Help removing XP Security Cleaner Pro- no internet

Status
Not open for further replies.

Doc007

New Member
Thread author
Jan 4, 2022
23
How do I download Malwarebytes to remove XP Security Cleaner Pro if infected computer unable to connect to the internet? Restarted in Safe mode w/networking but XP Security Cleaner Pro icon loaded in task bar by time clock. Only icon there.
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Hello Doc007

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

Please start your sytem in normal mode, not safe mode.

Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool and save the file to your Desktop. (Note: choose the right version, 64 or 32 bit, for your operating system, only one will run)
  • Double-click FRST64.exe to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.
 

Doc007

New Member
Thread author
Jan 4, 2022
23
The infected computer is not connected to the internet?

Sorry for delay, 2am and work in the morning so may have to do in the morning. Hope not a problem for you to help me
 
  • Like
Reactions: struppigel

Doc007

New Member
Thread author
Jan 4, 2022
23
Hi Karsten, thanks for assisting me in this. I had this problem for over a year denying me use of this computer and very important software and internet access. Appreciate help in finally resolving this. Attached are the files you instructed. I'm free for as long as it takes to do this. Thanks

P.S. I had to download Farbar to my laptop, USB to copy to the infected computer and run scan, as I can't get on the internet from the infected computer.
 

Attachments

  • Addition.txt
    85.2 KB · Views: 23
  • Thanks
Reactions: struppigel

Doc007

New Member
Thread author
Jan 4, 2022
23
Not sure FRST text file uploaded? Verified it does have text in file from USB. Tried to edit upload, selected FRST file, shows uploaded then disappears when saved?
 

Attachments

  • Addition.txt
    85.2 KB · Views: 23
Last edited:

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Hello again, Doc007. I just saw that your system has Windows XP SP3.
This operating system is outdated and no security updates are done for it. When you attach it to the Internet it will become infected by network worms in a matter of days.
It won't make sense to clean it from malware. You need an up-to-date operating system.
I can attempt to some general fixes to get the Internet connection back and remove the Security Cleaner, but I will not put too much work into cleaning it thoroughly.
 

Doc007

New Member
Thread author
Jan 4, 2022
23
Hello thanks for reviewing it. I've tried to embed the Paste but still getting Opps? tried to download and attached but disappears when saved? I have and guess account at Paste.com where the information resides. hope we can get you access to it.
 

Doc007

New Member
Thread author
Jan 4, 2022
23
Hope you can access this link at Pastebin. It is the Farbar file you requested.
https://pastebin.com/HQAkzGCH [ /URL]https://pastebin.com/dnXJcevP
 
Last edited:
  • Thanks
Reactions: struppigel

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Please tell me if your Internet Service Provider is NetZero.

--------------------------

You have lots of programs installed that I have never seen before.
Please tell me which of these programs you recognize:
  • Market$harp CE
  • Marketing Without Advertising
  • 2009 IRC Checklist
  • ListWare32
  • Moving To Commercial Construction
  • PalmGolfWits
  • On Schedule
  • 3D Deck
  • Construction Forms
  • Electrical Wiring
  • Get High Speed Internet!
  • Getting Financing Word Forms
  • Danze and Davis Architects, Inc.
  • KeyStone CBT-Access XP Essentials
--------------------------

You have programs installed that are classified as potentially unwanted software.
These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, show exaggerated warnings or have questionable privacy policies.

Please tell me for each of the following programs if you want to keep them:
  • Socrates Media Product Browser
  • PdfEdit995
  • Product Improvement Study for HP ENVY
  • Pdf995
  • Learn2 Player
  • RealDownloader
 

Doc007

New Member
Thread author
Jan 4, 2022
23
No, it is Spectrum on a home network connected by cable but has wireless card also, used to have AOL long time ago and just kept it to occasionally try to check previous email. The listed programs are all I recognize, use thru programs I used at some point.
Sage is the software I'm desperately trying to access. Several others are VIP.
Don't need "
  • Socrates Media Product Browser
Get High Speed Internet!
  • Product Improvement Study for HP ENVY
  • Not sure about Pdf edit 995, Pdf995. used them in trail mode to view PDF's but if you think are a problem can get rid of.
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Step 1: Uninstall Software
  • Press the Windows Key
    vQQ9ew4.png
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programs, right-click and click Uninstall.
    • Driver Restore
    • DriverUpdate
    • File Type Assistant
    • Free File Viewer 2012
    • Get High Speed Internet!
    • Internet Explorer Default Page
    • Learn2 Player
    • My Web Search (My Fun Cards)
    • PdfEdit995
    • Pdf995
    • Product Improvement Study for HP ENVY
    • RealDownloader
    • RealPlayer
    • RealUpgrade 1.1
    • Socrates Media Product Browser
    • Viewpoint Media Player
  • Follow the prompts.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Reboot if necessary.

