Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn Antivirus Xp 2008


  • Please log in to reply
1 reply to this topic

#1 rphken

rphken

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 01 July 2008 - 12:44 AM

I've read many threads on this topics, and it seems many of us have the same problem: the darn "Antivirus XP 2008" virus would not go away despite all our efforts.
I myself have followed all the instructions from this good forum, which helped me get rid of a large part of the problem, but in the end , this virus is still on my laptop.
I downloaded and ran Malwarebyte Anti-Malware, which detected and removed some infections. But the virus was still there. I, then, followed the instructions from Quietman7 and ran ATF Cleaner and SuperAntispyware scan (instructions were strictly followed). At the end of the scan, it said "no malicious or spyware was found". Yet, upon rebooting, the virus still exists. I used the computer for a while, then ran Malwarebyte AM again. This time it did not detect any malware, but the virus is still on my computer.

My current sympstoms are:
1)The blue screen (the spyware alert banner and the "You have a security problem!" pop-up are gone. Thank god!)
2)Everytime I open Internet Explorer, it goes to WinspywareProtect and it starts its bogus scanning and pop-up alerts. Although, I could still use Internet Explore as usual, as long as I change to a different address in the address bar. (I wonder if it's safe?)
3)I tried to remove AntivirusXP2008 program from Window Program Remove/Change, it would not do it. It seems to uninstall it, but once finished, it's still there.

My laptop is a new Dell Vostro 1700, Intel Core Duo2, Window XP Home Edition.
I would appreciate any advise / help.
Thank you in advance.

BC AdBot (Login to Remove)

 


#2 rphken

rphken
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 01 July 2008 - 12:50 AM

Here are the logs on my Malwarebyte Antimalware scans:
1) The first one:

Malwarebytes' Anti-Malware 1.19
Database version: 910
Windows 5.1.2600 Service Pack 2

6:13:20 PM 6/30/2008
mbam-log-6-30-2008 (18-13-20).txt

Scan type: Quick Scan
Objects scanned: 48007
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc71aj0ea45 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kenny\Local Settings\Temp\.ttA3.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc71aj0ea45.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kenny\Local Settings\Temp\setup61.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Kenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kenny\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kenny\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

2) The second time

Malwarebytes' Anti-Malware 1.19
Database version: 910
Windows 5.1.2600 Service Pack 2

11:50:22 PM 6/30/2008
mbam-log-6-30-2008 (23-50-22).txt

Scan type: Quick Scan
Objects scanned: 39906
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users