• "XP Antispyware 2010"
    12 replies, posted
I have this piece of malaware on my system (I am using Windows XP), and I can't get it off. Avast! doesn't detect it, Bitdefender doesn't detect it, and the virus prevents me from installing Malaware Bytes. It runs as a process in the background called "av.exe", but if I end it, it just comes right back. This is the second time I've had this thing, and Bitdefender worked the first time. System restores and safe mode do not work either. What in the fuck do I do?
I looked it up, this should help. This is what I did when I was infected with Vista Antispyware 2010. [quote]Step 1: click Start at the left bottom corner of your monitor Step 2: choose Run in its menu Step 3: type “command” in the line and click OK or press Enter Step 4: in the window that is to appear type “notepad” Step 5: once notepad is open, insert the following text into Notepad by copy and paste: Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command] [-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command] [-HKEY_CLASSES_ROOT\.exe\shell\open\command] [HKEY_CLASSES_ROOT\.exe] @=”exefile” “Content Type”=”application/x-msdownload” [-HKEY_CLASSES_ROOT\secfile] Step 6: save the resulted file as “exefix.reg” (no quotes) at the Desktop. When saving, please choose All Files at the Save File drop-down list. Open “exefix.reg” file (on your Desktop) and press “Yes”. After that you can download Spyware Doctor and other legitimate anti-spyware applications. Download Spyware Doctor to remove XP Antispyware 2010 malware Manual removal of XP Antispyware 2010: XP Antispyware 2010 manual removal means that you have relevant skills for managing .dll files and PC registry. After you remove XP Antispyware 2010 manually, we still highly recommend you due to the reasons explained above to perform free scan for malware. Follow the relevant link above to start free scan (click on “Download Spyware Doctor to remove XP Antispyware 2010 malware”). Delete XP Antispyware 2010 files: av.exe WRblt8464P Delete XP Antispyware 2010 registry entries: HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? % HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? % HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? % HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? % HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?[/quote] After you have deleted all of its registry files, you should be able to download, install and use MalwareBytes to get rid of the virus. The reason why it keeps coming back when you shut it off is probably because you're trying to run an exe file, which (at least Vista Antispyware did for me) will cause it to run.
When my friend had the Vista version of this she downloaded Malwarebytes on another computer, put it on a thumb drive, and copied it to the the infected PC's desktop. Then she renamed the installer to explorer.exe and ran it as an administrator. [editline]a[/editline] Oh and keep ending the av process whenever it pops up. (It seemed to me it came back on in 1-minute intervals.)
If I were you, I'd pull all the data off and do the "backup, format, reinstall" dance.
system restore asap
[QUOTE=Oktoberman!;20616124]system restore asap[/QUOTE] That won't fix anything.
[QUOTE=Crit-Sandvich;20616506]That won't fix anything.[/QUOTE] did for me.
This sounds like the "Antivirus Soft" virus that I've been seeing on various computers lately. Just start your system in safe mode, and search your program files for it.
My friend had this, He removed it with two programs, rkill and igotthebomb or something like that... Though this is just one option.
I got this same virus, what I did to remove it was I used a program called rkill, what rkill does is stops everything from running this IS [B]REQUIRED.[/B] then I would try running a system restore. to preform a system restore: 1. click "start" go to "all programs", then "accessories", "system tools", and finally "system restore" 2. click "restore my computer to an earlier time", "next" 3. find the date before you got the virus then just click on "next" it should just restart your computer and everything should be as good as new! :D
system restore is shit, malicious programs have been found to use it in a way to remain on your system.
[QUOTE=rampageturke;20630234]system restore is shit, malicious programs have been found to use it in a way to remain on your system.[/QUOTE] Exactly. Removing a virus is never this easy (especially since system restore does not delete anything at all.)
My friend got a virus similar to this. It claimed it was an anti-virus, it installed itself without him knowing. He didn't download anything either. He booted his computer up, went downstairs to get something, came back up with like six or seven windows open claiming he had viruses. He wasn't able to open any text editors, any web browsers, any anti-virus software, and when he booted his computer in safe mode...it still came up. He tried manually deleting it and it said that it would not allow it. Then the next day he was able to browse the internet, but his homepage was [b][url]http://www.sex.com[/url][/b] and any website he tried going to redirected him to porn sites that gave him obvious viruses. He brought it into Miracle Computers and they just wiped it completely. Then he bought a new hard drive because he thought some of the sites the virus sent him to were illegal. :tinfoil: [B]tl;dr:[/B] INSTALL ANTIVIRUS.
Sorry, you need to Log In to post a reply to this thread.