Antivirus xp 2008

J

jedihobbit

Gawd
Joined
Nov 3, 2005
Messages
963
Man have I screwed the pooch on this one!! This crap snuck in on my primary 'puter and it is a bitch.

It has screwed with the safe restore date not allowing me to do a system restore any earlier than the infestation and when I try to get to the task manager it tells me that has been disabled by my "administrator".

Seems to be a basty nastered from what I can find on google, but there seems to be no pat answer for deleting it, so......................... help!!
Any way more simpler than this? http://www.xp-vista.com/spyware-removal/xp-antivirus-2008-removal-instructions-xp-antivirus-2008
 
try in command prompt:

C:\Windows\System32\MRT.exe /f

we see this on a lot of computers that come into best buy. try hooking up your HDD to a computer that has decent AV software and scan the drive. it's usually a result of Zlob. it's socially engineered to trick people into downloading it, usually by having a popup window that says "you are missing an ActiveX codec. click here to download and install".

http://www.windowsvistaplace.com/xp...nstructions-xp-antivirus-2008/spyware-removal

looks promising on google.

if you don't have antivirus software on another computer, try downloading a trial of any of these:

NOD32
Kaspersky
Avira
AntiVirusKit

just make sure you only have 1 of these installed at a time :p

if you want a more permanent solution that's free, try the free versions of Avira, AVG, or Avast! antivirus. Personally, i'd go with Avira
 
Man this sucker is tough! Just started up the computer after cutting it off and when I go into the start screen all I have is internet, outlook, and Set Program Access and Defaults. So even if I wanted to save my files to a thumb drive or whatever so I reformat I can't! It even turned off MS security auto updates.......
 
I work at a local computer shop during the summer months, and see that thing all the time. Try this:

http://www.malwarebytes.org/mbam.php

Anti-Malware has always worked great for me. The missing programs in the start menu sounds familiar. It's fixed that on at least one occasion. It'll fix the "VIRUS ALERT!" in your clock and the blue virus-warning background if you have those.
 
I have gotten rid of this one before a few times. Employees come in and think it is something I did the last time I had their laptop. Idiots.
 
jedihobbit said:
Man this sucker is tough! Just started up the computer after cutting it off and when I go into the start screen all I have is internet, outlook, and Set Program Access and Defaults. So even if I wanted to save my files to a thumb drive or whatever so I reformat I can't! It even turned off MS security auto updates.......
Click to expand...

So, if you are just going to go to save your data and then reinstall, just go into MSCONFIG and shut the app down and restart, or safe mode. If you want to defeat it then you need it fully running and then you need to use cmd to shutdown some of its services then uninstall it, delete every file then delete every key of it from the registry.

This helped me.
 
The issue is this........everything I need to do as suggested is now hidden or disabled. :( It appears I've gotten a newer version that has taken these fixes into account.
 
Here's the latest twist, started up in safe mode to see what I could do and lo and behold it has created an Adminstrator profile! And of course it will not load as I'm sure it is passwork protected.

Right now trying AVG 8.0 in line scanner mode from my original profile in Safe Mode.

EDIT: Okay so far there have been several "command line" showing up in the current scan that state they are "Locked Files" not tested. If these were originally locked, could the virus have invaded them?

Also forgot to mention it seems to be running in safe mode.....
 
so you cannot get to the run command? (CTRL+SHIFT+ESC) Task Manager>Run

I don't recall a updated version since the Feb release (around that time).
 
E7130 said:
so you cannot get to the run command? (CTRL+SHIFT+ESC) Task Manager>Run

I don't recall a updated version since the Feb release (around that time).
Click to expand...

DIdn't try that as I'm lame when it comes to software :eek: but so far it tells me Task Manager has been disabled by the "Administrator" which I didn't create but have an Administrator profile now.

Not sure if it is a good sign or not, but when I booted up in safe mode after the AVG scan I had what looked like my “normal” desktop. Also the “Virus Alert” that sat next to the time and the three “bogus” shortcuts were gone.

