Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Antivirus 2009 or Variant


  • Please log in to reply
1 reply to this topic

#1 FWT

FWT

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 19 December 2008 - 04:29 AM

Hi everyone,

First of all, I would like to thank all those who have created the walkthroughs and applications for removing malware. The walkthroughs are very informative and applications are something that I recommend to countless people.

I have been dealing with xp antivirus 2008/09 and vista antivirus since about July when I started to see an increase in infections. Within the past week and a half I have had 3 systems that have had the same problem and I have not found a removal procedure to clean the systems. In the past I would typically follow the following procedures to get a system back up and running.

Boot to safemode
Run combofix allowing it to reboot
Boot back into safemode
Run HJT
Install malwarebytes anti malware and spybot search and destroy
run full updated scans with both and remove all infections
Update the antivirus or install AVG and run a full scan removing any infections
Then run windows updates, disk clean up and defrag.

This has worked great up until the past week or so.

Now, when I boot to safemode and try to start combofix, it will not run.
If I open the task manager I can see that it started, but the program is not running.
Within 5 minutes of booting to safemode the system will lock up with cursor movement, so I know that it is something running in the background.
I created a UBCD disk and can run scans from that, but have not added combofix or malwarebytes to the disk yet.

The only way that I have been able to get around these problems is to run a system restore then follow the above steps, but I would rather not do that.

What is this infection? Why are there no patches for it? How do I remove it?

Any help would be greatly appreciated.

Thanks,
FWT

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:33 AM

Posted 19 December 2008 - 03:54 PM

You should not be using Combo Fix or Hijack This without expert supervision.

The programs below have had good results in finding and removing the malware you identified.
Best to run MBAM and Super Antispyware in safe mode after you have updated them in regular mode.

http://www.bleepingcomputer.com/forums/ind...t&p=1040160

User instructions for MBAM:
http://www.bleepingcomputer.com/forums/ind...st&p=944365

http://siri.geekstogo.com/SmitfraudFix.php

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

Use Ccleaner to remove temporary files, logs, cookies, etc. before running the scans above. During install you will be
offered the Yahoo Toolbar. UNcheck if not wanted. http://www.ccleaner.com/

Allow Secunia online scanner to find missing security updates for all of your programs.
http://secunia.com/vulnerability_scanning/online/

Edited by buddy215, 19 December 2008 - 03:56 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users