Solved Random Adobe update led to Microsoft SE disabled; infected?!

I was on a forum site when it happened; an adobe update popped up, and looked legit (it was two weeks since the last update), but then I realized the logo might've looked weird and stopped it right away when it was loading (perhaps updating). Then, checking my MSE, it was shut down. But not only that, it says the service does not exist because it is not installed. I rebooted, and its the same thing.

I don't know what happened, but I need to know what's going on. As of this posting, my Malwarebytes is running, and I will do SUPERAntispyware. I will post what it found, if it does. But I'am very worried; I don't want this to be infected again.

BTW, I was about to come here because of the latest Java update, which I thought I heard was actually bad. It's not installed, but since it's security, I wanted to let that out right now so I wouldn't forget later.

What could this be? Did something happen and I need to reinstall MSE? I also checked and found nothing that was installed today. I need help, guys. Please?

UPDATE: I did scans from Malwarebytes and SUPERAnti, then rebooted both times: Malwarebytes found BCMiner, an installer (what the link says), and SUPERAnti found Adware.

MSE is still the same.

Yes, uninstall, and then install it again.

The latest java update should be fine. If it had major problems they would have taken it down. If you do not use java (many people don't anymore), you really don't need it installed. It is good for some internet games, but little else, and opens your computer up to malware just a little more readily.

Ok, something must be wrong. MSE has been reinstalled, but I just noticed that my firewall is off and security center doesnt work, so i cant turn it on. Also, its been rebooting numberously because it says it found an critical error. Plus, MSE keeps on finding serefi (spelled right?). What the heck happened? I need help and fast, please.

Serefi is either the Trojan, or rootkit variant.

Follow this tutorial to do a virus scan from outside of the Windows environment:

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

Regards,
Golden

well okay, but there might be a problem. after a couple of minutes, it says that it encountered an error and needs to be rebooted. its the same, even in safe mode.

Sorry, I'm confused....is this using Windows Defender Offline?

the error? no, it was doing that before i updated today, when i got mse back. i shut it down and ive been resorting to using the internet with my phone. thats why i said i wasnt sure i will be able to do defender in my last post.

oh, and dont forget about the firewall/security center issue; iam so puzzled over that.

Hi,

The firewall/security center issue is probably part of the same problem. See if you can burn the WDO ISO from a friends computer, then do the scan.

Regards,
Golden

i just want to make sure of some things before i do this:

i have access to two other computers, and it looks like i will do a cd/dvd than usb (even though it might be easier with usb). because of that, it looks like i'm going to insert the disc then reboot so it can boot with the disc now already inside, right?

bios/boot menu: appears before the windows logo? which button is it to bring that up?

one problem; i cannot remember if its 32 or 64 bit for my computer. anyway to know without using my computer (kinda stupid question, i know).

let me know before i start all this. thanks

Hi,

Yes, you boot the PC with the DVD already installed - use the DEL key to enter the BIOS and select to boot from the DVD 1st. The same goes with a USB version.

This is a laptop right? Check the COA sticker underneath the laptop (or in the battery compartment) - it might have x86 (32-bit) or x64 (64-bit) on that sticker.

Regards,
Golden

its not a laptop, its a hard drive. and i found out that its a 64 bit.

UPDATE: Defender is running as of 1:05pm today. The instructions said full scan, but its running on quick scan. ???

Please check here for any more updates, please.

UPDATE2: Scans finished, and it got that sir--something. But, I want to be sure, and since it said full scan, Im starting the scan again under full as of 1:14pm today.

Hey guys, Defender must have done the trick and with the second scan, being full scan, it found 7 items of malware. One of them being Java. I can't seem to find the info to show you guys what I had that Defender got rid of.

But anyway, I still need help. Regardless of all that, Windows Sercurity Center Service is still off and won't turn back on, stating that it can't be started. That's my firewall, right? I checked around and got Micorsoft Support, and used services in the search, and it's not there. I think it's gone.

Still need help; how can I get that back and back on?

UPDATE: Okay, following instructions, I checked CMD and it didn't find it anywhere. It stated that next I should do a malware scan with Malicious Software Removal Tool, which maybe I don't have to since we just did Defender. But the next one was re dl-ing Security Service into my REG. The dl link and where iot came from are all right here:
http://www.winhelponline.com/temp/w7-wscsvc.zip
http://www.winhelponline.com/blog/misc-registry-fixes-for-windows-7-xp-vista/

Should I do that and will it ultimatly fix the problem?

