htcz Posted April 29, 2012 Share Posted April 29, 2012 Hey I turned on my monitor today (I leave my PC running) and I had a popup from MSE saying that the MSE service had stop and it was recommended that I started it up again. I clicked the restart button and it went away. I wanted to see something in Task Manager but when I hit the Ctrl+Shift+Esc shortcut, a error message giving a 0x000005 code popup up saying that it couldnt start task manager up. I restarted my PC (in case someone already had access) and now everything is once again back to normal. Im going to run MSE and Malwarebyte Anti-Malware now (Complete on both) but should I be alarmed about some issue? Thank you! Link to comment Share on other sites More sharing options...
MinTeH Posted April 29, 2012 Share Posted April 29, 2012 I had a similar issue once and a reinstall of MSE fixed it. Found nothing on any scans and my computer is pretty locked down. I wouldn't worry just continue your scans to make sure. Link to comment Share on other sites More sharing options...
g0dzilla Posted April 29, 2012 Share Posted April 29, 2012 Some forms of Malware and Spyware can cause error messages like that to pop-up as the program doesn't want you manually killing off its executable from the Task Manager. Most of these programs disable the launching of any other executables, so if that wasn't the case then you should be OK. But just to be safe, make sure you do Full system scans with at least a couple of different AV products. May just be a once off and have more to do with a bug in MSE... Link to comment Share on other sites More sharing options...
htcz Posted April 29, 2012 Author Share Posted April 29, 2012 The scan isnt completely because of the huge space I have. Will be tommorow. But for now, nothing foul... Link to comment Share on other sites More sharing options...
sc302 Veteran Posted April 30, 2012 Veteran Share Posted April 30, 2012 Probably just a software hiccup. It still happen occasionally where a reboot cures the issue. Link to comment Share on other sites More sharing options...
Odom Member Posted April 30, 2012 Member Share Posted April 30, 2012 Did you check the Event Log? Might find something in there. Link to comment Share on other sites More sharing options...
cork1958 Posted April 30, 2012 Share Posted April 30, 2012 Probably just a software hiccup. It still happen occasionally where a reboot cures the issue. Especially with MSE. I've seen that a few times after an update. Link to comment Share on other sites More sharing options...
g0dzilla Posted April 30, 2012 Share Posted April 30, 2012 Yes, could have been a definition update for MSE not playing nicely with your system. Link to comment Share on other sites More sharing options...
htcz Posted May 1, 2012 Author Share Posted May 1, 2012 It might be related or not but it seems Trojan. Agent/Gen-iExplorer has been installed on my system. Im in Safe Mode as I almost cannot get into normal Windows so how can I remove this? Neither MBAM or MSE detected it or/and stopped it. Link to comment Share on other sites More sharing options...
xdot.tk Posted May 1, 2012 Share Posted May 1, 2012 How do you know you have it? Link to comment Share on other sites More sharing options...
htcz Posted May 1, 2012 Author Share Posted May 1, 2012 How do you know you have it? A window pops up (I cant open Task Manager or anything: The only thing I can do is hit Ctrl+Alt+Delete and it shows the log out, change user, open task, etc) and displays some message about the cops seeing illegal activity and I should pay. I searched for the message and it says that the virus is that one. Currently on my laptop and the PC is only useable in Safe Mode. Sad that MBAM and MSE did not stop it or detect it (even scanning in safe mode it did not detect it (it was a quick scan though)) I want to remove it simply because I want to use my damn PC... Link to comment Share on other sites More sharing options...
