Virus runs in safe mode and blocks access to Malwarebytes

I run MS Security Essentials and AVG - AVG expired a month ago and I had been debating whether to change to another supplier but before I could do so last week I got hit by the WindowsRecovery virus. I thought I had cleared it out manually, but had been having some problems with access to IE so opened in safe mode to download Malwarebytes. At once a new virus opened, XP Anti Spyware with the usual dire warnings, and has blocked access to Malwarebytes website. Cannot now run in even safe mode as this new virus is rampaging about inside safe mode. It has presumably infiltrated SE in some way. I have no idea how it got in as I have not downloaded anything in weeks. But now I cannot even run in safe mode or access malwarebytes.

I assume the only way forward is to download an anti virus package from this pc (not yet infected) onto a usb stick and install it from there. Is this the way forward and which one should I chose. I am running XP Pro by the way.

Please see the self-help guide: Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011. Be sure to follow the instructions exactly as written using FixNCR.reg, RKill and then an immediate scan by Malwarebytes.

I run MS Security Essentials and AVG - AVG expired a month ago and I had been debating whether to change to another supplier

Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management. Even if one of them is disabled for use as a stand-alone scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that virus or suspicious file. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found when that is not the case.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of others and may insist they be removed prior to download and installation of another. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms while trying to use it.

To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

Anti-virus vendors recommend that you install and run only one anti-virus program at a time

• Symantec's statement
• Eset's Statement
• Avast's statement
• AVG's statement
• Dell Support statement

You can always supplement your anti-virus by performing an Online Virus Scan.

I assume the only way forward is to download an anti virus package from this pc (not yet infected) onto a usb stick and install it from there. Is this the way forward and which one should I chose.

Choosing an anti-virus is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. You may need to experiment and find the one most suitable for your needs. For more specific information to consider, please read Choosing Your Anti-virus Software.

Since you already have MSE, I suggest you keep it.

There seemed to be three components to SE when I first downloaded it: Firewall, Security Protection and Anti Virus. AVG was automatically included as the Anti Virus for a free trial period. I have always kept all ON but AVG expired last month and I was deciding which anti virus to buy as I assume this element was not provided by SE. I have read elsewhere that some people hit by the latest versions of Windows Recovrey or XP Anti Spyware viruses, think that SE has been compromised in some way, which is how it infiltrates the pc. Very worrying that it is able to run in and block out safe mode and suggests it has got past SE's Firewall somehow.

Microsoft Security Essentials (MSE) is a free antivirus solution which provides real-time protection that guards against viruses and malicious software. This page provides a brief overview of features and related security links. MSE Support provides several How-to videos for installing, scanning and addressing a detected threat. MSE was originally developed as a scaled-down version of and replacement for Windows OneCare and was aimed at users who either could not or did not want to pay for anti-virus and anti-malware software.

According to comments posted on this website in the last few days, Security Essentials does not pick up or block the latest variant of this AntiSpyware virus.

http://answers.microsoft.com/en-us/protect/forum/protect_scanning/microsoft-security-essentials-did-not-detect/712fb4b7-1d2f-472f-9eab-84f4cb256f2a
myself and many others have had our computers infected with fake virus software AFTER mse was installed and WHILE mse was running.
We want to know WHY mse doesn’t detect the fake anti-virus software and WHEN ms will add this threat to the MSE virus definitions.
dated 28 April 2011.

I am concerned that if I continue to rely upon SE I might get reinfected, once I have cleared this up.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections.

This happens with all anti-virus programs so switching because MSE does not detect and remove it yet will probably not be helpful.

The problem is that dealing with this particular virus is a nightmare and I have no idea (really) how I caught it. I have not downloaded anything at all for weeks, not visited any porn sites or anything else and am very careful what I open. I am therefore nervous that it has targeted me because I am running Security Essentials and the authors in the latest variant have found a way to switch SE off. I had it fully implemented at the time I was attacked.

Assuming I do not change from SE and Microsoft continues to ignore this particular nasty virus, how can I guard against getting it again as soon as I have cleaned it up this time. You will see from the link that other "victims" are pressing MS for a response on this but so far none has been released.

Did you follow these instructions yet?

Please see the self-help guide: Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011. Be sure to follow the instructions exactly as written using FixNCR.reg, RKill and then an immediate scan by Malwarebytes.