Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Internet Security 2010, Malbytes Still Running - Shows 0 Infections After 5 hours


  • Please log in to reply
4 replies to this topic

#1 SkyH

SkyH

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 06 March 2010 - 11:27 PM

Hi

I have been infected with what I believe to be XP Internet Security 2010. I say believe, because it calls itself Antivirus XP 2010, but has the files for XP Internet Security (av.exe), not Antivirus XP (AV2010.exe, etc). I have followed the removal process listed on this site (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010), and after 5.5 hours, Malbyte Antimalware is still running, but shows 0 Infected Objects. I notice the pitcure in the removal artcile also shows 0 infections, so I'm hoping this is somehow an artefact of the particular rogue, and it is actually going to end with a detection and removal.

What worries me, is that I have 3 partitions (C, E, and F), with all my OS stuff (including IE) on the boot partition, C. Malbytes has long since finished C, and has been om F for the last 3-plus hours. Should I let it finish - is the 0 detections no cause for concern - or has it failed to find the infection, and I'd be better off trying a different tool rather than wasting however many more hours it will need to run to finish?

Thanks,
Chris

BC AdBot (Login to Remove)

 


#2 AtrocityExhibition

AtrocityExhibition

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 07 March 2010 - 01:35 AM

I'm having the same problem right now... I can't find any of bleepingcomputer.com's "associated files" for the program when I look in the appropriate C: drive folders nor the regedit.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:21 PM

Posted 07 March 2010 - 02:23 PM

Hello SkyH,

Since you are still experiencing issues after following the removal guide, please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 SkyH

SkyH
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 07 March 2010 - 06:20 PM

Hello SkyH,

Since you are still experiencing issues after following the removal guide, please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:


Hi

I may not have explained myself well - I wasn't saying removal failed, just that after 5.5 hours Malbytes was still showing 0 infected objects found, and I wondered if that was normal for this rogue. Basically, I was trying to decide whether to let it continue to run (possibly for many more hours) or abort and try a different program. I eventually decide to go ahead and let Malbytes finish, and it did in fact find and remove the infection, despite reporting 0 infections found throughout its run - though it took ~8 hours!

It might be worth adding that information to the instructions, to reassure other users who are worried about the 0 infections indicator, and might abort the process thinking AntiMalware has failed.

Also, you might want to note that the this rogue is now operating under the name Antivirus XP 2010, presumably to fool victims into employing the wrong removal method.

AM found one file:
C:\Documents and Settings\chris\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010)
and 2 registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
Presumably FixExe.reg had previously removed other registry infections.

Thanks,
Chris

Edited by SkyH, 07 March 2010 - 06:27 PM.


#5 SkyH

SkyH
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 07 March 2010 - 06:44 PM

I didn't properly report the virus name - it was calling itself XP Antivirus 2010, not Antivirus XP 2010. Hence searching for its name pointed me here (did not have the reg fix, and hence would not allow most executables to start):
http://www.bleepingcomputer.com/virus-remo...-antivirus-2010

instead of here (which was the correct method):
http://www.bleepingcomputer.com/virus-remo...irus-vista-2010

FYI, before figuring out which rogue it really was, I was able to get Malbyte's AM to run without the reg fix by selecting Run as .. from the right-click menu, then choosing Administrator.

Edited by SkyH, 07 March 2010 - 06:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users