StrikedOut Posted May 1, 2012 Share Posted May 1, 2012 Try this, http://www.microsoft.com/security/scanner/en-gb/default.aspx Its Microsofts online security scanner, worked where MSE and Malwarebytes didnt for me. Link to comment Share on other sites More sharing options...
xdot.tk Posted May 1, 2012 Share Posted May 1, 2012 https://www.google.com/search?q=Agent%2FGen-iExplorer Link to comment Share on other sites More sharing options...
htcz Posted May 1, 2012 Author Share Posted May 1, 2012 Try this, http://www.microsoft.com/security/scanner/en-gb/default.aspx Its Microsofts online security scanner, worked where MSE and Malwarebytes didnt for me. Will try now. https://www.google.com/search?q=Agent%2FGen-iExplorer I searched for that too :) But some of those pages look.........suspicious. Would you recommend one? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted May 1, 2012 Veteran Share Posted May 1, 2012 Here are a few things to try. Run rkill first to kill malware exe's. Superantispyware Eset online scan (safe mode with networking is needed) You can try combofix from bleeping computer. And just because it takes a couple of seconds to run tdsskiller. Superantispyware should remove that, the rest should find anything else. Link to comment Share on other sites More sharing options...
htcz Posted May 1, 2012 Author Share Posted May 1, 2012 It may be closer related to Trojan.Ransom AKA: Trojan-Ransom.Win32.Chameleon.mw, Trojan-Ransom.Win32.PornoBlocker.jtg, bunda.exe, Trojan.Chameleon, Win32.HmBlocker, Trojan.Win32.Ransom!IK. Trojan.Win32.Ransom, Win32/LockScreen Just in case that information may help :) Link to comment Share on other sites More sharing options...
htcz Posted May 1, 2012 Author Share Posted May 1, 2012 Ah good news! :) Found a tool that automatically removes it. Ran it and my system is back to normal :) Will run some on these you guys have mentioned just in case. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted May 1, 2012 MVC Share Posted May 1, 2012 "Found a tool that automatically removes it. Ran it and my system is back to normal" And what tool was that? Why don't you share for the next schmuck? I personally would prob just reinstall.. With some of these infections, to be honest the only way to be sure is to just "Nuke the Thing from Orbit!" I don't think I could trust a machine that was infected with something that normal tools did not catch, etc. Who says your tool your ran removed it all? Maybe you just removed the symptom you were seeing? Marshall 1 Share Link to comment Share on other sites More sharing options...
htcz Posted May 1, 2012 Author Share Posted May 1, 2012 "Found a tool that automatically removes it. Ran it and my system is back to normal" And what tool was that? Why don't you share for the next schmuck? It seemed to be more like a "BAT script" of sorts. I personally would prob just reinstall.. With some of these infections, to be honest the only way to be sure is to just "Nuke the Thing from Orbit!" I don't think I could trust a machine that was infected with something that normal tools did not catch, etc. Who says your tool your ran removed it all? Maybe you just removed the symptom you were seeing? I would also love to and HAVE to reinstall since some time but I simply do not have time :( You are right that it is not 100% sure that it is removed but I cared about the symptom about not being able to use my PC at a lot as the important part. But I will have to format at some stage. Link to comment Share on other sites More sharing options...
g0dzilla Posted May 1, 2012 Share Posted May 1, 2012 Glad that you got it resolved in the end (hopefully!). I like to use ComboFix (at work, not on my home PC :) ) as a last resort as it seems to do a good job in getting rid of particularly nasty or stealthy infections. Use with caution though as it has been known to break certain things...especially VPN connections/configurations. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted May 1, 2012 MVC Share Posted May 1, 2012 "It seemed to be more like a "BAT script" of sorts." where did you get - what was in the script? Did you write it? Link to comment Share on other sites More sharing options...
g0dzilla Posted May 2, 2012 Share Posted May 2, 2012 Yes, please share this info as it may be useful for others; either the link to download the batch script or a paste of its contents. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted May 4, 2012 MVC Share Posted May 4, 2012 For giggles you may want to create a Kaspersky rescue 10 CD / USB key and run a full scan outside of windows. it is truly a great bootable scanner. http://support.kaspe.../?qid=208282173 Link to comment Share on other sites More sharing options...
Recommended Posts