Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with XP Defender and other bundled viruses


  • Please log in to reply
2 replies to this topic

#1 jonnydigitol

jonnydigitol

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 29 April 2010 - 07:24 PM

Recently, I downloaded an .avi file unaware that it was bundled not only with XP Defender, but other viruses as well.
My symptoms are like many who've been infected with this as of late:

siezed access of computer
fake virus caution pop-ups
fake BSoD
Registry modification
Antivirus override
FirewallOverride
security software - MonitoringDisabled
DisableNotifications

I've used Malwarebytes, Combofix, SUPERAntiSpyware and have followed some of the current tutorials to no avail.
The virus returns, stronger and accompanied by friends. I'm tempted to manually repair my registry as I know this
may very well be it's "backdoor" into my computer. However, fear of damaging my computer further overwhelms me.

Some of the fake antivirus software:
AKM Antivirus 2010 Pro
Control Center
Windows Anti Virus Control Center
XP Defender Pro
others previously deleted. Can't remember names.

I've figured out how to bypass the desktop override

The virus was attached to an episode 9 of "V". Go figure huh? It came from RLSLOG.NET. My spider senses warned
me but I thought Mbam or SUPERAntiSpyware would catch it. I'm no computer expert, but I'm no novice, nor am I
technology-impaired. I will follow any advice/instructions by STAFF to the letter.

SIDENOTE: Rlslog was temporary down for a few days last week due to copyright issues. However flawed, it served
A purpose. Now, its outlived it. WARNING: STAY AWAY FROM RLSLOG.NET!!!


---------------------------------------------------------------------------------------------------------------------------
SYS NFO:

OS: Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 3 Build 2600
System Name: EMACHINE-7AF6B9
System Model: EL1200-06w
System Type: X86-based PC
Processor: x86 Family 15 Model 127 Stepping 2 AuthenticAMD ~1607 Mhz
BIOS Version/Date: Phoenix Technologies, LTD R01-A2, 10/23/2008
SMBIOS: Version 2.5
RAM: 2.75GB

I hope the info presented is sufficient.

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:50 PM

Posted 13 May 2010 - 11:41 PM

Hello,

Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ concerning the use of ComboFix.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 jonnydigitol

jonnydigitol
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 21 May 2010 - 05:14 PM

Thanks for your reply. I will proceed with your instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users