Step 2: Uninstall Unused ISP Software
Please uninstall old ISP software except the one you actually use.
  • Press the Windows Key
    vQQ9ew4.png
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programs, for the ones you don't use anymore, right-click and click Uninstall.
    • NetZeroInstallers
    • AOL Coach Version
    • EarthLink setup files
  • Follow the prompts.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Reboot if necessary.

Step 3: Batch File
  • Press the Windows Key
    vQQ9ew4.png
    + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the text below and paste into the Notepad document.

    @echo off
    ipconfig /flushdns
    ipconfig /release
    ipconfig /renew
    netsh advfirewall reset
    netsh advfirewall set allprofiles state ON
    netsh int ip reset c:\resetlog.txt
    netsh int ipv4 reset
    netsh int ipv6 reset
    netsh winsock reset >> "%userprofile%\desktop\fixit.txt"
    echo You now have to reboot your PC!
    pause
  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file fix.bat.
  • Select All Files as the Save as type. Save the file on your USB flash drive.
  • Copy the file to the Desktop of your computer without internet.
  • Locate fix.bat on your Desktop. Double-click on it to run it.
  • You can delete fix.bat after that.
Please report back to me if were able to do those steps and how the system is doing.
 

Doc007

New Member
Thread author
Jan 4, 2022
23
Hello,
Step 1 results:
  • File Type Assistant- Netsh.exe unable to locate component. This application has failed to start because framedyn.dll was not found. Re-installing the application may fix this problem. After clicking twice removed "File Type Assistant was successfully removed from your computer. Tried to go out to internet automatically but no internet. (TrustedSoftware.com/uninstalled/assist.htm) don't recognize site.
  • Free File Viewer- same error Framedyn.dll was not found; came up a few times and saw previously during my attempts to use WMI (request I upgrade), firewall settings (couldn't access windows firewall settings at all)
  • The following programs was not in the Add/Remove screen: Not uninstalled
  • Internet Explorer Default Page
  • My Web Search (My fun Cards)-RUNDLL error loading C:\Program-1\mywebs-1\bar\bin\mwsbar.dll The specified module could not be found. The - in the directory is a swiggly symbol I don't have on keyboard
  • Real Down loader
  • RealUpgrade 1.1
Step 2: Verizon Online- not used, got message; Microsoft Visual C++Runtime Library
buffer overrun detected Program C:\windows\system32\verizonuninstaller.exe
a buffer overrun has been detected which has corrupted the program internal state. The program cannot safely continue execution and must now be terminated
Step 3: Attached txt file of bat execute. Files seem to suggest some DLL's components not found thereby not able to complete reinitialization.
Hope this is helpful.
 

Attachments

  • Windows IP Configuration txt.txt
    4.2 KB · Views: 19

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Step 1: Batch File
  • Press the Windows Key
    vQQ9ew4.png
    + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the text below and paste into the Notepad document.

