Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft Security Essentials- A Warning

30 Nov 2010   #11
DBone

Windows 7 Home Premium x64 SP1
 
 

This is the only forum that I frequent, that MSE is recommended so often. MSE produces poor results in test after test, but it is revered on this site, and I just don't get it? I'm sure I'll be hammered for this post!

I use Comodo 5.0 and couldn't be happier. Thanks for sharing your experience.


My System SpecsSystem Spec
.
30 Nov 2010   #12
pparks1

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by DBone View Post
This is the only forum that I frequent, that MSE is recommended so often. MSE produces poor results in test after test, but it is revered on this site, and I just don't get it? I'm sure I'll be hammered for this post!
I think that many of us here on this forum are generally speaking low risk and safe PC users. We don't use pirated software, we don't search for torrents and we generally speaking steer far away from trouble. For these reasons, for many of us, the protection provided by MSE is suitable enough. I'm sure that a few of the paid apps would do a better job...but I sincerely doubt that I would get my $60 worth out of something like ESET or NIS.

On my box, I use a combination of super spyware blaster, MSE and Malware Bytes. I also use Firefox as my daily browser. I'll be honest, I honestly don't recall the last nasty thing that showed up on my PC. These tools update and search regularly and they always come back with a big fat 0.

What are these test sites that show such poor results with MSE? I'd like to see them...something to me seems a bit fishy their as the product does seem to perform well and most things I have read have been pretty darn positive about this product.
My System SpecsSystem Spec
30 Nov 2010   #13
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

hmm... possibly a new variation of TDSS Rootkit : a variant of Win32/Kryptik.HQY trojan C_Windows\System32\ernel32.dll
Ernel32.dll is Trojan/Backdoor

These are the most dangerous, and most widespread, type of Trojan.

Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security | DSLReports.com, ISP Information
If you choose to format and reinstall see this link for instructions:
Windows: reformat and reinstall - Cyberwalker.com
Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.
We can in no way, guarantee it to be trustworthy again.

If you decide to reformat, you should still download the protection on the newly formatted PC, or else you will have a high chance of reinfection.

Who/what forum helped you to use OTL?
My System SpecsSystem Spec
.

30 Nov 2010   #14
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

In short ... this is a nasty Rootkit that most all, if any, Anti-virus program can detect.
It takes special tools by 'dedicated developers' to detect it.

Don't blame MSE alone
My System SpecsSystem Spec
01 Dec 2010   #15
mickey megabyte

ultimate 64 sp1
 
 

Quote   Quote: Originally Posted by Jacee View Post
In short ... this is a nasty Rootkit that most all, if any, Anti-virus program can detect.
It takes special tools by 'dedicated developers' to detect it.

Don't blame MSE alone
i think you mean "can't detect", Jacee?
My System SpecsSystem Spec
01 Dec 2010   #16
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi all
NONE of you have answered the REAL question here --what were you doing on the machine BEFORE you got infected -- without that info all this speculation is pointless.

Some of us have run computers for DONKEYS YEARS without any AV at all (although not a good idea these days) and NEVER been infected whilst others who have installed all sorts of AV and malware detection programs get infected within 30 mins of first logging on to the Internet.

In order to defend against an attack you need to have some idea as to where it came from in the first place.

In any case it sounds like using foxit reader or something you've got is messing around with pdf files.

I usually use a Virtual Machine to connect to the internet and only migrate stuff to a REAL machine after testing.

If the Virtual Machine gets infected I just trash it and start a new copy of the clean VM.

IMO if you have enough resources this is one of the safest ways to do it.

cheers
jimbo
My System SpecsSystem Spec
01 Dec 2010   #17
Orbital Shark

 
 

In truth you'll never stop malware no matter what AV/AM software you use. Some will ALWAYS find a way in. I remember using Norton IS 2008 which was a very good av but still, it let all sorts in. I would visit known bug sites and they would just have a field day. Jimbo's right, it's all about how sensible you're browsing is and knowing what sites are classed as safe and unsafe.


OS
My System SpecsSystem Spec
01 Dec 2010   #18
marsmimar

Microsoft Community Contributor Award Recipient

 
 

Quote   Quote: Originally Posted by whs View Post
I had a similar experience with MSE. Fortunately I do heavy imaging and got myself easily out of the bind. I am now using NIS 2011 hoping that it will better protect me - the earlier NIS editions worked quite well for me.
I think what WHS said bears repeating. Once a computer is set up the way a user wants, create a full system image. Doesn't matter if you use the Windows 7 imaging tool, Macrium free, Paragon, Acronis, or something else. The OP invested many hours trying to resolve this issue and without a reformat/reinstall, there's no way to be 100% sure the machine is without malware.
My System SpecsSystem Spec
01 Dec 2010   #19
gringoal

Windows 7 Home Premium 64bit.
 
 

Thanks for the advice and info Jacee. If you believe that these trojans can't be detected by most AV programs. The fact that both of these trojans were identified by ESET must say good things about their AV

OTL? Do you mean OTM (Old Timer Move it). That was another of the many detection and deletion programs that Malwarbytes asked me to try.

For others who asked about what I was doing when I got infected, I was downloading a pirated PDF ebook from a dodgy site. Here is the full OTM log

c:\windows\syswow64\drivers\hlfcm.sys
c:\windows\syswow64\drivers\xsgdw.sys
c:\windows\syswow64\drivers\rmmo.sys
c:\users\owner\my ebooks\stieg larsson - the girl with the dragon tattoo - 2005\foxit reader 3.2.1 - pdf document viewer (high-quality)\foxitreader321_en_setup.exe
c:\windows\system32\spool\prtprocs\x64\qg55a.dll
C:\Documents and Settings\Owner\My eBooks\Stieg Larsson - The Girl with the Dragon Tattoo - 2005\Foxit Reader 3.2.1 - PDF document viewer (High-Quality)\FoxitReader321_en_Setup.exe
My System SpecsSystem Spec
01 Dec 2010   #20
Tews

64-bit Windows 8.1 Pro
 
 

Quote:
For others who asked about what I was doing when I got infected, I was downloading a pirated PDF ebook from a dodgy site. Here is the full OTM log

....
My System SpecsSystem Spec
Reply

 Microsoft Security Essentials- A Warning




Thread Tools




Similar help and support threads
Thread Forum
AVG 9 Internet Security v Microsoft Security Essentials
Which is better? I have AVG 9 til 2018, full version, but I'm considering MSE. Which is better? Which do you use?
System Security
Microsoft Security Essentials
Hi, How can I turn off MS Security Essentials firewall out of curiosity if I so choose or the program firewall is permanently installed? Thanks.
System Security
Is Microsoft Security Essentials and Windows Firewall enough Security?
Is the above enough security or should I be going for an anti-virus program as well?
System Security
Microsoft Security Essentials
I have Windows 7 Pro 64 bit on a HP 530 laptop. I have recently downloaded Microsoft Security Essentials. My problem is that, when I try to install it, it only gets as far as the validate windows page before stopping with the message "Microsoft Security Essentials set up has stopped...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:07.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App