|
|
Post by Disgruntled70sHab on Oct 19, 2008 11:31:53 GMT -5
Hello folks,
Dis Jr downloaed a parasite that flogs itself as XP_Antispyware 2009. He had the best of intentions but now we're being bombarded by pop-up window telling him his system is infected.
I googled, "how to remove XP_Antispyware 2009" but everything that is 'free' is only 'free' up to a point. In order to remove the parasite I'll have to purchase the registry code, which I'm not prepared to do.
However, they also have online scripting solutions a well. I'm not a techo geek so I opted to stay away from scripting.
I think my neighbour had this problem as well but he ended up reformatting his hard drive. I could back things up easily enough but I would rather just get rid of it.
Any pointers would be helpful. Much thanks.
Dis
|
|
|
|
Post by Cranky on Oct 19, 2008 11:54:36 GMT -5
Oh boy, the only way to really do this is if I had the computer in front of me....but....here is the BEST free route.
Load AVG anitspyware and let it update...then let it scan.
If not enough....
Malwarebytes' Anti-Malware...update and let it scan. Write it down and do what it says.
Go C: drive....go to Windows....got to date modified...anything in there that's recent? Chances are it's malware.
Top four files should be....
WindowsUpdate.log
wiadebug.log
wiaservc.log
bootstat.dat
If there is anyhting "new" in there, it's propbably malware. (you will know this by the "Date Modified" date).
While in Windows...go to system32 files....
Top two files should be....
vsconfig.xml
wpa.dbl
Anything recent in there and chances are it's malware.
I can't recommend that you delete anything unless you know for sure that it's malware. Let the two first programs do their job and then take it from there.
Last resort....and we are far away from that at this point.....send me your hard drive (make sure it includes the locations of all your gold bullion deposits).
|
|
|
|
Post by franko on Oct 19, 2008 12:32:20 GMT -5
Have you tried a "system restore" to a previous date? Not sure if that wipes out the problem (which is now resident in your system registry) or not.
|
|
|
|
Post by cigarviper on Oct 19, 2008 12:52:24 GMT -5
AVG never fails.
|
|
|
|
Post by Disgruntled70sHab on Oct 19, 2008 14:21:39 GMT -5
Actually, the AVG installation failed. What I might do is restore the system (can't believe I forgot that, thanks Franko) then run a complete system test. Thanks guys. I'll keep trying. Dis |
|
|
|
Post by cigarviper on Oct 19, 2008 14:40:13 GMT -5
Actually, the AVG installation failed. What I might do is restore the system (can't believe I forgot that, thanks Franko) then run a complete system test. Thanks guys. I'll keep trying. Dis I meant the program never fails to protect without being intrusive to run. |
|
|
|
Post by Disgruntled70sHab on Oct 19, 2008 14:48:55 GMT -5
Actually, the AVG installation failed. What I might do is restore the system (can't believe I forgot that, thanks Franko) then run a complete system test. Thanks guys. I'll keep trying. Dis I meant the program never fails to protect without being intrusive to run. Thanks CV. The restore did not work. There's some anti malware out there but they want coin for it. I'll see what the lads at work have tomorrow. Cheers. |
|
|
|
Post by Cranky on Oct 19, 2008 15:37:55 GMT -5
Thanks CV. The restore did not work. There's some anti malware out there but they want coin for it. I'll see what the lads at work have tomorrow. Cheers. The anit-Malware that I gave you works well and it's free. |
|
|
|
Post by PTH on Oct 19, 2008 15:46:29 GMT -5
One thing I've discovered is ProcessGuard - it's a piece of free software that allows you to allow any process to run - or not.
I used it to patch up a (very hot) coworkers laptop without needing to reinstall anything... Peerguardian means you just ban the process from ever even starting.
It's not a perfect solution, but it works without screwing anything else up (if you do it right).
|
|
|
|
Post by Cranky on Oct 19, 2008 15:52:57 GMT -5
I used it to patch up a (very hot) coworkers laptop If that is all you "patched"...then we need to talk! |
|
|
|
Post by PTH on Oct 19, 2008 17:00:02 GMT -5
I used it to patch up a (very hot) coworkers laptop If that is all you "patched"...then we need to talk! I got as far as anyone in the department did. And trust me, we all gave it our best. |
|
|
|
Post by The New Guy on Oct 19, 2008 19:23:14 GMT -5
Having had some experience with XP_Antispyware 2009 I can tell you Dis that you are in for a long and less than pleasurable ride. So far I've had three people in my office install it on their various and sundry machines, and the current policy is "unplug the bastard, backup whatever is absolutely necessary to thumb drive or what not, and format the sucker". It's possible to fix, but the first computer (belonging to an executive) took two days of my time to clean.
