We’ve started receiving email messages passing itself off as a warning message from the Windows Security Center.
The subject of the message is Windows Security Center Alert!
The message contains a window informing you that your computer can be a victim of an infection and recommending you to scan your system. Additionally, it contains a link to a program that is supposed to remove these threats from your computer.
The message is like the following:
The website to which the link points can be any of the following, among others:
http://sterss<blocked>0mb.com/setup.zip
http://verno<blocked>0mb.com/setup.zip
http://juliedr<bloqueado>0mb.com/setup.zip
The file SETUP.ZIP, once decompressed, contains the rogueware detected as Adware/DataProtection. Once installed, it displays different messages depending on the language of the operating system installed in your computer.
It is programmed to display messages in the following languages:
French
Italian
German
Spanish
Norwegian
Polish
Czech
Ukrainian
Russian
7 comments
I think it resides in pagefile.sys as well.
I had pagefile referenced to seperate HDD on second IDE to tweak system speed.
When I got the infection I hit reset button immediately (crashing the system but saving documents).
Tried to reimage XP OS and just write over the infected install.
Kept getting boot error message to the effect “missing / corrupted file WINDOWS/SYSTEM32/CONFIG/SYSTEM” message and new image would stall in DOS.
Know the backup image was OK because had used it previous day( its a non incremental backup and keep dual copies of backup image on 2 seperate drives in case one drive fails / data becomes corrupted).
Tried imaging 4 times using each backup image twice in case it was a bad write / image.
Kept getting same boot error.
Finally fixed problem by booting MiniXP from disc. Deleting all files (including pagefile.sys) held on non OS partitions which are referenced to by OS (I keep My Documents on seperate partition as well using Windows “Move” function).
When I rebooted problem was fixed.
Only strange thing is that OS is now 130 KB smaller than before.
Could the moderator please tell me why my reply to the “Fake Windows Security Center alert” post/ was removed ?
Apologies now its back.