Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Fake anti-virus on my XP desktop

  • Please log in to reply
No replies to this topic

#1 prj m

prj m

  • Members
  • 1 posts
  • Local time:05:24 PM

Posted 27 January 2010 - 10:56 PM

I have an XP desktop that's infected with the sort of nastyware that says, "You're infected! Click here and send us money!" (OK, I'm paraphrasing.) I run AVG 8.5 Free on that system. It also popped up Internet Explorer, and pointed to porn.com (My normal browser is Firefox.) It seemed to sit on top of AVG, would not let me run AVG, kept popping up some "anti-virus program."

I'm pretty careful, but over the past couple of days I downloaded updates to TurboTax and a Canon BJC-250 driver. I'm going to guess that the driver is the culprit.

I went into Safe Mode and did a Restore from a checkpoint that is a few days old. The system is back up, and seems to be just fine. But I assume that whatever nastiness got into my system must still be there, and that it's only a matter of time before it somehow gets reactivated. For the time being, I've removed its cable to my router.

I have not yet deleted the downloaded new driver -- I thought I'd ask for advice here before I start ripping things out. The driver may or may not be the culprit, but I do want to remove AND delete the downloaded files (nominally, a floppy disk image).

This morning I ran an AVG scan from Safe Mode and it made mention of cardspacesp2.db. I see that in the CardSpace directory (C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\CardSpace ) there is a CardSpaceSP2.db and CardSpaceSP2.db.shadow . These are the only files in the directory. The directory is 'hidden.' Are these my culprits? A nasty and a backup copy of the nasty?

Right now I'm running an AVG scan. I'm not optimistic that it will find anything beyond a lot of tracking cookies. It will take hours to complete.

OOPS: AVG just finished, after 3-1/4 hours. "No infection was found during the scan." Lots of tracking cookies.

Where do I go from here? How do I disinfect my system? Is there a great, generic step-by-step tutorial somewhere, or must I do a custom search-and-destroy mission?

Here are some details, in case some of it might be useful:

It's a homegrown PC, I forget what mobo, prob'ly doesn't matter-- some socket 775 MicroAT...
2.66 GHz P5
1 GB Ram
C: drive is a 250 GB SATA
also has an old 14GB IDE drive, a floppy (!), a CD writer, and a DVD writer.

OS is XP Home SP3

I'll be grateful for guideance -- I need my beloved PC back!

Paul in East Troy WI

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users