Fake MSE "clean computer" window

[nottaclue9]

I've had this thing before, but I can't remember how to rid myself of it. I got it while I was on an ESPN page. I ran a Malware Bytes Pro scan which detected PUP malware. I deleted that and thought I was really smart. Restarted the computer, stupidly went back to the ESPN page, and the thing was still there. It's actually two windows: The original fake Microsoft-looking window and the one behind it, the Big Red "X" showing three standard scary-looking malware programs. with which I am supposedly infected. There is no way to get rid of it conventionally, and the scan didn't do it. I can still use the computer, but I know the thing is lurking.

Please tell me this is something simple to fix...

 

[UsernameIssues]

Is it a simple popup or did something install again?

Run another Malwarebytes scan to see.

Do you have Java installed?

 

[nottaclue9]

Thanks for the reply usernameissues. I've got Java 7 (51) installed, but can't find any indication in Programs that the fake MSE installed itself. Will run another Malwarebytes scan now.

----------------------------------------------------------------------------------------------------------------

This time, Malwarebytes found no threating objects. But the fake Window is still present on the ESPN page.

 

[UsernameIssues]

Uninstall Java and see if you miss it.

What antivirus app are you using?

 

[nottaclue9]

Anti-virus is just what's with MSE. I've tried AVAST & it was really annoying.

I'll uninstall Java now. Just curious: What's the connection between JAVA & fake MSE window?

-----------------------------------------------------------------------------------------------------------------

When I try to uninstall Java (update 51), the fake MSE window appears & aborts the uninstall.

 

[UsernameIssues]

Java has been used to infect computers. If you need Java, then it might be worth the risk of having it installed. If you do not need Java, then you are taking a risk for no gain.

Try to uninstall Java again and take/post a screenshot of this fake MSE window via Alt+Prnt Scrn
http://www.sevenforums.com/tutorials/9733-screenshots-files-upload-post-seven-forums.html
Alt+Prnt Scrn should capture just the window that has focus and not the whole desktop.

You might want to glance at this post about using MS Paint.

After you have posted the screenshot...
...boot to the safe mode
...try to uninstall Java again while in the safe mode.

 

[nottaclue9]

I finally got Java uninstalled late last night and then ran a full scan of Malwarebytes Pro. Since it took so long, I went to bed. This morning, the report indicated no malicious items. Under "Programs" in the control panel Java is gone. I still have the fake MSE windows. What should I try now?

 

[carwiz]

Hey neighbor! (Relatively) Download and run AdwCleaner and see if it finds anything.

 

[nottaclue9]

Hi, fellow South Texan. Thanks for the advice. I ran the Adwcleaner, and it didn't capture any bad guys. But for some reason, the MSE fake window has disappeared. I haven't had any positive scan results, and I still had the window after I uninstalled Java. So I have no idea what miracle has transpired, but I am grateful. Hopefully, I won't have to bother anyone again -- at least with this particular issue.

 

[ShamrockRig]

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.

Please post logs back, People here might notice things in the logs that you might not have. Thanks

 

[Britton30]

Without seeing the fake window we can't tell what it is. It may be an ad ESPN has which rotates with others.

 

[Jacee]

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps.

 

[nottaclue9]

It's not an ESPN window; I've gotten it before on other sites. Just lucky, I guess.

I'm not sure why I need to do these things if the window is now gone. Is there a possibility that it's lurking elsewhere?

 

[Britton30]

It's all up to you to find out.

 

[nottaclue9]

I've been sailing along for two days now with no evidence of the blasted thing. I think it may have exited with the Java uninstall, and I didn't notice its absence until I did a restart.

I would very much like to save the instructions from the last two contributors, however. I'm not sure how I can do that as I can't print the page. There's always the hand-written option. UGH.

 

[derekimo]

I would very much like to save the instructions from the last two contributors, however. I'm not sure how I can do that as I can't print the page. There's always the hand-written option. UGH.

Hi Notty,

You can select the thread tools at the top, then printable version.



Just a suggestion as well, it may seem like it's gone but running those tools from our experts will let you know for sure, they are quite good at what they do.

 

[Layback Bear]

You could also copy the exact post you want to save and paste it in things like Word Pad, Note Pad or a word processor of choice.

 

[Britton30]

It's not an ESPN window; I've gotten it before on other sites. Just lucky, I guess.

I'm not sure why I need to do these things if the window is now gone. Is there a possibility that it's lurking elsewhere?

It would root out other malware you may not (yet) know you have. They are easy and harmless to do. Free too.

 

[nottaclue9]

Good advice, all of it. I'm so slow at doing the procedures, but it is a good idea to making sure I'm running a clean machine. My computer does seem to have an "infect me" sign stuck on its back.

I'll be back! Just not right away. Y'all aren't so lucky.

 

[UsernameIssues]

"infect me" sign