Need Help fake microsoft security essentials alert

[liteace]

Hi All, I need help, I have been using avast for years and never had a problem, my PC is used for work and has a lot of large automotive programs on. I have got the fake microsoft security essentials alert. I have done boot time scan and normal scan that both take forever due to the 1Tb of programs and data on the PC, the avast is up to date but its still there, how do I get rid if it ?

Thanks

[Asyn]

I have got the fake microsoft security essentials alert. I have done boot time scan and normal scan that both take forever due to the 1Tb of programs and data on the PC, the avast is up to date but its still there, how do I get rid if it ?

Not sure, what you mean...
Please be more precise. Thanks.
asyn

[liteace]

well Ive got a fake microsoft security essentials alert popup virus that wont let me open IE or task manager, its a box that pops up when the pc stats and sits right in the middle of the desktop with "microsoft security essentials alert" with a little red screen with a cross in it and next to that its got "potential threat details" and I close it

[liteace]

its the same as this:

http://www.spywarevoid.com/wp-content/uploads/2010/08/Microsoft_Security_Essentials_Alert.jpg

[Asyn]

well Ive got a fake microsoft security essentials alert popup virus that wont let me open IE or task manager, its a box that pops up when the pc stats and sits right in the middle of the desktop with "microsoft security essentials alert" with a little red screen with a cross in it and next to that its got "potential threat details" and I close it

So, do you use MSE and you want to know, if this is a legit alert or FP...?
Or don't you use it and you think you got a rogue...??
asyn

[liteace]

I dont know Ive never installed MSE and its not in my program list, if it was the REAL MSE then it would let me got to task manager at least would it not + I cant close it its just always there??

[Asyn]

Ok, download Free Mbam. http://www.malwarebytes.org/mbam.php
Install and update it, run a scan and post the results here.
asyn

[liteace]

so avast cant deal with it ? problem is I cant download anything as it wont let me open IE

[Asyn]

so avast cant deal with it ? problem is I cant download anything as it wont let me open IE

If you are on a 32bit system, run a boot time scan with avast.
Else boot into safe mode and run a full scan with avast.
asyn

[Tenko]

Hey and Welcome to the forum!

I would recommend you to login in safe mode (with network in case you want to update Avast or Malwarebytes), not all malware will be active then, by pressing F8 when your computer boots.

In worst case you have to make a boot scan and wait until it's finished.

And try Malwarebytes.

Regards,
               Tenko

[liteace]

is there anyway I can set the setting before running bootscan so it automaticly put anything found ib the chest as I casnt sit here for 5 hours

[Asyn]

is there anyway I can set the setting before running bootscan so it automaticly put anything found ib the chest as I casnt sit here for 5 hours

No, sorry. How much data do you have..??
If you haven't got this amount of time you can try to start in safe mode with network and try to download mbam from there or use another machine to download it (neighbors/friends/family).
asyn

[liteace]

Ive tried the safe mode and it still pops up and avast wont run when Im in safe mode or connect to the sever for updates. I have about 1.3Tb of programs and data, ive just dowmloaded malwarebytes and it running now but again thats going to take a long time, its found 2 infected objects i would like to stop it now and see what they are but I dont think I can. What I cant understand is that me avast it up to date so why didnt that get it before it got in ??

[liteace]

I did stop it and deleted the 2 that it found, it reported this:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/30/2010 2:22:36 PM
mbam-log-2010-11-30 (14-22-36).txt

Scan type: Quick scan
Objects scanned: 47124
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adatadrv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\drivers\adatadrv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Ive rebooted and its still there and doing my head in now

[Asyn]

1. ive just dowmloaded malwarebytes and it running now but again thats going to take a long time.
2. What I cant understand is that me avast it up to date so why didnt that get it before it got in ??

1. Good. It could take some time, but don't stop it. Let Mbam deal with its findings, post the log here afterwards.
2. Depends on where/how you infected your machine, I'll give you some help later, first we need to get this cleaned.
asyn