsxp/201001/1
 
Top