BinkerNate said:

Windows Sercurity Center Service is still off and won't turn back on, stating that it can't be started. That's my firewall, right?

Click to expand...

No, but it is like the headquarters of your security. Most likely your firewall has been shut off.

BinkerNate said:

UPDATE: Okay, following instructions, I checked CMD and it didn't find it anywhere. It stated that next I should do a malware scan with Malicious Software Removal Tool, which maybe I don't have to since we just did Defender. But the next one was re dl-ing Security Service into my REG. The dl link and where iot came from are all right here:
http://www.winhelponline.com/temp/w7-wscsvc.zip
Miscellaneous Registry Fixes for Windows 7/XP/Vista - The Winhelponline Blog

Should I do that and will it ultimatly fix the problem?

Click to expand...

I don't know what any of this means...

Stop downloading stuff from non-microsoft websites until you get your security back up. You are susceptable to more viruses.

Defender should have gotten everything. If you want to double check, run this tool (it includeds the Malicious software removal tool that you were trying to download): Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free - But I would think Defender has all of this as they are both by Microsoft. I know for a fact that MSE has all of this, but this tool is just in case you want to scan before installing MSE again. Uninstall MSE, install it again, and then update it. You might even try scanning with it.
Also, if you are still worried, you might install/update/full scan with malwarebytes: Malwarebytes Anti-Malware 1.61 - TechSpot Downloads - a very good program to spot malware with.

After that, run this tool: http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html - created by Brink

If you are still having trouble, I highly recommend a Repair Install which will set everything right while keeping your programs and files intact: http://www.sevenforums.com/tutorials/3413-repair-install.html - also by Brink

ill check if my firewall is off, but if it is, how can i get it back on? also, those links came from a microsoft forum site concerning my issue

Control Panel\System and Security\Windows Firewall > On the far left side you will see an option to turn it on or off. If you can't turn it on, don't worry about that right now, just worry about repairing your computer.

There should be no reason to go to other websites. You will begin to conflict in things people tell you to do, and one site will not know what you are doing on another site.

i didnt dl those things; just kept them in mind. anyway, my computer has been running good so far, so i think im okay. it was just my firewall that iam concerned with, since i want to see my banking, and need protection. i'll do the firewall once i get home from work.

Is it? Well, if everything is running smoothly, then that is really good. Don't forget to run the SFC scan I mentioned earlier, that is important. But you don't need to repair install if everything is good. Let us know if you are having any other trouble and we'll try our best to suggest fixes, especially if things are hidden or disabled that should be otherwise. Your restore points might have gotten infected, so consider creating a new one to start from in case you have some non-malware related issues down the road: http://www.sevenforums.com/tutorials/697-system-restore-point-create.html

Hi,

From your results, it sounds like Java was the issue? Use this tutorial to check for other vulnerabilities:

http://www.sevenforums.com/tutorials/181981-secunia-online-software-inspector.html

Regards,
Golden

Great job folks. I would also recommend removing all previous restore points. When everything is back to happy computing create a new restore point and do a backup.

Okay, guys, I'm back and able to type properly lol

I checked my firewall and I think it's on but I'm not sure. But it
does mention that my firewall's settings are out of date. I tried the button to use recommended settings, and it said it couldn't, error code: 0x80070424.

I did do SFC, and it results were that it didn't find any violations. I do have Malwarebytes and did a scan; it found one thing: Trojan.Dropper.BCMiner, located at C:\Windows\Installer\{c31f40c7-d4f7-642d-6b80-f6f5c39eb9c5}\U\00000008.@ (Trojan.Dropper.BCMiner). I removed it, surprised that there was another inside my computer. Didn't do Secunia yet. Speaking of which...

As for Java; that's what the results said (more than one of them had Java in it). That's why I'am not going to do that Java update. I'm sorry, but I don't trust it. In fact, if memory serves, this happened before with me too.

Restore points: just need to refresh and ask you guys where I can find the old ones, and thus remove them, making way for the new one.

That, the firewall, future malwares, etc. is what I need. Hopefully after that, we can be done, and I will be back to normal.

UPDATE: I did a second Malwarebytes scan and another BCMiner was there. Only this time, Malwarebytes rebooted my computer to do the trick. I don't know if I still have it regardless; I don't know where it came from. But if it's still here, it needs to go and fast.