Bobby Mikkelson
Had this question 9
Question
Bobby Mikkelson asked on
| 3679 views

Warning: Security related E-Mail Hoax stating that network is infected.

Microsoft has recently become aware of an email hoax that begins like the following:

"Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected..."

 

This is not a legitimate communication from Microsoft and the link within that communication points users to a 'rogue' security program.  These rogue programs generate misleading alerts and false detections of malicious code to convince users to purchase the illegitimate security software.  Some rogues may display product names or logos in an apparent unlawful attempt to impersonate Microsoft products or other legitimate software applications.

 

If you believe your machine has become infected, we encourage you to use the Windows Live OneCare Safety scanner to check your PC for malware and to help remove them from your system.  In addition, we encourage you to submit any other suspicious files to the MMPC team for analysis.

If you do not have an antivirus/antispyware software on your machine, you download Microsoft Security Essentials or choose from a list of other software providers:  Windows 7 security software providers, Windows Vista security software providers, Windows XP security software providers.

 

You can also find out how to get free virus-related assistance from Microsoft here: http://www.microsoft.com/protect/support/default.mspx.

 

Thank you
AKGRAM
Found this helpful 0
AKGRAM replied on
I received a message from what I thought was Windows Security with a notice that my computer had been infected.  The file was loaded onto my desktop.  Then it became almost impossible to remove.  I have a program that is called "PC Tools Doctor" that appears to have removed it.  (At least I thought so).  Now when I attempt to get onto the internet, I constantly get a red box that states my computer is at risk and is asking me to register this antivirus "worm" program that I had removed (or so thought I had).   The web address is : blank.  I am attaching a copy...

Please help.

about:blank
elrey57
Found this helpful 0
elrey57 replied on
it looks like my machine is infected. When I try to log on, it says "saving personal sttings" and then logs me off. Any other way to get in and remove this Trojan. I have norton symantec internet security installed.
ksreek
Found this helpful 0
ksreek replied on

Reply

This is for elrey57 :


The Winlogon.exe & userinit.exe Files Needs to be Replaced From the Original Re-installation Media

Check if it works in Safe mode if it works .

Else  try the following WOrkaround


Boot using your winxp cd.
Enter recovery console.
at the command prompt go to

C:/windows/system32

next type:
Dir *.exe

If you find, it, type
copy userinit.exe wsaupdater.exe

Exit and reboot normally. You should now be able to logon.
Run regedit

Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the right pane, you should see
C:\WINDOWS\System32\wsaupdater.exe,

Change it so that it reads:
C:\WINDOWS\System32\userinit.exe

Good Luck !

ksreek
Microsoft PSS
v-6sreek@mssupport.microsoft.com
Build4u
Found this helpful 0
Build4u replied on

Reply

This same thing just happened to our computer, have you figured out how to remove the file?
elrey57
Found this helpful 0
elrey57 replied on

Reply

i have not fixed my machine. Kinda scared that I might mess it up even worse.

Belly2009
Found this helpful 0
Belly2009 replied on
That is what happend to me...& I would love to download from microsoft to fix the problem however I cannot log on at all.  Windows appears to start normally, gets to log on screen, accepts user name & password then logs off again.  Cannot log on as administrator or in safe mode. Any suggestions?