Had to shut it down at that time to get ready for work, so that is as far as I’ve gotten. When I get home tonight plan to boot up in safe mode with fingers crossed, and if it seems “the usual” will copy all of my files. After that I’ll see if everything works doing a normal boot.
 
jedihobbit said:
DIdn't try that as I'm lame when it comes to software :eek: but so far it tells me Task Manager has been disabled by the "Administrator" which I didn't create but have an Administrator profile now.

Not sure if it is a good sign or not, but when I booted up in safe mode after the AVG scan I had what looked like my “normal” desktop. Also the “Virus Alert” that sat next to the time and the three “bogus” shortcuts were gone.

Had to shut it down at that time to get ready for work, so that is as far as I’ve gotten. When I get home tonight plan to boot up in safe mode with fingers crossed, and if it seems “the usual” will copy all of my files. After that I’ll see if everything works doing a normal boot.
Click to expand...

1. open notepad
2. copy and paste this to notepad.

Code: 
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000

3. now save files as ".reg" without quotes.

4. then just double click.

Now you can go the route of the other poster and download the tool and see if it helps you, but I would at least gain your taskmgr back
 
Okay back home and started upin safe mode, when I enter my profile it is the same as when the virus hit! :( But.............. if I enter the Administrator profile I don't remember creating there is no virus alert, or the three bogus shortcuts in the desktop. I also have access to all of the programs (or so it seems) so to be on the safe side I'm copying all of my files I need/want to a external hdd.

I may try doing some of the stuff listed in the other areas to see what happens, but as BIGDADDY51 @ pcper has found out it looks most likely a new install will be required, OR would a repair (the second one) work for this?

A bit tired so I may not be up too late and will save some of the prior questions for tomorrow! :rolleyes:
 
The administrator account is created by default during the install of XP. Once you create at least one other user account the administrator icon disappears from the welcome menu. If you hit ctrl alt del twice at the welcome screen you will get a classic login box. You can then type in administrator and the password to log in. If memory serves me correct you are prompted to enter a password for the administrator account during the install process. A lot of people just leave it blank, not a good move in my opinion, I always set a password. One that I will remember. ;)
 
jedihobbit said:
Okay back home and started upin safe mode, when I enter my profile it is the same as when the virus hit! :( But.............. if I enter the Administrator profile I don't remember creating there is no virus alert, or the three bogus shortcuts in the desktop. I also have access to all of the programs (or so it seems) so to be on the safe side I'm copying all of my files I need/want to a external hdd.

I may try doing some of the stuff listed in the other areas to see what happens, but as BIGDADDY51 @ pcper has found out it looks most likely a new install will be required, OR would a repair (the second one) work for this?

A bit tired so I may not be up too late and will save some of the prior questions for tomorrow! :rolleyes:
Click to expand...

Copy your stuff, but if your going to reinstall then you might go ahead and try killing the virus. It would be a learning experience.
 
kaspersky did a pretty good job at cleaning up that stuff, had to remove it twice in one week from a customer... they never learn man.
 
E7130 said:
Copy your stuff, but if your going to reinstall then you might go ahead and try killing the virus. It would be a learning experience.
Click to expand...

If I had the time and the inclination I would, but I'm looking at three unfinished 'puters so will more than likely woose out and just install! :eek: :rolleyes:;)
 
had a client a few months ago with the very same infection. Neither Avira and AVG could get rid of the virus. I finally had to remove the drive itself, hooked it up to another PC, and Nod32 finally took care of it. Only problem though was that virus fucked up the OS so much that I had to reformat and reinstall the OS anyway.

In case you're wondering what I mean by fucked up:
- Explorer.exe would no longer work
- Event Viewer did not work at all.
- RPC or something related was removed. Spybot, AVG and Avast all complained of missing some required RPC related file.

Luckily all the data was safe.
 
devkinetic said:
I know it sounds screwy but run the windows onecare online scanner. It takes a few hours, but after 4 hours of wrestling with this thing anyways, it wiped it out.

http://onecare.live.com/site/en-us/default.htm?s_cid=sah/?s_cid=sah
Click to expand...

This one has defeated going online unless you complete the "antivirus download". I've tried accessing the internet through the Administrator account but there is always a problem and Windows can't do a repair "due to an error".

So it looks like a re-install to me for sure!
Might try this on the external HDD that has the copies files though!
 
