Posted 01 May 2011 - 07:32 PM
Running a HP Pavilion 7955 computer with Intel inside, Pentium 4 CPU 1.49GHz; Windows XP, Home edition, Version 2002, Service Pack 3. I seem to have acquired a fellow traveler going by the name “XP Security 2011" and it is more or less continually popping up with dire messages about the 31 or so items of malware lurking in my computer. One of my kids has some experience with this, and says it is particularly hard to get rid of - Norton will kill it if we catch it early, but I don’t have Norton. Presently its popup is saying “Current PC State: Infected!” and the list includes (file names are partial, as they are not entirely visible) :442U.dl, an Exploit.CodeBaseExec, and W50q4NfCUw.cab, an Email-Worm.VBS.Peach.
Then a much smaller popup popped up and said “Virus infection”
and another one says “XP Security 2011 ALERT
System integrity threat! Warning! Sensitive data may be sent over your internet connection right now!
Attack from: 184.108.40.206 port 40371
Attacked port 37182
Do you want to block this attack?” I have been answering no to that, hoping not to encourage it to more enthusiasm.
And another : “Stealth intrusion!”
And: “Critical system alert! Unknown software is trying to take control over your system!
Attack from: 220.127.116.11 port: 42636
Attacked port: 27965
Do you want block this attack?” That’s right, they left out the “to” - not what we would generally expect if it were really from Mickeysoft:-) I think another of their popups left the “r” off “your".
XP Security 2011 seems to have fooled the real Microsoft Security software so that it shows up in that list as an anti-virus program that is not turned on.
I thought that a while back I had either AVG or Avast installed, but yesterday I couldn’t find them. I seem to have succeeded in downloading AVG today (avg_isct_stb_all_2011_1325.exe) but it won’t run. I guess the bad stuff is too tough for it (something like those UN peacekeepers we hear about in the news, who won’t shoot:-). I have some McAfee that I have previously not used, but it seems to run, and it found “HDN.EXE”. I looked in the directory where it said that was, and about 2 steps before the file I could not see the folders; then I told Windows Explorer to search for them, and it found them, one right after the other, and now they show up in the list; but, I can’t see the HDN file, and Explorer searches but also does not see it. It would of course be tempting to delete the whole directory, but there is a lot of other stuff in it. Maybe I will copy all the files I can see into a dummy directory, then delete the old one, and rename the new one. At first I did not assume that the “HDN” was the right file, but when I let a few of the popups stay open, eventually Windows ran out of room in the trailer across the bottom of the screen and just said there were 3 of those open, and it called them “HDN”. So, I guess McAfee has run the fox to ground - maybe it would be worth the $49.95 they are demanding, for the full featured version that supposedly will kill it.