MSE and the Windows 7 Security Virus-Please Help!

[personrawr]

About an hour ago a notification popped up from 'Windows 7 Security 2012' which is a virus one of my friends had on their computers recently. Immediately I closed it and opened Microsoft Security Essentials and ran a quick scan. It said it detected a file 'Rogue:Win32/FakeRean'. Instead of removing it, it quarantined it, I'm not an admin on my pc so I wasnt able to tell the program to delete it, but the second it did so all the popups stopped. Then, I rebooted my pc to make sure the virus wouldn't pop up on startup, which according to websites I looked up on my mobile is what it does. When I logged in, the virus didn't pop up and there's no sign of it, but MSE is unable to run real-time protection (error code 0x800705b4) I restarted again, but it is still unable to perform real time protection. I can still run a scan. Do I still have the virus, or do I just need to reinstall MSE? No symptoms of the virus have shown since MSE detected and quarantined it.

EDIT: Before restaring my pc I ran an update on MSE, just to be safe. Could it possibly be the problem? Because there's no trace at all of the virus, there was even a process running on my pc I had never seen before the file was quarantined. Just ran a quick scan and it says I'm clean, I'll run a full scan now.

 

[nojmit]

install Malwarebytes from Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer, update it and run a complete scan, and have it delete what it finds.
This app does a much better job for this type of malware than an antivirus does.

 

[personrawr]

Okay, I rebooted in safe mode, did a scan, and then rebooted normally and MSE is running perfectly again. No pop ups or anything from the virus, I think I got really lucky and killed it off before it could mess anything up. The second it tried to install itsself a message popped up saying it couldn't install correctly because I wasn't an administrator, so that probably helped too. I'm still unsure about it, though.

EDIT: I'm not an admin, so I can't install the anti-malware now, but tomorrow I'll install it and scan my pc just to be safe. Thank you for the help!

 

[tom982]

Hello personrawr and welcome to the forums

That sounded far too easy to be honest, can you do the following just to make sure you're all clean:

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

CKScanner

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Attach the log CKFiles.txt that has been created on your desktop with your next post

Tom

 

[Borg 386]

Here is a link that will give you some insight on the virus and also has manual removal instructions:

remove Win 7 Security 2012 - uninstall instructions

If this just happened, is there any reason you can't do a system restore 2 or 3 points past where the infection showed up? (Don't use the 1st restore point as some malware embeds itself in the first available restore point)

The virus may have damaged MSE's files and you may have to re-install it in order for you to have active real time protection again.