"Total XP Security" Spyware/Virus
Discussion
Somehow my wife's laptop has picked this up, any hints on getting rid? It's a fake security program that claims you have loads of viruses and will clean them off if you buy the full version of the program, 
Googling it comes up with loads of results, all of which say they'll get rid of it if you buy *their* program! Unsurprisingly I remain to be convinced...
Just ran Spybot which claims to have found some problems and fixed them but it still seems to be running and complaining about problems.
Help!
Googling it comes up with loads of results, all of which say they'll get rid of it if you buy *their* program! Unsurprisingly I remain to be convinced...
Just ran Spybot which claims to have found some problems and fixed them but it still seems to be running and complaining about problems.
Help!
Try installing http://www.microsoft.com/security_essentials/ and see if it picks up anything? Do you have any other antivirus software installed?
If this is the one I'm thinking of it puts some bits under the all users profile, application data folder which you can get rid of in safe mode.
Easiest way might be to do a system restore back to a few days ago and then scan with everything you can find, malwarebytes, spybot, maybe a NOD free trial.
Easiest way might be to do a system restore back to a few days ago and then scan with everything you can find, malwarebytes, spybot, maybe a NOD free trial.
NiceCupOfTea said:
AVG free - not picked anything up though.
Trying Malwarebytes Anti-Malware...
malwarebytes will clear it, i have done it on several machines with this.Trying Malwarebytes Anti-Malware...
try avast as well for the av software, i have not had an machine with it on get infected, it intercepts it as they open the website or email.
Generally Superantispyware, Malwarebytes and Combofix can get rid of these "hoaxware" programs. You need the latest one though as they keep changing. You may also find you need to download onto another PC or rename them as the damn things "recognise" the AV software and try to prevent it running.
If you have malwarebytes the virus may prevent it from running. This is easy to fix, open 'my computer' and browse your way to the malwarebytes folder - usually C:\program files\malwarebytes antimalware.
Rename mbam.exe to mbam.com. Double click on mbam.com and it will now run. Do a full scan, job done.
Dont forget to rename it back to .exe afterwards.
I had the XP antivirus virus last week and the above sorted it for me.
or try safe mode.
Rename mbam.exe to mbam.com. Double click on mbam.com and it will now run. Do a full scan, job done.
Dont forget to rename it back to .exe afterwards.
I had the XP antivirus virus last week and the above sorted it for me.
or try safe mode.
There are a lot of these "rogue" antivirus' around at the moment, I followed the link below and it managed to clean my PC.
HTH
http://www.bleepingcomputer.com/virus-removal/remo...
HTH
http://www.bleepingcomputer.com/virus-removal/remo...
Thanks guys - my wife is very good at telling Spybot not to allow registry changes.
Unfortunately I did start using one website "cure" that had me editing the registry with the following:
Malwarebytes Anti-Malware seemed to do alright and I am cautiously optimistic. Did it in normal mode (in an account with admin privileges), now running in safe mode on the administrator account, so we'll see if it comes up with anything...
Thanks for all the help guys.
No idea where it came from, no dodgy downloads/sites...
Unfortunately I did start using one website "cure" that had me editing the registry with the following:
cure said:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USERSoftwareClasses.exe]
[-HKEY_CURRENT_USERSoftwareClassessecfile]
[-HKEY_CLASSES_ROOTsecfile]
[-HKEY_CLASSES_ROOT.exeshellopencommand]
[HKEY_CLASSES_ROOTexefileshellopencommand]
@=""%1" %*"
[HKEY_CLASSES_ROOT.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Then it had me install "Spyware Doctor" which found problems but wanted me to pay to fix it so I abandoned that![-HKEY_CURRENT_USERSoftwareClasses.exe]
[-HKEY_CURRENT_USERSoftwareClassessecfile]
[-HKEY_CLASSES_ROOTsecfile]
[-HKEY_CLASSES_ROOT.exeshellopencommand]
[HKEY_CLASSES_ROOTexefileshellopencommand]
@=""%1" %*"
[HKEY_CLASSES_ROOT.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Malwarebytes Anti-Malware seemed to do alright and I am cautiously optimistic. Did it in normal mode (in an account with admin privileges), now running in safe mode on the administrator account, so we'll see if it comes up with anything...
Thanks for all the help guys.
No idea where it came from, no dodgy downloads/sites...
Edited by NiceCupOfTea on Thursday 18th March 16:57
Not sure where they come from... some of my more trusted users have managed to pick it or similar up despite what I thought is pretty good firewall and AV. It seems to come from a variety of outwardly 'genuine' sites.
I just wipe them and ghost a new image so no idea how to get rid. Sorry.
I just wipe them and ghost a new image so no idea how to get rid. Sorry.
LordGrover said:
Not sure where they come from... some of my more trusted users have managed to pick it or similar up despite what I thought is pretty good firewall and AV. It seems to come from a variety of outwardly 'genuine' sites.
I just wipe them and ghost a new image so no idea how to get rid. Sorry.
The common one at the moment is an email supposedly from a courier. Zip file attached. Tells you there's a parcel to collect and you need to use the zip to get the required code. Bang, you're infected. Luckily it's very easy to remove.I just wipe them and ghost a new image so no idea how to get rid. Sorry.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff