If you encounter this problem where you can’t ping the computer, but you can RDP or remote into the computer, one of thing you might want to check is Firewall.
Microsoft has build in firewall that might of prevent you from pinging the computer or accessing computer files remotely.
OS: Windows XP SP3
- RDP into the computer you can not ping
- Go to start – control panel – windows firewall
- Check windows firewall setting to Off
- Click Ok
- Re-ping the computer again to make sure its working
- Done!
System Security 2012 is a FAKE anti-malware/anti-virus scanner that takes control of your computer and force you to buy fake products that will not help you. If you see something call “System Security 2012″ please follow this instruction to remove this malware product.
One of my client reported that his computer was infected and his computer was running very slow. Since this was done remotely over logmein, I am limited in what I can do, which means I will not be booting into safe mode and most of the files need to be download online.
OS: Windows XP SP3
- The computer was running very slowly, first thing I did was open task manager and end task any unimportant process running and look for suspicious process.
- Discovered ping.exe which look suspicious and a cqjycekibznx1v.exe which also look suspicious
- Ping.exe constantly comes back after end tasking, suggesting this is a malware of some type
- cqjycekibznx1v.exe end task closed the system security 2012, suggesting this has to do with system security 2012 program.
- I started out running malwarebytes, but since the CPU was running constantly at 100%, malwarebytes would hang every single time it tried scanning.
- Download Tdsskiller from (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) if your internet browser it hijacked, please type in the link manually
- Since CPU is running constantly at 100%, everything is running very slowly, it took about 2 min for the browser to start up. (use other browser other than IE if possible)
- Run the Tdsskiller anti-rootkit scanner to scan for rootkit
- tdsskiller found two different rootkit, rootkit.win32.zaccess.j under service cdrom.sys file and rootkit.boot.wistler.a under physical drive \device\harddisk0\DR0
- Select Cure for both rootkit malware and select continue
- Tdsskiller will attempt to cure the malware, reboot when its done
- Once the computer has rebooted, I went ahead and login remotely again using logmein and started malwarebytes since the computer was running faster now.
- Update malwarebytes and run a quick scan
- Discovered additional files that needs to be removed (malware.packer) dwme.exe
- Click “Remove selected” and restart computer again after the process is finished
- Once the computer has rebooted, start malwarebytes again and run a full scan
- Remove any additional malware items – malware.packer, trojan.downloader
system security 2012.ink (rouge.systemSecurity)
ldr.ini (malware.trace)
- Click “remove selected” and reboot computer when finished
- Log into the computer and delete temporary internet setting
- Restore IE setting by going to Tools – Internet Options – Advanced – Reset
- Restore IE advanced setting by going to Tools – Internet Options – Advanced – Reset Advance Setting
- Check to make sure your not connected to a proxy server by going to Tools – Internet Options – Connection – Lan Setting and make sure Proxy Server is not checked
- Done!
*You might get faster results if you boot into safe mode to take care of this issue
*If you have a clean computer, use the clean computer to download the required program and use a usb stick to transfer the program over to save time or if your browser is hijacked.
an IT admin would usually modify the host file to prevent certain computer from accessing a specific website. The fastest way would to be access the computer through \\(computer name)\C$\Windows\System32\Drivers\etc and modifying the host file. However, with the new changes MS security essential did to their virus scanner, any time the host file is modified, MS security essential would flag it as a potential problem and prevent any changes to the host file.
Here are the step you need to solve this problem:
System: Windows XP Sp3 (Host file is in a different location for Windows 7 and Vista)
- Remote into the client’s computer using RDP
- Go to My Computer – C: – windows – System32 – Drivers – Etc – Host
- Open with and select notepad
- Add in the website you wish to block and click save
- a Microsoft Security Essential popup would appear that looks like this
- Click on show details
- The detected items should be a settingmodifier:win32/possiblehost change
- Change the recommended action to Allow
- Click Apply Action
- Once the action is complete, click Close
- Save the Host file and re-open the file again to verity the changes has been made
- Test the website to make sure the website/webpage has been blocked
- Done!
