PDA

View Full Version : Security Sphere 2012



Lurking
17-12-2011, 11:43 AM
This is a bad one, have tried all the cleaners as advised on here and in safe mode too.

It even won't let the old RegCleaner I have used in the past in either.

Don't want to but it looks like a re-install will be my last option.

Just as well wifey's pc here is okay.

Won't even let programs off the net to download.

How it got through is anyones' guess, although there have been a lot of emails from the family history groups I belong to withh attachments, would have thought they would be clean.

Lurking.

Ps. we have a XP re-install file on the infected pc which we can use, but thought we would try our wizz kids on here as a first option.

lurks.

Speedy Gonzales
17-12-2011, 11:48 AM
Follow this (http://www.bleepingcomputer.com/virus-removal/remove-security-sphere-2012). First thing I would do is boot into safe mode / networking and delete its entries in startup with ccleaner. If you want help get teamviewer install it, then send the ID and pw it gives you to me in a PM

feersumendjinn
17-12-2011, 11:52 AM
Try this :)
http://www.bleepingcomputer.com/virus-removal/remove-security-sphere-2012

Lurking
17-12-2011, 12:00 PM
Thanks for the quick reponse.

Have to go down to New Brighton market, wifey needs some help, she sells greeting cards etc, someone has to make money around here, lol.

Will tend to the replies when we get back.

Thanks,

Lurking.

pctek
17-12-2011, 02:45 PM
It even won't let the old RegCleaner I have used in the past in either.
.
regCleaner??!!
Throw that away.


Your arsenal should include Nod32, Spybot, MalwareBytes, all updated weekly, and Hijackthis.

Lurking
17-12-2011, 03:42 PM
regCleaner??!!
Throw that away.


Your arsenal should include Nod32, Spybot, MalwareBytes, all updated weekly, and Hijackthis.

Hi folks, this is tougher than I thought.

Speedy: SS won't allow TeamViwer in !.

feersumendjinn: no luck here !.

pctek: RegCleaner might be old, but at least it tells one what's new from old !.

Wonder if it will do a HJThis log will try and report back.

Lurking.

Ps. as an aside our PCGuru sent their Xmas email Thursday !!! but we are sure he wouldn't be touting for business, lol.

lurks.

Speedy Gonzales
17-12-2011, 03:55 PM
Will TV install in safe mode / safe mode / networking?? Did you delete its entries in startup?

bevy121
17-12-2011, 04:18 PM
I have found with a lot of these ones, if you start in safe mode and then immediately go to the%AllUsersProfile%

( C:\Documents and Settings\All Users for Windows 2000/XP )
( C:\ProgramData\ for Windows Vista/7 )

and simply change the name of the random generated named folder in there, then reboot - you can then clean up using whatever method you choose without being restricted by it.

wainuitech
17-12-2011, 04:56 PM
Did you run Rkill from the site speedy linked ??? its very unusual if that doesn't kill those infections so other antimalware programs can then be run to clean them out.

Lurking
17-12-2011, 08:56 PM
Gone as far as I can go.

All your help is appreciated, but now it's starting to throw up blue screen with error reports and shutting down.

SS must have a limit to the number of times it gets closed without responding to it's reporting.

Will have to get my pc retailer to look into it.

You folk have been great with past solutions and it's much appreciated.

Lurking.

Ps. still prefer Xp to this W7 machine of wifey's, lol.

PPs. have the EQC money, so could go and get the replacement laptop.

lurks.

Lurking
20-12-2011, 08:21 AM
Thanks to all who offered solutions to this virus.

Our pc supplier said it had got into the bios, took the drive out and stuck it into another pc and cleaned it out from that machine.

Back up and running, even runs faster.

Thanks again.

Lurking.

Snorkbox
20-12-2011, 08:48 AM
Personally I don't think the virus got into the BIOS.

At least it works now which is the main thing!! :cool:

Lurking
20-12-2011, 10:34 AM
Personally I don't think the virus got into the BIOS.

At least it works now which is the main thing!! :cool:

Hi Snorkbox, I had 2 blue screens with a lot of details, about ntfs, etc and advising a tech. to rectify.

Would have taken a external photo shot, but the Canon camera is worse than MS., hit and miss.

Tech unticked MSE updates and installed Avast, which I thought I had but see it's on the external hard drive, I know silly place to have it.

Yes machine seems to be running just fine.

Compliments of the season to you and all PressF1 helpers'.

Lurking.

Agent_24
20-12-2011, 06:21 PM
Hi Snorkbox, I had 2 blue screens with a lot of details, about ntfs, etc and advising a tech. to rectify.

Doesn't mean there was an infection in the BIOS - in fact infecting a BIOS is practically impossible to do automatically (or even manually) as there is generally little or no free space in which to insert extra code.

Even if there was spare space, you would need extensive knowledge of the BIOS in question to make sure the virus could 1) actually run and do anything 2) not disable core parts of the BIOS rendering the whole thing useless 3) somehow get the modified code back onto the EEPROM without error.

A few viruses over the years have interacted with the BIOS, but as far as I know they all just trash\erase it rather than doing anything clever.


Our pc supplier said it had got into the bios, took the drive out and stuck it into another pc and cleaned it out from that machine.

Sounds like your PC Supplier was talking rubbish or was confusing the BIOS with something else (like the hard drive!)

wainuitech
20-12-2011, 08:00 PM
Good that you got it fixed.

As a guess, it sounds more like it could be a boot sector infection of some kind. Some of these infections can cause all sorts of problems.

As its been mentioned, doubt it was a BIOS infection.
Tech unticked MSE updates and installed Avast :confused: stopping the update will do naff all ---- the program would have to be removed other wise MSSE and avast will clash.


Sounds like your PC Supplier was talking rubbish or was confusing the BIOS with something else (like the hard drive!) :lol: If a "Tech" cant tell the difference between those two, shouldn't be doing the job :D

Lurking
22-12-2011, 10:00 AM
Good that you got it fixed.

As a guess, it sounds more like it could be a boot sector infection of some kind. Some of these infections can cause all sorts of problems. :D

wai, tech could have said boot sector, lol, Chinese nationality and me with hearing aids doesn't help.

As I mentioned earlier, shame my Canon camera was on the blink, otherwise I would have attached details of the 2 blue screens.

Seasons Greetings,

Lurking.

Ps. camera is a PowerShot A590 IS and it was taken back a few times and should have been replaced, given battery chargers each time for a minimal fee.

eneloop batteries seem to have made a bit of difference.

lurks.

Agent_24
22-12-2011, 10:17 AM
wai, tech could have said boot sector, lol, Chinese nationality and me with hearing aids doesn't help.

Sounds a lot more likely!

Although despite my previous comments, it's quite easy to infect some other firmware - such as Macbook batteries. (http://hackaday.com/2011/07/23/apple-laptop-batteries-vulnerable-to-firmware-hack/)

A lot easier to do since the battery is much less critical than the system BIOS.

Lurking
22-12-2011, 03:11 PM
Sounds a lot more likely!

Although despite my previous comments, it's quite easy to infect some other firmware - such as Macbook batteries. (http://hackaday.com/2011/07/23/apple-laptop-batteries-vulnerable-to-firmware-hack/)

A lot easier to do since the battery is much less critical than the system BIOS.

Agent, thanks for the reply.

Seasons Greetings.

Lurking.