Help removing Fake XP Security Tool Virus?
Discussion
Chaps,
Somehow my home PC has got infected with a fake XP Security Tool virus. I spent a couple of hours last night trying to remove this but no luck. Via Google I've tried to download 'Malwarebytes' but once I've clicked on Download absolutly nothing happens - tried several times. I also downloaded a Microsoft tool for removing viruses called windows-kb890830-v3.5.exe, I left that doing a full scan overnight but it didn't find any viruses! doh
So my question is; should I do this manually by deleting files from the registry or... is there a piece of s/w that will remove this and what can I trust? My fear is , knowingt how these people work, that once you start Googling around anti-spyware stuff and downloading I am just as likely to download yet more viruses.
So I need your help please. Rich...
Somehow my home PC has got infected with a fake XP Security Tool virus. I spent a couple of hours last night trying to remove this but no luck. Via Google I've tried to download 'Malwarebytes' but once I've clicked on Download absolutly nothing happens - tried several times. I also downloaded a Microsoft tool for removing viruses called windows-kb890830-v3.5.exe, I left that doing a full scan overnight but it didn't find any viruses! doh
So my question is; should I do this manually by deleting files from the registry or... is there a piece of s/w that will remove this and what can I trust? My fear is , knowingt how these people work, that once you start Googling around anti-spyware stuff and downloading I am just as likely to download yet more viruses.
So I need your help please. Rich...
Rich,
You need to boot up in Safe Mode and remove the spyware from there. When your PC boots, hit F8 and select 'Safe Mode with Networking'. When you get to the XP login screen, you'll be given an 'Administrator' option as well - use this (although if your user profile is set up as an Admin account, this will work too). Once you're at the main desktop, you should be able to get online, download Malwarebytes and run a scan. Microsoft help on booting in Safe Mode here: http://support.microsoft.com/kb/315222 Clear out whatever Malwarebytes finds and reboot as normal. Don't forget to update Malwarebytes before running as well, it's a manual process on the free version.
I'd also suggest getting the following and doing several sweeps:
Spybot Search & Destroy: http://www.safer-networking.org/en/download/index....
Spyware Terminator: http://www.spywareterminator.com/
Use Winpatrol to control what's allowed to run when the machine boots - it also tells you when something has been added which wants to run at startup, allowing you to deny it to do so if you didn't install it.
Winpatrol: http://www.winpatrol.com/download.html
Try getting Malwarebytes from CNet directly as the spyware you have may be blocking certain sites: http://download.cnet.com/Malwarebytes-Anti-Malware...
I don't know what firewall/anti-virus you're running, but I have been very impressed with Comodo's firewall ( http://www.comodo.com/home/internet-security/firew... ) they also have a full 'internet security' package free for home use although I've not used this personally so can't comment one way or the other. Have a look around the site.
For anti-virus I use Avast! which is also free for home users: http://www.avast.com/free-antivirus-download
What I like about Avast is its ability to run a boot-scan before Windows has loaded (and therefore before any spyware or viruses have had a chance to load).
Microsoft's Security Essentials software is also very good: http://www.microsoft.com/security_essentials/
Touch wood, the above suites have kept me virus- and malware-free for years.
You need to boot up in Safe Mode and remove the spyware from there. When your PC boots, hit F8 and select 'Safe Mode with Networking'. When you get to the XP login screen, you'll be given an 'Administrator' option as well - use this (although if your user profile is set up as an Admin account, this will work too). Once you're at the main desktop, you should be able to get online, download Malwarebytes and run a scan. Microsoft help on booting in Safe Mode here: http://support.microsoft.com/kb/315222 Clear out whatever Malwarebytes finds and reboot as normal. Don't forget to update Malwarebytes before running as well, it's a manual process on the free version.
I'd also suggest getting the following and doing several sweeps:
Spybot Search & Destroy: http://www.safer-networking.org/en/download/index....
Spyware Terminator: http://www.spywareterminator.com/
Use Winpatrol to control what's allowed to run when the machine boots - it also tells you when something has been added which wants to run at startup, allowing you to deny it to do so if you didn't install it.
Winpatrol: http://www.winpatrol.com/download.html
Try getting Malwarebytes from CNet directly as the spyware you have may be blocking certain sites: http://download.cnet.com/Malwarebytes-Anti-Malware...
I don't know what firewall/anti-virus you're running, but I have been very impressed with Comodo's firewall ( http://www.comodo.com/home/internet-security/firew... ) they also have a full 'internet security' package free for home use although I've not used this personally so can't comment one way or the other. Have a look around the site.
For anti-virus I use Avast! which is also free for home users: http://www.avast.com/free-antivirus-download
What I like about Avast is its ability to run a boot-scan before Windows has loaded (and therefore before any spyware or viruses have had a chance to load).
Microsoft's Security Essentials software is also very good: http://www.microsoft.com/security_essentials/
Touch wood, the above suites have kept me virus- and malware-free for years.
Edited by Funk on Thursday 18th March 09:35
Thanks, Malwarebytes has done it's scan and removed 6 files which seems to have done the trick. Now to ensure I don't get it again...!
It does seem amazing that Microsoft have not produced some Wizard that does all of this for you. Looking on the internet this seems to be a prevalent virus which causes a load of problems for people and it pretends to be a Windows product. Not that I clicked on it becuase I was vaguely aware of it when I saw it I thought it was odd but it's still got into my system.
It does seem amazing that Microsoft have not produced some Wizard that does all of this for you. Looking on the internet this seems to be a prevalent virus which causes a load of problems for people and it pretends to be a Windows product. Not that I clicked on it becuase I was vaguely aware of it when I saw it I thought it was odd but it's still got into my system.
Edited by RichB on Thursday 18th March 12:58
I think i had the same virus a few weeks back on my Netbook. On startup it would pop up some Antivirus garbage, take over your browsers and kill the CPU making the system run like a dog. It was a right pain in the arse to get rid of.
As above, boot into safemode and fire up msconfig.
After a lot of trial and error trying to find what startup file was causing it i found the culprit, it was an .exe file with a random name in my case 'nhbgsftav.exe'
Found in c:\Documents and settings\"your username"\local settings\application data\aqqvlx\nhbgsftav.exe (Need to turn on 'show all files' to be visible)
I the deleted the 'aqqvlx' dir and file, rebooted and managed to get AVG installed to give the system a scan, it's been fine since.
You may not have the same Virus but the steps above are usually a good way to figure out whats starting up. Then use trial and error to disable the startup of exe's with suspect origin.
As above, boot into safemode and fire up msconfig.
After a lot of trial and error trying to find what startup file was causing it i found the culprit, it was an .exe file with a random name in my case 'nhbgsftav.exe'
Found in c:\Documents and settings\"your username"\local settings\application data\aqqvlx\nhbgsftav.exe (Need to turn on 'show all files' to be visible)
I the deleted the 'aqqvlx' dir and file, rebooted and managed to get AVG installed to give the system a scan, it's been fine since.
You may not have the same Virus but the steps above are usually a good way to figure out whats starting up. Then use trial and error to disable the startup of exe's with suspect origin.
Edited by paul99 on Thursday 18th March 12:33
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff