Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Antivirus XP 2008 / 2009

  1. #1
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    686

    Antivirus XP 2008 / 2009

    There is a lot of it about at the moment and if you look on YouTube you will see various explanations of how to remove it, unfortunately they are mainly stupid and may leave you worse off than you started as they only address a small part of the problem.

    I know those people are trying to help folks but they are obviously not qualified to do so. The malware programs in question Antivirus XP 2008 /2009 will download other stuff to your computer and they do not always do the same thing so deleting a couple of files and a folder or two isn't going to help you - for long.

    It seems that both Malwarebytes AntiMalware (free version) and SuperAntiSpyware (free version) both now have removal scripts that work so if you are willing to install a program temporarily to remove the problem these two will address both the fake antivirus and any downloaded crapware that it has further infected your computer with. They should also fix the Policies that the infection adds (can't change desktop/open regedit/open task manager).

    There is also a useful script for these types of infections maintained by a guy at internetinspiration http://www.internetinspiration.co.uk/roguefix.htm which will help you if you have an alternate antispyware that hasn't yet added defs for the Antivirus XP 200x.
    I'm using Windows 7 - you got a problem with that?

  2. #2
    The Beast Master TZ Veteran PIPER's Avatar
    Join Date
    May 2002
    Location
    Florida
    Posts
    1,055
    right on Bro.....

  3. #3
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    I've always battled with this malware... very persistent bug! Thanks for the scripts, better than continually formatting!

    --- 0wN3D by 3gG ---

  4. #4
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    Yes, good post.

    I can back up what curio says.

    I use MBAM & SAS to clear this infection out of many people's systems.

    Both are great free programs and welll worth installing. Even if you are not infected now. I use them both on all our PCs here (all on XP).

    You should install both, update them regularly and scan your systems with them from time to time. It will help keep infections at bay.

    Good luck.
    Last edited by musicman; October 30th, 2008 at 08:12 AM. Reason: to correct spelling error
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

  5. #5
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    Just as I wrote my post, I got a call from my cousin who just got infected with the latest Vundo.Trojan and continual pop-ups, DDoS and crawling CPU!

    I'm keen to try the above free apps, which would be most suitable?

    --- 0wN3D by 3gG ---

  6. #6
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    Your cousin can try both MBAM & SAS but they may not fix it.

    If they don't work then follow these instructions ......

    http://www.bleepingcomputer.com/malw...ndo-virtumonde


    Let us know whether or not something here worked and, if so, which one.

    Again, good luck.
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

  7. #7
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,409
    I just had to deal with this bug. The only one that saw it and was able to get rid of it was the malwarebytes. Cheers to freeware.



  8. #8
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    Thanks, I'll give Malwarebytes a go, i've dedicated a few hours on Saturday to try and fix it, else... Format Time :-)

    --- 0wN3D by 3gG ---

  9. #9
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    Quote Originally Posted by cash_site View Post
    else... Format Time :-)
    Have faith. You shouldn't need to reformat.

    Like we all say .... MBAM first, next SAS then, if not fixed, the big guns .... the Bleeping Computer tutorial. If nothing else works the BC fix will do it.

    Let us know how you get on.

    Good luck.
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

  10. #10
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,089
    I've used SAS & MBAM since their beginnings, both do a great job

  11. #11
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    686
    **this is important**
    DISCONNECT THE PC FROM THE INTERNET

    The malwares in question usually re-download themselves from the interweb if any part of them successfully start - so it looks fine one minute then all of a sudden it is re-infected. As they also install layers of startups you need to run several tools to be happy before you reconnect.

    The roguefix script is a very good starting place as it is comparatively quick to run and will drastically cut down the poot from your PC enabling the other tools to run faster so we get to the end result (cleaned PC) faster.

    I'm using Windows 7 - you got a problem with that?

  12. #12
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    Thanks for the Info. Turned out Malwarebytes is a fantastic app to remove Vundo trojans. Very quick scanning, and quick removal scripts. Just stuck with Free Version, and will do manual scans at different times.

    Definitely recommended, however, I think prevention is the best method. Keep Windows and Java always updated!!

    --- 0wN3D by 3gG ---

  13. #13
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    Congratulations & well done. We assume that your cousin's PC is now disinfected.

    Yes, prevention is better than cure but, like I said in post #4, keep MBAM updated and always readily to hand.

    Scan all systems with it on a regular basis to help keep away malware. Even if you think you are clean.


    MM
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

  14. #14
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    Yep Musicman, disinfected (as of when I left it!)... however there is still still a problem with TaskManager not running (not sure if it's a corrupted DLL due to the virus)... google doesn't answer many questions.

    But I will be installing MBAM on my other PCs as a handy tool in the IT-Pack :-)

    --- 0wN3D by 3gG ---

  15. #15
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    OK so what happens exactly? When he/she gives the 3-fingered salute, for example, does your cousin get the task manager or not? If not ... what happens?
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •