Cyber Security Center

tlarkin · 10-14-2009, 05:54 PM

I have a user here at work that loaded Cyber Security Center on their PC thinking it was a legit spyware program. In reality it is malware, and also a downloader. I cannot uninstall this for the life of me.

i removed all registry keys and dll files this piece of crap program puts on your system and every time I try to uninstall it, it asks me to activate the damn thing before i can uninstall it.

All the removal tools for this app that I have found on line are just more the same thing, malware advertising to get rid of it when they just want you to buy their 29 dollar product.

I am about to just wipe the HD and reimage the computer and be done with it, but if anyone has dealt with this before and knows how to fix it. Please let me in on your secret.

Also, I hate Windows.

Just for FYI I have tried these apps to remove it

spybot
avg
avaria
adaware
webroot (spysweeper or whatever it is called)

None of them can remove it. It has embedded itself in the system so deep it doesn't even get detected. Google searches pull up pretty limited information about it as well.

**mep916** · 10-14-2009, 06:00 PM

Have you tried Malwarebytes?

http://www.malwarebytes.org/mbam.php

tlarkin · 10-14-2009, 06:05 PM

Quote:

Originally Posted by mep916

Have you tried Malwarebytes?

http://www.malwarebytes.org/mbam.php

No, but I will give it a shot. So far no one is able to pick it up and some of the sites referring to being able to remove it, are also malware. This is why I can't stand Windows, stupid run everything as root and no self contained apps.

If it were self contained I'd just delete the app and be done with it.

**mep916** · 10-14-2009, 06:07 PM

I'm not good with malware removal but I know that malwarebytes is fast and catches most of the stuff. Just make sure you check for updates before you run the app.

tlarkin · 10-14-2009, 06:20 PM

Quote:

Originally Posted by mep916

I'm not good with malware removal but I know that malwarebytes is fast and catches most of the stuff. Just make sure you check for updates before you run the app.

I gotta run to a meeting for the second half of the day I will give it a shot later or tomorrow.

**mep916** · 10-14-2009, 06:37 PM

good luck dude. hope you get rid of that crap.

**johnb35** · 10-14-2009, 07:22 PM

Give combofix a try.

http://www.bleepingcomputer.com/comb...o-use-combofix

Reply with the following logs in order of running the program.

Combofix
Malwarebytes
Hijackthis

linkin93 · 10-14-2009, 09:17 PM

If malwarebytes is a no-go try running it in safemode, without networking.

tlarkin · 10-15-2009, 01:01 AM

I think I fixed it. Did not have enough time to check, but I went in and manually deleted all the binaries then it let me uninstall it with out a license key.

The trick is there are a few hidden files it puts that doesn't let you uninstall it. Once you kill the binaries and then kill the process it can't relaunch itself and it seemed to work.

I just need to see what collateral damage was done if any.

linkin93 · 10-15-2009, 07:05 AM

Good Job!

See if CCleaner or HiJack This picks anything up.

10-14-2009, 05:54 PM	#1 (permalink)
tlarkin VIP Member Join Date: Apr 2006 Location: Kansas City, MO Posts: 9,931	Cyber Security Center I have a user here at work that loaded Cyber Security Center on their PC thinking it was a legit spyware program. In reality it is malware, and also a downloader. I cannot uninstall this for the life of me. i removed all registry keys and dll files this piece of crap program puts on your system and every time I try to uninstall it, it asks me to activate the damn thing before i can uninstall it. All the removal tools for this app that I have found on line are just more the same thing, malware advertising to get rid of it when they just want you to buy their 29 dollar product. I am about to just wipe the HD and reimage the computer and be done with it, but if anyone has dealt with this before and knows how to fix it. Please let me in on your secret. Also, I hate Windows. Just for FYI I have tried these apps to remove it spybot avg avaria adaware webroot (spysweeper or whatever it is called) None of them can remove it. It has embedded itself in the system so deep it doesn't even get detected. Google searches pull up pretty limited information about it as well. __________________ Typical Signature: <Computer Specs> -numbers I read off a box -parts I assembled in a case all by myself -benchmark score "Will the man with telekenesis please raise my hand?" - Vonnegut chown -R us /.base Get a grep!

10-14-2009, 07:22 PM	#7 (permalink)
johnb35 Moderator Join Date: Sep 2005 Location: Near Joliet Illinois Age: 39 Posts: 3,612	Give combofix a try. http://www.bleepingcomputer.com/comb...o-use-combofix Reply with the following logs in order of running the program. Combofix Malwarebytes Hijackthis __________________ Motherboard - Gigabyte GA-EP45-UD3R CPU - E8400 Memory - 2GB Corsair XMS2 (2x 1gb) Graphics - ATI HD3870 Hard Drives - 250GB Seagate DVD Drive - Lite-On DVD Burner - Lite-On Power Supply - Rosewill RP600V2-S-SL 600W 22" Acer widescreen AL2216WBD

10-14-2009, 09:17 PM	#8 (permalink)
linkin93 Diamond Member Join Date: Jun 2009 Location: NSW, Australia Age: 16 Posts: 2,330	If malwarebytes is a no-go try running it in safemode, without networking. __________________ System CM Storm Scout - Asus P5N-E SLI - Core 2 Duo E4500 @ 3.02Ghz - 2x1GB Corsair XMS2 @ 900mhz - Sapphire HD 3870 - WD 250GB Caviar SE16 - SHAW 860W - Windows 7 Ultimate x64 Perhiprials Logitech G5 Mouse - Logitech R-10 Speakers - Targus Keyboard - HP L1470 17" 1280x1024 Monitor

10-15-2009, 01:01 AM	#9 (permalink)
tlarkin VIP Member Join Date: Apr 2006 Location: Kansas City, MO Posts: 9,931	I think I fixed it. Did not have enough time to check, but I went in and manually deleted all the binaries then it let me uninstall it with out a license key. The trick is there are a few hidden files it puts that doesn't let you uninstall it. Once you kill the binaries and then kill the process it can't relaunch itself and it seemed to work. I just need to see what collateral damage was done if any. __________________ Typical Signature: <Computer Specs> -numbers I read off a box -parts I assembled in a case all by myself -benchmark score "Will the man with telekenesis please raise my hand?" - Vonnegut chown -R us /.base Get a grep!

10-15-2009, 07:05 AM	#10 (permalink)
linkin93 Diamond Member Join Date: Jun 2009 Location: NSW, Australia Age: 16 Posts: 2,330	Good Job! See if CCleaner or HiJack This picks anything up. __________________ System CM Storm Scout - Asus P5N-E SLI - Core 2 Duo E4500 @ 3.02Ghz - 2x1GB Corsair XMS2 @ 900mhz - Sapphire HD 3870 - WD 250GB Caviar SE16 - SHAW 860W - Windows 7 Ultimate x64 Perhiprials Logitech G5 Mouse - Logitech R-10 Speakers - Targus Keyboard - HP L1470 17" 1280x1024 Monitor

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
computer definitely infected	Aztec97gt	Computer Security	27	09-01-2008 12:10 PM
advertisment by adssite annoying pop ups analyse hijack log	alyoob	Computer Security	11	01-10-2008 10:08 AM
hijack this log	spkenn5	Computer Security	29	11-17-2006 06:45 AM
Allsorts of infections that Norton can't seem to get rid of	talacrush	Computer Security	24	10-25-2006 11:49 AM
Infected With Look2me;Popups include:Dofact,Yourtruths,Drivecleaner.Here is HJT Log.	ranzy	Computer Security	9	09-05-2006 04:54 PM