XP Antispyware 2012 (Malware Problem)

[KevFalcön07]

What's the best course of action to remove the malware in the title? Anyone's computer ever been infected with this one? I already had malwarebytes installed, but ever since this stupid thing got on my computer, it won't even let me open it or my other antivirus! Can't be gone for a couple of hours without someone messing your computer up...

Thanks in advance.

[Deleted]

MalwareBytes Anti-Malware.

Worked for me every time.

[KevFalcön07]

Like I said...I already have that program. Ever since this malware affected my computer, it won't even let me open up MalwareBytes, or Microsoft Security Essentials.

[KevFalcön07]

Tried re-installing MalwareBytes as well. No use in that, either. Still won't open.

[Jedi-El of Tomorrow]

Have you tried System Restore?

[KevFalcön07]

Dec 15, 2011 3:52:50 GMT -5 Jedi-El of Tomorrow said:

Have you tried System Restore?

I'm honestly not very computer savvy, but I think I know what you're talking about, just have never done it before. I'm told you can do a system restore to put your computer in the same condition it was in, say...a week ago? Am I on the right page?

[El Cokehead del Knife Fight]

Can it run in safe mode?

[KevFalcön07]

Dec 15, 2011 4:12:23 GMT -5 El Cokehead del Knife Fight said:

Can it run in safe mode?

As embarrassing as it is for me to admit, I'm not even sure what safe mode is =/ I know, it's a pain dealing with people like me. Like I said...anything but computer wise =( Sorry.

[Welfare Willis]

Dec 15, 2011 4:12:23 GMT -5 El Cokehead del Knife Fight said:

Can it run in safe mode?

Yes, my brothers get malware all the time (stupid facebook). Here's what you do. Look for a program can rkill. Here's a link from cnet: download.cnet.com/RKill/3000-8022_4-75221743.html

This is what it does:

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy.

After that boot your computer into safe mode. Once loaded, use rkill. It will break the malware processes allowing you to use malware bytes. Then use malware bytes to scan for the malware and get rid of it.

Then reboot. You shouldn't have any problems after that. If it's still occuring make sure your malware bytes is up to date.

Good luck!

[Brandon Walsh is Insane.]

You need to run malware bytes while in safe mode.

Restart your computer, and press F8 while the boot up screen comes up.

It should take you to a screen that asks you which mode to boot up in... check Safe Mode.

It'll load with SAFE MODE at the top of the screen in white... now run malware bytes, and let it do it's thing. The malware process won't be running, so you'll be fine.

Don't do system restore with a virus, a lot of time they infect the restore point, so it'll show up after you restore.

Good luck.

[KevFalcön07]

Thanks a lot, everyone.

[Burst]

There's also a program, I want to say from the same people that made rKill, that undoes the registry changes that XP Antivirus 2012 does.

Believe me, I know, I've somehow got it twice this week, yesterday and last Sunday. It's been going around like crazy lately.

[Deleted]

Dec 15, 2011 14:22:25 GMT -5 Burst said:

There's also a program, I want to say from the same people that made rKill, that undoes the registry changes that XP Antivirus 2012 does.

Believe me, I know, I've somehow got it twice this week, yesterday and last Sunday. It's been going around like crazy lately.

just like the herp

[KevFalcön07]

Ok, so...I've been running MalwareBytes on safe mode, as suggested...while it did find and remove three malware files...XP Antispyware 2012 is still present on my computer. Here's another thing...

It would only let me run or open MalwareBytes on the administrator's account. Not on my personal account, which was the one that was logged on when infected.

[Threadkiller [Classic]]

It's alarming how often I get this virus. It somehow keeps finding its way around the million spyware/malware programs I have.

Here are three different things I tried that worked three different times, with the first two never working again after that (so if these work, take advantage of the opportunity and shore up your virus defenses):

1) Winsock reset: Run command prompt (cmd), type in "netsh winsock reset" (without the quotes), and reboot.
2) Change your date and time settings: I find that if you move the date exactly one week forward on your system, and then reboot, the virus disappears. Then you can just set the date back how it was. Worked for me exactly one time.
3) Reboot in safe mode (with networking). Once you're on your desktop, right-click your antivirus client and choose "run as administrator." This tends to bypass the lock the virus has on your antivirus software. Run a full scan. In fact, run every antivirus program you've got, since some programs tend to catch elements of the virus that others may miss. My hardcore quartet, all of which are free to download: Spybot Search & Destroy, Malware Bytes, Windows Security Essentials, and SuperAnti-Spyware (Free Edition).

Once these programs run and detect all the threats, have the threats quarantined and/or removed, reboot, and you should be good to go. It sometimes comes back, so make sure your virus definitions on the software are always up to date, and that you have regular scans scheduled with the programs.

[DSR]

Okay, my computer just got hit by this (or something similar). When I reboot my computer, I can't get my mouse or keyboard to do anything, so I can't even click on Malwarebytes or anything.

So, uh, just how screwed am I?

[bitteroldman]

Dec 15, 2011 16:08:23 GMT -5 KevFalcön07 said:

Ok, so...I've been running MalwareBytes on safe mode, as suggested...while it did find and remove three malware files...XP Antispyware 2012 is still present on my computer. Here's another thing...

It would only let me run or open MalwareBytes on the administrator's account. Not on my personal account, which was the one that was logged on when infected.

This is useful information. If the malware is active only when you log in as a particular user then the command or commands to launch it are found somewhere in the registry key hkey_current_user as opposed to hkey_local_machine (which woulld laucnh the malware anytime the pc is booted).

As mentioned in an earlier post power on the pc, hit F8 and when prompted select "Safe Mode With Networking". This should allow you to connect to the Internet but not allow the malware to launch.Login with the user that has the spyware associated with it (not as admin). Open a browser and go to housecall.trendmicro.com/

Trend Microsystems has a free online virus scan, and its a very good product. Download the 32 bit version of the program (I'm assuming your pc has a 32 bit processor, most do) and run it. It may take a while for the software to complete its scan so you may want to kick this off at bedtime or shortly before you leave for work.

Also before you start the scan, click settings and make sure you select "Full Scan"; the default is "Quick Scan" and this might miss something.