ClamWin Free Antivirus :: View topic - Getting fake "Security Center Alerts", how to clea

Posted: Mon Sep 07, 2009 4:24 pm

WinXP

Somehow I picked up some bug thats causing fake "Security Center Alerts". I tracked it
too a file "wscsvc32.exe" but when I terminate it in TaskManager it returns and continues
to display the false popup ads.

ClamWin finds nothing wrong in the Windows folder.

Does anyone know how to remove/stop this?

TIA
Mike

Posted: Mon Sep 07, 2009 5:23 pm

Some malware comes with a "controller" process that will reinstall the main malware if it is missing.

You could probably use Task Manager to check out each process and delete the "strange" one. That can be kind of tedious, however, because of all the junk that comes with Windows. Below are some removal toools/aids. They all have free versions, and I suggest you try them one at a time, in the order given.

SuperAntiSpyware at https://www.superantispyware.com/download.html on the web. Malwarebytes' Antimalware at https://www.malwarebytes.org/index.php on the web. Dr. Web's Cureit at https://www.freedrweb.com/cureit/ on the web. Trend Micro's Rootkit Buster at https://free.antivirus.com/clean-up-tools/ on the web. Rootkit Buster cannot be run in Safe Mode (F8 repeatedly upon bootup), but try a normal scan with each of the others and if that does't help, then try a scan in Safe Mode before you go on to the next tool.

If nothing helps, visit the ClamWin Antimalware page for some available sources of expert help.

Regards,

Posted: Mon Sep 07, 2009 7:39 pm

Thanks for feedback. I went into safe mode and deleted WSCSCV32.EXE then rebooted.
Problem went away but Im sure there is more to it. I will keep ALERT Smile

Mike

GuitarBob wrote:

Some malware comes with a "controller" process that will reinstall the main malware if it is missing.

You could probably use Task Manager to check out each process and delete the "strange" one. That can be kind of tedious, however, because of all the junk that comes with Windows. Below are some removal toools/aids. They all have free versions, and I suggest you try them one at a time, in the order given.

SuperAntiSpyware at https://www.superantispyware.com/download.html on the web. Malwarebytes' Antimalware at https://www.malwarebytes.org/index.php on the web. Dr. Web's Cureit at https://www.freedrweb.com/cureit/ on the web. Trend Micro's Rootkit Buster at https://free.antivirus.com/clean-up-tools/ on the web. Rootkit Buster cannot be run in Safe Mode (F8 repeatedly upon bootup), but try a normal scan with each of the others and if that does't help, then try a scan in Safe Mode before you go on to the next tool.

If nothing helps, visit the ClamWin Antimalware page for some available sources of expert help.

Regards,

Posted: Tue Sep 08, 2009 3:44 am

That's good, Mike. A lot of viruses can't hide if you scan in safe mode, however, some AVs don't work too well in safe mode. Thankfully, ClamWin and the others I mentioned do.

When you have a file that is hard to remove, you can do some Googling on the web for it. If it turns out to be malware, you can often find a detailed description and removal instructions. Also, if you can get an MD5 hash of the file, you can do a search for that as well--frequently you will find a reference to it that leads to an analysis of it. Threat Expert is good about this.

Regards,