XP Virus taken over

[CWD82]

Hopefully someone can help me with this.

 

I'm trying to log onto the Internet on my PC and everytime I do a warning pops up telling me their is a security threat and I can either

 

A) Get a copy of 'XP anti-virus 2011' to safeguard

 

B) Run Spyware, virus and malware scan

 

C) continue surfing without any security

 

When I click option C it refreshes the page. When I click option A it takes me to a convincing Microsoft looking page prompting me to purchase the mentioned antivirus software.

 

Also a XP virus scan pops up saying the PC is infected and details files that are posing a threat.

 

I've gone into safemode with networking and it still persists.

 

I've ran ccleaner but it won't let me run malwarebytes and it appears to have deleted combofix.

 

Anyone had previous experience of this? Any advice?

[TonyBellew_BUM!]

Hopefully someone can help me with this.

 

I'm trying to log onto the Internet on my PC and everytime I do a warning pops up telling me their is a security threat and I can either

 

A) Get a copy of 'XP anti-virus 2011' to safeguard

 

B) Run Spyware, virus and malware scan

 

C) continue surfing without any security

 

When I click option C it refreshes the page. When I click option A it takes me to a convincing Microsoft looking page prompting me to purchase the mentioned antivirus software.

 

Also a XP virus scan pops up saying the PC is infected and details files that are posing a threat.

 

I've gone into safemode with networking and it still persists.

 

I've ran ccleaner but it won't let me run malwarebytes and it appears to have deleted combofix.

 

Anyone had previous experience of this? Any advice?

 

Go to this Mc Afee site http://home.mcafee.com/store/downloads.aspx and click to install a trial version of one of their AV products. While it is downloading and installing it will run a system scan remotely over the web and remove the virus in the process. Once your PC is working you can then remove the product.

 

To stop that XP virus scan from happening again you should press ctrl and W. If this isn't the correct one for your system you can find it on the web, it just closes any webpages that are open and therefore stops you from getting a virus.

[Woo]

I had this, too. I stopped the task in task manager and was then able to run Malwarebyte's, which sorted the problem out.

 

It appears Avast doesn't recognise the virus at all.

[CWD82]

I had this, too. I stopped the task in task manager and was then able to run Malwarebyte's, which sorted the problem out.

 

It appears Avast doesn't recognise the virus at all.

 

Cheers Woo, which task was it?

[CWD82]

Go to this Mc Afee site Download Anti Virus, Anti-Spyware, Internet Security Home and Home Office Software | McAfee and click to install a trial version of one of their AV products. While it is downloading and installing it will run a system scan remotely over the web and remove the virus in the process. Once your PC is working you can then remove the product.

 

To stop that XP virus scan from happening again you should press ctrl and W. If this isn't the correct one for your system you can find it on the web, it just closes any webpages that are open and therefore stops you from getting a virus.

 

Cheers. I'll give this a try aswell. I have mcafee antivirus but it's turned that off

[Woo]

Cheers Woo, which task was it?

 

Can't remember exactly, but I it was running at about 15000KB, and was instantly recognisable. Was called something like 'you.exe'

[Joe Le Taxi]

We had this on one of the computers at work. Does anyone know if this can grab your information and pass it back to the originator of the virus?

[CWD82]

Not sure Kopite Lewis

 

Thanks for all advice. In the end I had to download combofix onto a memory stick from a mates computer and launch it that way. All sorted now

[George Costanza]

combofix is ace. kills most viruses although has been known to corrupt OS.

 

most viruses just put a .exe in a hidden system folder. In Win XP its generally located in the documents&settings/allusers/application data folder or in vista/win7 its located in the programdata folder. boot into safe mode locate the folder (generally a really wierd folder name ie 'tyt765484hdfdf') and just delete it. run malwarebytes to clean everything up.

[RedinSweden]

Go to this Mc Afee site Download Anti Virus, Anti-Spyware, Internet Security Home and Home Office Software | McAfee and click to install a trial version of one of their AV products. While it is downloading and installing it will run a system scan remotely over the web and remove the virus in the process. Once your PC is working you can then remove the product.

 

To stop that XP virus scan from happening again you should press ctrl and W. If this isn't the correct one for your system you can find it on the web, it just closes any webpages that are open and therefore stops you from getting a virus.

 

Just turned you from full red to full green for being helpful.

[nimrod]

Remove Windows XP Recovery (Uninstall Guide)

 

I did what it says here and got shut of it, but things like desktop shortcuts are flakey. I don't think the system will ever fully recover.

[TonyBellew_BUM!]

Just turned you from full red to full green for being helpful.

 

Thank you, when I get my season ticket I will repay your kindness.

[Uncle_Meat]

Safe Mode.

 

If it's not letting you run any .exe or similar files, Fixexe.reg download.bleepingcomputer.com/reg/FixExe.reg

 

Then.

 

1. RKill Bleeping Computer Downloads: RKill

2. TDSS Killer Anti-rootkit utility TDSSKiller

3. ComboFix A guide and tutorial on using ComboFix

4. MBAM Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at CNET Downloads

5. ????

6. PROFIT!!1!

 

 

If all your files are missing, Unhide.exe http://download.bleepingcomputer.com/grinler/unhide.exe

[TonyBellew_BUM!]

