Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG finds xpantivirus-but it doesn't appear to be gone!


  • Please log in to reply
9 replies to this topic

#1 katy24

katy24

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 31 May 2009 - 02:58 PM

I have a friend who got the xpantivirus on his business computer (dell desktop running windows xp home)....he did a restore to an earlier date. The popups have stopped but ever since his computer has been slo as a snail. His virus scanner was outdated. I removed it and got AVG installed and updated. I ran a quick scan and it found this.......xpantivirus_V77024205.exe.....I said to fix it......it said it was quarantined, but in msconfig I can see it in the startup list? I have downloaded adaware.....I also have access to malwarebytes anti-malware. didn't have time to run either one since I am limited to office hours for access to the computer. I have internet connection on the computer so can download other utilities if I need to.
I tried to find information on the exact virus name, but with no luck....so I am not sure from what I read exactly "which" antivirus bug this computer had or still has??
Can someone advise me what actions I should take next?
thank you
Kate

checking into more forums I see that malwarebytes should remove these infestations....I am going to try that tomorrow and will then post back with my success or failure. :thumbsup:

Edited by katy24, 31 May 2009 - 03:42 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 PM

Posted 01 June 2009 - 08:16 AM

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Scan with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 katy24

katy24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 01 June 2009 - 09:04 PM

today I installed the mbam and ran it.....I did all the things you suggested before running. It turned up two exeutable files....I wrote them down and then went off and left them on the desk DUH but mbam got rid of them...now all scans are coming up clean and the computer seems to be running as it should. AVG evidently did lock up the antivirus file....I can see it in the "vault" and it is now gone from the startup list in msconfig.

there is another problem that was pre-existing prior to this virus business. (and perhaps I should put this in another forum?) The dvd drive won't work. You could see it in My Computer but when you tried to use it, nothing happened. I went to device manager and there it was with a question mark on it. said there was no device driver installed. I have the information that came with this drive (added about a year ago they tell me) there is no "installation" disc, only a software disc. I can't direct the driver search to this disc, it only gives drive A as an option? I looked this drive up on the internet and it is my understanding that windows should already have drivers that would run it. I finally uninstalled the drive and then went to add hardware and let windows look for the driver. I get this report in a window
windows cannot load the device driver for this hardware. May be corrupted or missing (code 39)
Now the drive is no longer showing up in My Computer window.
any help with this annoyance would be appreciated.

thanks for everything you all do
katy

I found this information about 'deleting the upper and lower filters' on your site...http://www.bleepingcomputer.com/forums/index.php?showtopic=189444&hl=windows+cannot+load+the+device+driver+for+this+hardware.+May+be+corrupted+missing+(code+39)..I will try this tomorrow if I have the time....should have searched first LOL

Edited by katy24, 01 June 2009 - 09:17 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 PM

Posted 02 June 2009 - 06:55 AM

This forum is for assistance with malware removal so lets finish with that first.

Please post the results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs


Also let me know how your computer is running and if there are any more reports/signs of infection. Other pre-existing issues before infection such as your DVD drive can be addressed in a new topic in a more appropriate forum afterwards.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 katy24

katy24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 02 June 2009 - 08:34 PM

I promise I will get back with the log files....there has been a turn of unfortunate events here. I will find my thread in a few days and report. my friend said over coffee this morning that the computer is blazing right along.
thanks so much for all the help.
kate

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 PM

Posted 03 June 2009 - 09:04 AM

Ok. We will be here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 katy24

katy24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 04 June 2009 - 11:21 PM

Here is the log that was for the scan I ran and then deleted
I thought the computer was a little slo on the start up....but the owner thought is was running fine..... didn't ahve time time to run current scans on the machine....I am going to try to fix the cd rom drive at a later date
thanks for all the help
Kate



Malwarebytes' Anti-Malware 1.37
Database version: 2209
Windows 5.1.2600 Service Pack 3

6/1/2009 4:16:09 PM
mbam-log-2009-06-01 (16-16-09).txt

Scan type: Quick Scan
Objects scanned: 86880
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OneMoreKey (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\phil\Start Menu\Programs\Repair Registry Pro (RepairRegistryPro) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\phil\start menu\Programs\repair registry pro\Repair Registry Pro.lnk (RepairRegistryPro) -> Quarantined and deleted successfully.
c:\documents and settings\phil\start menu\Programs\repair registry pro\Uninstall.lnk (RepairRegistryPro) -> Quarantined and deleted successfully.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 PM

Posted 05 June 2009 - 07:55 AM

Now rescan again with Malwarebytes Anti-Malware but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Your database shows 2209. Last I checked it was 2232.

If you cannot update through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, be aware that mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 katy24

katy24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 05 June 2009 - 06:12 PM

will do as you advise at next opportunity.....the business is closed for a week due to the owner being out of town.
I really do appreciate your helpfulness
Kate

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:46 PM

Posted 05 June 2009 - 09:59 PM

Not a problem. We will be here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users