    @echo off
    call :sub > "%userprofile%\desktop\fixit_netsh.txt" 2>&1
    echo Please reboot now!
    pause
    exit /b
    :sub
    netsh add helper AUTHFWCFG.DLL
    netsh add helper FWCFG.DLL
    netsh add helper NSHHTTP.DLL
    netsh add helper IFMON.DLL
    netsh add helper HNETMON.DLL
    netsh add helper DHCPCMONITOR.DLL
    netsh add helper NETIOHLP.DLL
    netsh add helper NSHIPSEC.DLL
    netsh add helper DOT3CFG.DLL
    netsh add helper WWANCFG.DLL
    netsh add helper NETIOHLP.DLL
    netsh add helper NAPMONTR.DLL
    netsh add helper P2PNETSH.DLL
    netsh add helper RASMONTR.DLL
    netsh add helper RPCNSH.DLL
    netsh add helper NETTRACE.DLL
    netsh add helper WCNNETSH.DLL
    netsh add helper NSHWFP.DLL
    netsh add helper WHHELPER.DLL
    netsh add helper WSHELPER.DLL
    netsh add helper WLANCFG.DLL
    netsh show helper
    netsh advfirewall reset
    netsh advfirewall set allprofiles state ON
    netsh int ip reset c:\resetlog.txt
    netsh int ipv4 reset
    netsh int ipv6 reset
    netsh winsock reset
  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file fix.bat.
  • Select All Files as the Save as type. Save the file on your USB flash drive.
  • Copy the file to the Desktop of your computer without internet.
  • Locate fix.bat on your Desktop. Double-click on it to run it.
  • You can delete fix.bat after that.
  • Please attach the fixit_netsh.txt from your Desktop
Step 2: Farbar Service Scanner Scan
  • Please download Fabar Service Scanner
  • Double-click FSS.exe
  • Click Yes to the disclaimer
  • Place a checkmark on the following entries:
    • Internet Services
    • System Restore
    • Security Center/Action Center/Action
    • Windows Update
    • Windows Defender
    • Other Services
  • Click on the Scan button and wait for it finish
  • A log FSS.txt will open in notepad. Attach it or copy the contents to your next reply.
Step 3: Farbar Recovery Scan Tool (FRST) Search
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/paste or type the following line into the Search: box.
    SearchAll: My Web Search
  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.
Please tell me if the first step fixed the Internet connection after reboot (the other steps are only for diagnostics)
 

Doc007

New Member
Thread author
Jan 4, 2022
23
Hi Karsten thanks again for your time and expertise,
Step 1: Batch File results did not execute as error message.... Netsh.exe-unable to locate component (after clicking OK to ea.). This application has failed to start because Framedyn.dll was not found. Reinstalling the application may fix this problem.... Please reboot now Press any key to continue. Same message repeated over and over until end to reboot. The noted file (Framedyn.dll) has come up several times previously as "unable to locate" during several operations. Don't know if missing or corrupt?

Step 2: Farbar Service Scanner Scan- Had to download 32 bit for XP to get it to run on infected system. FSS.txt file attached; My notes follow.
  • Connection Status: Attempt to access Google IP/.com and Yahoo.com is odd as my default ISP should be IE MSN which I didn't see at all (not sure why, following your lead). Previous attempts, prior to engaging you, to get on Internet lead to the "Diagnose Internet Connection" message; Windows cannot connect to the Internet using HTTP, HTTPS Port, FTP. This is probably caused by Firewall Settings on this computer. Check Firewall Settings for the HTTP Port (80), HTTPS Port (443) and FTP Port (21)
  • Windows Firewall: From my notes- When I previously tried to open Windows Firewall in settings got WBEM error upgrade WMI to newer build. When I checked Services in Administrative Tools, shows" Windows Firewall/Inter stopped", "Windows Management Inter stopped", "WMI Performance Adaptor stopped", " Security Center stopped". I checked them previously trying to restart services and dependencies hoping to reset Firewall and gain access to Services. Not sure any of this is helpful but hope useful.
Step 3: Farbar Recovery Scan Tool (FRST) Search Search.txt file attached
 

Attachments

  • fixit_netsh.txt
    21.5 KB · Views: 1
  • FSS.txt
    3.8 KB · Views: 19
  • Search.txt
    1.8 KB · Views: 18

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
There are lots of important DLLs missing on your computer. At this point the only way I see to fix this is a repair installation.
For that you need to have a CD or DVD with Windows XP x86 on it. Do you have something like that?

Alternatively you can download an ISO for Windows XP here: Windows XP Professional SP3 x86 : Microsoft : Free Download, Borrow, and Streaming : Internet Archive
Which you then need to burn onto a CD/DVD or create a bootable USB flash drive with.

Do you have any of the following available?
  • CD/DVD and burner or
  • a USB flash drive that is big enough or
  • a Windows XP CD/DVD that your computer came with
 

Doc007

New Member
Thread author
Jan 4, 2022
23
I'm checking now for CD with XP professional. Not sure if SP3. maybe XP2 w/XP3 SS. Trying to backup system again, hopefully retaining and existing software settings as I don’t have some of the original installation disk as I mentioned previously. CD drive seems NOT to function/read disk (maybe files, drivers corrupt). Why using USB.

I have a Cruzer Glide 128GB ScanDisk USB. Need to make it a bootable drive. Working on the above, will hit you back ASAP. Thanks
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top