We had this on one of the computers at work. Does anyone know if this can grab your information and pass it back to the originator of the virus?

 

This virus does steel your banking details, that is what it is designed to do.

[god knows]

Just had this virus on my laptop. Couldnt access the net but knew it was a scam asking for money. Took it to "Whichlaptop" on Walton Vale who does all my repairs and Jack there said he had spent all weekend restarting his kids computers because of it. Apparently, if you register your bank details, it empties your account and Microsoft have offered a reward for the identity of the cunts. It completely corrupted my laptop and cost me £60 to have it repaired. Cunts.

[TheDrowningMan]

combofix is ace. kills most viruses although has been known to corrupt OS.

 

most viruses just put a .exe in a hidden system folder. In Win XP its generally located in the documents&settings/allusers/application data folder or in vista/win7 its located in the programdata folder. boot into safe mode locate the folder (generally a really wierd folder name ie 'tyt765484hdfdf') and just delete it. run malwarebytes to clean everything up.

 

Combofix did the trick for me on my Vista laptop last year after a bastard of a fake AV malware last year. It was really the last throw of the dice after 12 hours straight working on nuking the fucker. That incident more or less put me off ever using a Windows machine as my main PC, so traumatic it was.

[George Costanza]

Safe Mode.

 

If it's not letting you run any .exe or similar files, Fixexe.reg download.bleepingcomputer.com/reg/FixExe.reg

 

 

if combofix.exe cannot run I just rename it combofix.com & works a treat.

[bigguly]

Combofix did the trick for me on my Vista laptop last year after a bastard of a fake AV malware last year. It was really the last throw of the dice after 12 hours straight working on nuking the fucker. That incident more or less put me off ever using a Windows machine as my main PC, so traumatic it was.

 

Try Linux. That's what I've been using for the last 3 years. Does nearly everything that I require from it. I mainly use the computer for surfing the 'net, docs, Youtube, BBCiplayer, downloading ....

I still have Windows Vista, but I rarely use it.

Linux Mint is the one I would recommend. The DVD download version, will have all the necessary propreity stuff on (flash, MP3, DVD's) so you should have no issues.

[TonyBellew_BUM!]

Try Linux. That's what I've been using for the last 3 years. Does nearly everything that I require from it. I mainly use the computer for surfing the 'net, docs, Youtube, BBCiplayer, downloading ....

I still have Windows Vista, but I rarely use it.

Linux Mint is the one I would recommend. The DVD download version, will have all the necessary propreity stuff on (flash, MP3, DVD's) so you should have no issues.

 

Using Linux isn't as safe as it used to be. Once upon a time Virus writers where just nerds showing off how good their computer skills were, nowadays though they are criminals who want to steel your cash.

 

Linux machines can also get infected with viruses as can Apples.

[RoboRiise]

Mates PC picked this up a couple of weeks ago, 20 minute job to sort it out - I've come across far, far worse.

 

Someone has already mentioned it above but nine times out of ten when something like this blocks malwarebytes or similar apps from running, they're able to do it because the name (and possibly the full default installation path) of the executable for your removal software are coded into the malware. Just rename the executable and run it by double-clicking (because your shortcut won't work after you've re-named it). If that doesn't work, reinstall it to a different folder, re-naming the installer file before you start because that will probably be blocked as well.

 

I've never had to try shifting one from a Vista or Windows 7 system (I'm using an old box at the moment and it doesn't have the specs to run either at a halfway acceptable speed, same for most of my mates - I've not been infected for a long time now anyway) but the people that release shite like this aren't evil geniuses, they're just cunts out to make a quick buck.

 

As long as you've got enough understanding of your system to realise what the malware is doing and how it's doing it, they're usually pretty straightforward to circumvent and remove.

 

For the nastier stuff, combofix is a fantastic utility. If you use it, I'd strongly encourage you to pay them a small donation - many people don't and that sucks because their software has pulled many a PC back from the brink.

 

Uncle Meat's advice above is bang on the money also. Best tip I can give you is have a look at all that NOW and get some basic familiarity with the issues, rather than waiting until your PC is fucked up. It might be boring but it's nothing like as boring as wasting 3 hours fucking around trying to fix your system when you don't even dare go online for fear that Russian or Chinese bastards are going to steal your money.

[Uncle_Meat]

if combofix.exe cannot run I just rename it combofix.com & works a treat.

 

 

Yep, I've got a bunch of renamed cleaning utils on my (write protected) memory stick for that reason but there is one side effect of one of these virii that fucks up your file associations, where if you try to execute any .exe file it pops up with the windows "do you want this program to open this file" dialogue, and that registry fix sorts that out.

 

That Mac virus is doing the rounds as well, I've had 3 of them in the last week. Best part of it is watching their smug "I use OSX, OSX does not get infected" faces fall.

[TheDrowningMan]

Using Linux isn't as safe as it used to be. Once upon a time Virus writers where just nerds showing off how good their computer skills were, nowadays though they are criminals who want to steel your cash.

 

Linux machines can also get infected with viruses as can Apples.

 

That's true in theory, though it's still a lot harder. Look at the recent fuss about the fake Mac antivirus. You'd literally have to click through and properly install it yourself for it to take hold and consciously give it root access. It's not a case of just clicking on to a website and then having it install itself as it can be on Windows. You'd have to be interminably computer illiterate to fall for it.