My best advice is to get AdAware, SpyBot Search & Destroy and a demo of Spyware Doctor (or buy the real thing for $30 - more on that later). Install them all, and run AdAware. Remove whatever it finds. Run SpyBot and remove everything it finds. Reboot into safe mode. Repeat the first two steps. Reboot into safe mode again. Run Spyware Doctor. If it finds anything, run AdAware and SpyBot again. Reboot into safe mode again and keep going down the route until nothing shows up in Spyware Doctor (Spyware Doctor is one of the better scanners on the market - it's much faster than AdAware and SpyBot, but you've got to pay to be able to remove anything it finds).
If all else fails, download and run a program called HiJack This! and post the log here and I'll take a deeper look at what exactly the bug has installed on your system.
Cheers!
|
|
|
|
Post by Disgruntled70sHab on Oct 19, 2008 19:59:10 GMT -5
Thanks CV. The restore did not work. There's some anti malware out there but they want coin for it. I'll see what the lads at work have tomorrow. Cheers. The anit-Malware that I gave you works well and it's free. Thanks HA. I already have AVG running on my PC. I even tried booting into the safe mode but it wouldn't allow me to access the AVG program for some strange reason. But, thanks again for the advise mate. Much appreciated. Franko, I went to one of the sites you dropped by me via PM. It got rid of quite a few things. I was impressed with that. But, it didn't remove the virus I wanted it to. I'll try it again from the safe mode and if it doesn't work I'll drop the company a nasty-gram. Cheers. |
|
|
|
Post by Disgruntled70sHab on Oct 19, 2008 20:04:10 GMT -5
Having had some experience with XP_Antispyware 2009 I can tell you Dis that you are in for a long and less than pleasurable ride. So far I've had three people in my office install it on their various and sundry machines, and the current policy is "unplug the bastard, backup whatever is absolutely necessary to thumb drive or what not, and format the sucker". It's possible to fix, but the first computer (belonging to an executive) took two days of my time to clean. My best advice is to get AdAware, SpyBot Search & Destroy and a demo of Spyware Doctor (or buy the real thing for $30 - more on that later). Install them all, and run AdAware. Remove whatever it finds. Run SpyBot and remove everything it finds. Reboot into safe mode. Repeat the first two steps. Reboot into safe mode again. Run Spyware Doctor. If it finds anything, run AdAware and SpyBot again. Reboot into safe mode again and keep going down the route until nothing shows up in Spyware Doctor (Spyware Doctor is one of the better scanners on the market - it's much faster than AdAware and SpyBot, but you've got to pay to be able to remove anything it finds). If all else fails, download and run a program called HiJack This! and post the log here and I'll take a deeper look at what exactly the bug has installed on your system. Cheers! Thanks TNG. I didn't read your post before replying to HA. I have Spyware Doctor on my PC now. It was one of the sites Franko sent to me off line, the great guy that he is. As a temporary measure, I just brought up the properties on my Taskbar and Start Up menus and hid the bugger. That actually gives me relief from the pop-ups that show up on a regular cycle. I'll see what Spydoctor does in the safe mode, though. Thanks again. Cheers. |
|
|
|
Post by gy on Oct 19, 2008 21:06:35 GMT -5
I use Kaspersky to segregate and sometimes totally disinfect malware like that.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 31, 2008 10:21:28 GMT -5
Hey, Dis. I have Spyware Doctor, and it is incredible at locating spyware. Don't forget to install the antivirus add-on with it (it's free!).
I was actually going to recommend checking out some free trial software that let you use full features of the program for 90 or 180 days. Too bad I missed this thread by several days.
|
|
|
|
Post by blny on Oct 31, 2008 11:31:57 GMT -5
All the good tools are being mentioned. Safe mode is vital too, as a lot of malware tricks the computer into thinking it's a vital process. Basic malware can be stopped, but not removed, but going into msconfig and deselecting it from the start up folder.
I had something hiding on my computer, that AVG, spybot, adaware, windows defender, cs shredder, and hi jack this wouldn't/couldn't find. I ended up moving all my songs, movies, and other files to my second drive and formatting.
Some really bad malware doesn't get toasted from a simple format c: either. For the really bad stuff a 'low level' format is required. If you find yourself in this case, check online for a program called 'dban'. It's a small enough program to fit onto a floppy, but very good at what it does. I use something similar called DSX Disk Destroyer that I got through a friend, but have never found online. Beautiful program.
Good luck.
|
|
|
|
Post by The Habsome One on Oct 31, 2008 19:48:52 GMT -5
Try www.antivirus.com -> Free Tools -> HouseCall. In the past, I've had success catching viruses/trojans/malware that AVG, Norton, or McAffee wasn't able to. Hope it works for you.. |
|
|
|
Post by Disgruntled70sHab on Oct 31, 2008 21:33:13 GMT -5
Thanks guys. I'm using "Malwarebytes". It's a program Franko sent to me and it removed absolutely everything.
BLNY, going to MSConfig was probably the very first thing I did, but the virus stayed there boot after boot. It didn't matter if I 'checked it off' in MSConfig.
However, I'll check out some of these other sites as well. Much thanks again.
Cheers.
|
|