I know this might be an unpopular position, but imo, once a system is compromised you can't trust it again until you format and reinstall the OS. If the system has been rooted there is no way to positively confirm that you have cleaned the system.
 
Okay when I got home just for S & Gs I fired up the system and let it boot "normally". Came up with the same BS and the little icon down near the time shows network disconnected, but said what the ____ and hit the AVG shortcut to do an update. Sure enough it did and when I started the scan 7 Trojan files popped up. Well I'll let it finish the scan and see what happens.

On a side note when the virus, etc is tossed into the "vault" how would one get rid of that?
 
And the band played on............

After the scan was completed a supposed 19 trojans were found and were "healed or sent to the vault". Rebooted as directed and.............

Same old snit!

Rrebooted into safe mode and have started the AVG command line scanner (this the same as before?) and so far two more trojans supposedly found.

'Nother NOOB question... this scan shows a lot of "locked" files as not tested, is this "normal"?
 
To empty the vault click History, Virus Vault and there should be an Empty the Vault option at the bottom of the window. There will be some system locked files like system restore. Turning system restore off will delete all the restore points and any infections saved in them. You may have to do some searching to tell if the files are locked by windows or by something tying to stop you from getting ride of them. At some point you have to look at how much time and trouble trying to remove this is adding up to. How long would it take you to do a clean install and be sure its gone from your system? AVG is obviously missing something, likely a root kit, that will just keep downloading Trojans etc to your PC as soon as you connect to the internet. Had that happen to me. I looked at all my services and found a few that were not normal windows services. Googling those got me instructions on how to remove the crap from my system. In the end I formated anyway because I always wondered if i missed something.
 
Danny Bui said:
had a client a few months ago with the very same infection. Neither Avira and AVG could get rid of the virus. I finally had to remove the drive itself, hooked it up to another PC, and Nod32 finally took care of it. Only problem though was that virus fucked up the OS so much that I had to reformat and reinstall the OS anyway.

In case you're wondering what I mean by fucked up:
- Explorer.exe would no longer work
- Event Viewer did not work at all.
- RPC or something related was removed. Spybot, AVG and Avast all complained of missing some required RPC related file.

Luckily all the data was safe.
Click to expand...

I kicked its ass.
 
alphanumeric said:
To empty the vault click History, Virus Vault and there should be an Empty the Vault option at the bottom of the window. There will be some system locked files like system restore. Turning system restore off will delete all the restore points and any infections saved in them. You may have to do some searching to tell if the files are locked by windows or by something tying to stop you from getting ride of them. At some point you have to look at how much time and trouble trying to remove this is adding up to. How long would it take you to do a clean install and be sure its gone from your system? AVG is obviously missing something, likely a root kit, that will just keep downloading Trojans etc to your PC as soon as you connect to the internet. Had that happen to me. I looked at all my services and found a few that were not normal windows services. Googling those got me instructions on how to remove the crap from my system. In the end I formated anyway because I always wondered if i missed something.
Click to expand...

That is always the question; Was it completely removed? Is it better to fix or re-install. A reinstall is great if you feel that it will be faster, however, from a professional stand point working on someone's computer they may not have all the CDs, Files, etc. that they had on there and they wine/cry because they have to redo their settings, complaining that you should do it all for them.

Sometimes I really hate computers, no, wait, I hate other peoples computers!!
 
True enough, I was speaking from the standpoint of working on my own personal computer, not someone else's. I have everything backed up and keep copies of all the latest drivers for my hardware. I can do a clean install in a couple of hours and have all my programs back on in a day tops. Cleaning out an infection and or spy-ware can be a good learning experience up until the point where you get really frustrated. :mad: I only have the one PC to use so downtime is no fun. Plus I do on-line banking so I want to be sure my PC is clean. ;)
 
Well guys I'm going to say it beat my but and reformat, really appreaciate y'alls input to this problem. Leason learned - everything is a potential threat so BE CAREFUL! ;)

Going to leave my saved data on the external for a while a keep hitting it with different scans and just remove the files "as necessary". :D
 
I just got rid of an infection of this malware using ComboFix; just make sure the exe is renamed, put it on the desktop, and it cleaned it right up(for the most part).

cancersticks said:
I had a lot of luck running Combofix to get rid of it. The scan took a good hour or so of running, but cleared off all of the nasty bits. (Was run on Windows XP Home machine; gave control back over background, desktop, etc.)

