Please help, nasty PC problem

Factual Questions
1

Any help gratefully received.

THE PROBLEM: Yesterday everything was fine with my machine. Last night Windows downloaded some sort of security update automatically, which happens fairly often and has never caused any major problem. Last night’s update has caused three related problems.

(1) My broadband connection is okay, but l have persistent problems trying to launch my web browser, Firefox. When I try, sometimes it just opens momentarily then immediately crashes and closes. About equally often, I get this message:

"
Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).
"

If I opt for ‘unprotected’, sometimes the browser launches successfully, but this is rare. Usually, it just crashes and closes.

If I click on ‘get protection’, and if my browser is working at the time, I get taken to a web page offering me ‘Perfect Defender 2009’ anti-virus and spyware software with two options, ‘Download’ and ‘Buy now’. (http://www.defender-reviews.com/?a=112&b=594F55522D314643343438433138460E2094B4&so=01) . The product has a badge saying ‘Microsoft Gold Certified Partner’. (If my browser it not working at the time, it just hangs and does nothing.)

If I use a different browser, such as a reasonably up to date version of IE, it makes no difference.
(2) My email software is Microsoft Outlook (not Outlook Express). I am having some problems getting this to open, but it is not as bad as the browser problem. However, when it IS open, it is prone to either spontaneously closing after a few minutes, or crashing and closing just when I’m in the middle of composing an email.
(3) I am getting a persistent popup msg every 5 minutes or so that looks like an official Windows notification. It says ‘To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to block this suspicious software? / Name: Win32.Zafi.B / Risk: high / Description: worm trojan and keystroke logger’. It offers three options, ‘Keep blocking’, ‘Unblock’ and ‘Enable Protection’, but the first two are disabled and only the third option is active. I can close this msg, but it just appears again 5 minutes later. If I click on ‘Enable’, I get taken to the same web page described above, offering me ‘Perfect Defender 2009’.

My anti-virus s’ware does not detect this ‘Zafi.B’ problem.

All of these problems are totally new.

THE MACHINE: I’m using Windows XP Media Edition on a fairly high-spec dual core machine (purchased in 2007). I paid for 3 years onsite tech support when I bought the machine, but then the company went out of business. So no tech support.

THE PROTECTION: I used to use ‘The Shield Deluxe 2008’ anti-virus software but this expired some months ago. I tried to renew the license but it didn’t work, and I believe it’s no longer supported. I tried deleting this software but the ‘Add/Remove programs’ function told me that some components could not be uninstalled. For a while, I was pestered by ‘Renew your licence’ popups, but there was an option to switch these off, which I did. For a few months I wasn’t using any anti-virus software (this may seem reckless but I don’t do much that is at high risk of infection). Today I downloaded the free Avira anti-virus software and ran a complete check. It quarantined about four low risk, low threat ‘infections’ that seemed to be quite old. No sign of a ‘Zafi.B’ problem.

I also used to use MaxSecure Spyware Detector, but this too has expired and I didn’t renew. I haven’t tried to renew. I get ‘Please renew’ popups once per session, which I just close.

Any bright ideas?

2

Hi thee to Malware Bytes.com. I had a similar problem on two machines and MB whacked them both.

Get to a machine that has internet access and d/l MB to a USB stick or something similar and then install on the infected machine.

Remove all the crap you can, update and re-scan.

I don’t know what to do about the firewall. I don’t use Windows Firewall, I use Zone Alarm for a firewall.

FWIW, I use MB, Avast (antivirus), Spyware Blaster, and Spybot Search and Destroy. All are free, donations accepted.

3

I second Malware Bytes; I too use Avast.

If you want, I can email it to you: you may need to rename it to prevent it being blocked by the virus.

Check your PMs.

4

Nitpick: it’s hie.

5

Once you get ths fixed, and hope you do, I’d suggest you never get automatic MS upgrades. I let them notify me, then decide if it is worth downloading.

In any case, always make a Windows Restore Point before installing or uninstalling anything, or making any big change.

Go to Start, Help, System Restore, and pick Create a Restore Point. Name it whateveer you want. Then if anything goes haywire, you can go back and restore everything as it was befoe the download.

Good luck on getting it cleaned up.

6

What on earth does this have to do with automatic Windows updates? If anything, you want that stuff to install right away when a new security patch is released, especially if your machine runs 24/7 connected to the Internet.

Where did you see that the OP’s problem was caused by automatic updates?

7

Yeah I know. I’m a good speeler, I’m a shitty typist.:slight_smile: My spell check didn’t catch it and I didn’t proofread it.

8

Although windows updates do occasionally have a compatibility issue, holding off on applying them is unwise.

IME (computer shop owner) if anything goes majorly wrong with a windows update or service pack, you will not have easy access to system restore anyway.

9

Thank you all for the rapid response. Malware Bytes seems to have killed whatever was causing the problem, and everything seems back to normal. However, other friends and contacts have suggested other good housekeeping measures I can and should be taking to (a) really make sure I’ve dealt with the problem and (b) prevent it happening again.

10

I highly recommend Revo Uninstaller. This puppy will create a restore point, uninstall whatever you wish, and scan/remove ALL leftover junk. You can also use it to remove unwanted startup programs. You’ll never use the Windows Add/Remove again.

Also, another vote for SpyBot S&D.

11

Nobody yet has said this clearly: “Perfect Defender 2009” IS malware.

You were fooled when you wnet to a site with malware. Then the evil web page popped up what looks like a malware alert, but is actually an invitation to install malware. You clicked yes, and installed a powerful hijacking program which trashed the rest of your experience. All your problems stem from that.

12

I have to assume that the Microsoft Update had nothing to do with this by the way, and the timing was merely coincidental, so don’t think that you should shut down the automatic updates out of misplaced suspicion.

13

Thank you for this extra clarification, although a friend I consulted had already explained this to me. If you mean that just by visiting the web page of Per Def I unwittingly installed more malware, then yes, it’s possible. But at no point did I actually click ‘yes’ to download anything.

Given that the Per Def page displays a ‘Microsoft partner’ badge for added cogency, you’d think Microsoft would take steps to shut it down and protect their reputation.