Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Google Is Testing a New Chrome UI

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Infected with XP Anti-Spyware 2011

Started by debshemphill , Apr 01 2011 09:06 PM

Please log in to reply

2 replies to this topic

#1 debshemphill

Members
18 posts
OFFLINE

Gender:Male
Local time:10:02 AM

Posted 01 April 2011 - 09:06 PM

Hi, somehow my PC has been infected with XP Anti-Spyware 2011. It appears to be a Windows program, but I know it is not. I cannot run TDSSKiller, Mbam, TFC or anything else. Every time I do, the pop ups start or the process I want doesn't run. Can you help me?

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 aquavirus

Members
1 posts
OFFLINE

Local time:09:02 AM

Posted 03 April 2011 - 12:50 AM

Hi, I am not an expert by any means, but I had the same exact problem on my sister's computer. After trying everything, the spyware (Windows XP Anti-Spyware 2011 (ya right)) kept on popping up no matter how much I killed it on task manager. My program was called "bda.exe", but Google sites stated that it can be any three random letters. After googling for hours, and going back and forth from rebooting in safe mode with no success, I think I found a solution. I downloaded a "file association fix for exe" for my windows. It is not an "exe", and this virus rewrites your exe files so that only it will pop up. You install that fix and it fixes your registry. Then you can run MBAM and any other virus or rootkill exe applications to get rid of the virus.

By the way, if your browser is also hijacked, you will have to download the "file association fix for exe" on another computer and then import it with a usb drive or on a home network shared folder.

I don't know if this is a new or improved virus, but it is incredibly annoying that it rewrites your browser and exe file association. I was about to send it off to a technician, but this helped me.

Back to top

#3 debshemphill

Topic Starter

Members
18 posts
OFFLINE

Gender:Male
Local time:10:02 AM

Posted 07 April 2011 - 10:05 PM

Thank you aquavirus for your suggestions. I did a little research on the file association fix for .exe as you suggested. I read some information at PCPowerGuide.com about the file fix. I did not edited the registry by myself, but performed the very basic step of creating a new file extension for the .exe. The information reported back that "ryg" (the malware) was the program that opened the .exe extension. I also enabled dumping the page file before shut down. It has been a couple of days since then and I am happily reporting that my system is back to normal. I was able to complete a virus scan which found 2 other problems. Thank you so much for your help!!!