XP Internet Security - Rogue Program 2

[Ktwhite]

I have this program on one of my computers called "XP Internet Security". It is definitely not part of "Microsoft Security Essentials". I did a search on this program, and I saw a posting that indicated it is a virus. The posting stated exactly what this program is doing to my computer. When I try to download a legitimate program, it warns me that the program is a serious security threat, and will not allow the action. Because this program is so insidious, I was directed to download some tools to a flash drive on a different PC, then follow some instructions to use this downloaded fix. Has anyone ever heard of this issue, and if so, any idea where I can find a valid solution? The infected computer OS is XP.

Thanks

Ken

 

[edfair]

Common issue. There are multiple fix sites that have downloadable stuff to help remove this series of malware.

Good luck with it. this can be a real pain to eliminate.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

 

[Noway2]

I believe it is commonly called antivir, often with a date like antivir2010. This forum has several threads dedicated to its removal.

 

[kjv1611]

I was directed to download some tools to a flash drive on a different PC, then follow some instructions to use this downloaded fix.

Did you follow these instructions so far? It sounds like you already found a solution.

Anyway, if you can boot your computer to safe mode with networking, then you may can get what you need that way. With some of these, it's more difficult than with others.

Easiest way to get to safe mode with networking would be to straight reboot the machine (button, not Windows Restart) or kill the power without shutting down... then upon startup, it should ask you if you want to go into safe mode.... safe mode with networking.... last known good config... normal. If not, then press <F8> repeatedly just before Windows should start up, and it'll give you the same options.

Whether you download the apps on a separate machine or not, then a combination/variation of these should do the trick:

1. Malwarebytes Antimalware
2. SuperAntiSPYWARE
3. CCleaner
4. RegScrubXP (if this is Windows XP
5. Advanced System Care Free
6. Glary Utilities

I've listed the above in order of relevance and likelihood of removing the threat.

Also, what AV program are you using? the 2 best, my opinion, detection and protection-wise, currently, are Microsoft Security Essentials and Avira Antivir. You can use them together as well, though one will probably suffice.

And a good 3rd party firewall may also assist in not getting infected again: Try Online Armor or Comodo Firewall / Internet Security. If you go with the Internet Security suite, I'd suggest disabling the antivirus as it gives WAY too many false positives, and isn't very strong besides the false positives.

You can get all the above at

http://www.download.com,

except for RegScrubXP (hasn't been supported for quite some time), which you can get at

http://www.majorgeeks.com

- still seems to work very well on Windows XP based machines (32 and 64 bit).

Also, in all this process, make sure you turn off System Restore to flush any traces there, and then turn back on after you've removed the threat.

And before you do any of the above, be sure to consider - what will be the most beneficial method: Seeking and Eliminating; or just a flat reformat and reinstall of Windows, and necessary apps.

Also, if this is a personal machine, you can use the installer at

http://ninite.com

to install many of your favorite apps after a reinstall, or if you want to use it to install the mentioned security programs (some of them, anyway).

If it's a store-bought PC (OEM such as Dell, HP, Acer, etc), then you can also get

http://www.pcdecrapifier.com

after a restore from restore image to clean off anything you don't want... it basically makes that task much easier than finding everything manually. You may still have to do a little manual clean-up afterwards, but it works better than searching out every uninstall file, b/c they aren't all as obvious as you'd think.

 

[Noway2]

On a radio program last night they mentioned to download MB from CNET's site (download.com) as that parent site for MB had been targeted and compromised because the product works too well.

 

[kjv1611]

Wow!

Then again, I suppose that Malwarebytes' pockets may not be deep enough to put up enough protection like others such as Microsoft. I suppose it was only a matter of time, really.

 

[Ktwhite]

Thanks everyone for the great solutions. I did manage to download the following programs which seemed to help quite a bit:

1. Malwarebytes Antimalware
2. SuperAntiSPYWARE

Before that however, I downloaded this program called Rkill which shuts the spyware down, but does not remove any of the rogue program. This allowed me to install the programs you guys suggested, and so far so good. So thank you very much.

Ken

 

[kjv1611]

Yeah, I've seen that Rkill mentioned a few times here, but haven't tried it myself. I need to make a note to get a copy of it to have handy, and try it some time. Glad you got your system fixed.

 

[goombawaho]

Rkill is good, but not for all malware. TDSSKiller is good for that little nasty.

 

[kjv1611]

I'll have to look at that one as well, goomb, thanks for the post.

Here's a mention of it as well, with various links:

http://blogs.computerworld.com/16691/kasperkys_tdss_killer_lives_on