Removing Windows 2011 Security Center Spyware/Virus

Recently I offered to fix a friend’s Dell Vostro 1000 laptop running Windows XP Home Edition. He said that he hadn’t been able to get on to the Internet for 3-4 days and that he kept getting these weird security pop up windows. I had a good idea what the issue was as I’ve seen these attempts to install the same type of software on my systems. So, once he dropped the laptop off, I started to look at what the issue was. Oddly, I was able to connect to my wireless service, so I’m not sure why he couldn’t connect to the Internet. Perhaps that’s another issue. But, on to removing the spyware. The first thing I did was create my own account with Administrative privileges. Then I started the system in Safe Mode with Networking and installed and ran the following programs:

Each program found different issues with the system and I was able to remove some nefarious programs that were causing his issues. I also ran CCleaner from Piriform which allowed me to remove any unwanted files from browsing the Internet as well as removing any unnecessary Windows Registry entries. At this point, I figured that the system was clean so I gave it a reboot.

I logged back in to Windows in normal mode and used his Windows account. The Windows 2011 Security Center spyware was gone, but something else had happened in the process. Even though Windows had Automatic Updates turned on, I was getting a popup in the toolbar suggesting that it wasn’t. This lead me to believe that there was still some spyware installed. So I ran the above utilities under his username to just make sure I got everything. Nothing.

At this point I decided it was time to install some of the utilities Microsoft provides to protect your system (as well as turning Windows Firewall on). I downloaded:

I ran installed and ran Windows Defender first. After the install, I couldn’t update its definitions, which I thought was odd. So I installed and ran the Malicious Software Removal Tool. It didn’t find any more spyware. At this point, I was pretty confident there wasn’t anything else wrong with the system in terms of spyware or viruses. To get the Windows Defender definitions to update, I ran Windows Update manually. I selected the updates to install, but none of them worked. Now I was starting to think that whatever spyware that was installed, had hosed the system. So back to Google I went to search for a solution.

I found this Microsoft Knowledge Base article outlining some steps to take to get Windows Update to work again. I was a little wary of running some of the scripts they recommended, but I figured it came from Microsoft so it might be worth the risk. Besides, his computer was still sort of hosed. I followed each step in order, then rebooted the system. The Windows Update alert in the toolbar was gone, but Windows Update still wasn’t quite working.

Some more searching lead me to another Microsoft Knowledge Base article outlining how to obtain the latest version of the Windows Update Agent. I downloaded this (x86 in my case) and installed it. I rebooted the machine again and crossed my fingers.

Low and behold, upon restarting, Windows Update and Windows Defender definition update worked. All because of a little spyware that was installed. Bottom line folks, don’t click on or install any sort of security popup you see online. They’re bad news.

A couple of other issues I had with this laptop. It kept shutting down on me. A search on Google revealed that dust will cover the fan cover on the bottom of the laptop and cause it to overheat, which is bad. I cleaned it off with a little compressed air and made sure the vent was exposed when working on the laptop. It stopped shutting down and didn’t get nearly as warm. Another issue, from the laptop shutting down actually, was that it shutdown while running chkdsk. After restarted, I got the UNMOUNTABLE_BOOT_VOLUME blue screen. I just booted the system into Recovery Mode using a separate install disc and ran chkdsk from the Recovery Console. Specifically, I executed two commands:

  • chkdsk /p
  • chkdks /r

The first one verifies the disk and makes sure its not marked as dirty and the second actually runs through any repair steps to make sure the disk is in good order.

Anyway, a lot of work to fix one silly issue. I’m just glad that I was able to remove the spyware and get the laptop to work properly again.

Leave a Reply

Your email address will not be published. Required fields are marked *