Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows XP Recovery Virus after infection with XP Home Security 2011

  • Please log in to reply
No replies to this topic

#1 JAM0001


  • Members
  • 1 posts
  • Local time:01:06 PM

Posted 20 May 2011 - 03:38 PM

Last week the spouse's desktop was infected with the "XP Home Security 2011" virus. After several false starts removing it I followed the bleepingcomputers.com removal instructions (Edit registry, run RKILL, download Malware Bytes) first under an Admin ID, then under the infected user ID.

It disappeared but then started having AXWIN error on svchost.exe, svchost abends, svchost looping, and the occasional random infected webpage popping up. AVG Free would block websites being accessed by svchost process.

After websearches downloaded SUPERAntivirus Software (SAS) and it found 2 virus files that MB and AVG didn't. Trojan.Agent/GEN-IEXPLORER[fake] and Trojan.Agent/GEN-PEC. During the removal the PC halted, rebooted, and infected with "XP Recovery Virus" after logging it on.

Rebooted into safe mode, ran MB and removed the virus. Virus gone, but still have problem: booting onto user ID produces a blank desktop, access to only "Accessories" and "Startup" Folders, IE, Outlook, Remote Assistance, and Media Player from the all programs window. Even in safe mode on the Administrator these are the only items. However MB finds all the directories on the PC during the scan.

Running a full SAS scan right now. I suspect either registry problem or a directory problem.

What next to do?


Edited by hamluis, 20 May 2011 - 04:43 PM.
Moved to Am I Infected from XP.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users