*Edit* A link would be nice: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Click to expand...
 
I fought this particular virus on an employee's computer a couple weeks ago too. It's hell to remove that I gave up and formatted. Notepad wouldn't work either as it would give me an error when I try to open it. All antivirus updating ports were blocked off, and all websites directed to fixes were redirected to a fake "page not found" site.

Explorer was replaced by spools.exe and if I attempted to change Shell back to Explorer.exe in the registry on startup, it would instead open My Documents folder instead of my desktop.

Replacing notepad.exe from a known working one on another computer fixed notepad, but what good would it do when nothing else works right anyways?

After fighting this damn virus for 3 or so days (I work on several computers at the same time, so my attention isn't completely focused on one), I gave up on it and reinstalled it.
 
I had good luck using Smitfraudfix and Hijack-This in safe mode. Removing all the correct files as well.

I've heard some things about MalwareBytes, is it legit or not?
 
pigwalk said:
I had good luck using Smitfraudfix and Hijack-This in safe mode. Removing all the correct files as well.

I've heard some things about MalwareBytes, is it legit or not?
Click to expand...

Completely legit. It seems to take care of most annoying ad/spyware, especially this Antivirus XP crap. I've seen an outbreak of it this summer, and MalwareBytes takes care of it every time.
 
tacos4me said:
Completely legit. It seems to take care of most annoying ad/spyware, especially this Antivirus XP crap. I've seen an outbreak of it this summer, and MalwareBytes takes care of it every time.
Click to expand...

I'll second malwarebytes, takes care of it quickly. I've had so many stupid users do this recently.
 
The reality is after a tough virus attack, only option is to format the disk or mount the disk to another machine with least 3 to 6 antivirus, malware, and rootkit scanners and scan the drive before it gets loaded. There is no such a thing as a 100% effective scanner. It will never exist, because the heuristic mode isn't a full proof and most detections are based on the definition files. The easy option is format your disk, because the rootkit can go invisible or cloak when the OS is launch after the bootloader. I seen some rootkits that can replace your definition files of few scanners. They can be loaded before antivirus apps and cloak to the invisibility. We live in a fucked up computer security time. There was a few black hat papers that say it can be inserted into an eprom before cloaking itself.
 
I just got this virus about a week ago myself. (It installed by itself by torjan.peed according to avast) My computer is still sitting in the corner waiting to be reformatted. :-/ Just don't have the time..
 
No need to reach for the format panic button...we're getting slews of these infections coming in....the tools are available to beat these Vundu/Zlob variants...and beat them well.

CCleaner first
Spybot S&D 1.6, update and immunize.
MalwareBytes does a fantastic job, gets some stuff SAS misses.
SuperAntispyware gets a good portion of it.

The shotgun effect with those tools does a good job at cleaning it.

For the deeper infestations when the person click on the links to puchase these rogue products..and allow more in...Google the tool SDFix.exe. That gets the rest of it if they allowed more in.
 
YeOldeStonecat said:
No need to reach for the format panic button...we're getting slews of these infections coming in....the tools are available to beat these Vundu/Zlob variants...and beat them well.

CCleaner first
Spybot S&D 1.6, update and immunize.
MalwareBytes does a fantastic job, gets some stuff SAS misses.
SuperAntispyware gets a good portion of it.

The shotgun effect with those tools does a good job at cleaning it.

For the deeper infestations when the person click on the links to puchase these rogue products..and allow more in...Google the tool SDFix.exe. That gets the rest of it if they allowed more in.
Click to expand...

Yep, usually what i do, i run AFT cleaner though, Also install AVG 8.0 and scan once all Safe Mode Scans are done. Also a good idea to turn off system restore first, then turn it back on after your done.
 
-(Xyphox)- said:
Yep, usually what i do, i run AFT cleaner though, Also install AVG 8.0 and scan once all Safe Mode Scans are done. Also a good idea to turn off system restore first, then turn it back on after your done.
Click to expand...

AVG will just bog it down and let it get reinfected again. :p
AntiVir FTW if you need a freebie.
 
You must log in or register to reply here.
Back
Top