XP Anitvirus Virus

[Slo'Poke]

Got a call from the wife not long after she got home from work (usually an hour before I get off work). She ran right into this virus and advised me of what was happening. The PC was on the fritz, courtesy of 'XP Antivirus'!

For those of you that aren't familiar with this malware, it is INSIDIOUS. After it gets onto the PC, it does wonderous things. Like it or not, it'll automatically start up a 'Virus Scan' - let this go on long enough and your desktop will vanish into thin air, replaced with a "A Virus Has Been Detected" warning on the screen. Leave it alone long enough, and the PC will crash, restart, and crash again, OVER AND OVER AND OVER AGAIN!!!

AND GET THIS (I really loved this part)! Try to use your infected computer's internet to look up what the heck XP Antivirus is, and the malware really works it's magic. GOOGLE ANY TERM THAT IT DETERMINES MIGHT BE AN INVESTIGATION INTO HOW TO DESTROY IT, AND IT SENDS THOSE RESULTS AWAY!!! To boot, it then shunts you to it's own 'approved' results or antivirus website (I grabbed a screenie of this and will post shortly)!

And let's face it, folks, never trust a site that tells you it's "Time To DISINFECT Your Files!" (that really made me want to break out the Pinesol, there)

Any rate, all's well with the world once again. It was a good ninety minutes of troubleshooting, locating and deleting dll's and exe's, working the registry, and so forth. PC's back up with no data loss. Yippee!!!

I think I know where this came from to. Once I review what was put on my drives (I think a friend that visited last night needs to be thanked here) and confirm, I'll post that info too!

[Ruger]

Sorry to hear about your troubles. I got one sometime back that just destroyed the boot record on my HD. Thanks for the heads up.

[hbgregg]

those free pron sites can be a biotch... trend micro is a wonderful resource and they have free tools that really work. try housecall and then try hijack this. i'm a systems engineer and have been using housecall for at least 10 years.

[SilverEagle]

Don't ya just luuuuuv friends that think he is qualified to tell you and install for you all these safety programs you have been a fool for missing from the pinky sites.........public beatings is required for the same amount of hours you spent on cleaning up that computer.........using a bamboo stick.

[Slo'Poke]

Ok. I think I found what he loaded. There was a video program called Veoh that I never installed. From what I've read, it's a glorified YouTube, but requires a specific video codec, and XP Antivirus typically accompanies some unnamed video codec.

[cmptrmn.1]

I was wondering why my sytem went crazy. Thank goodness I back everything up. I had to put it back to factory settings.

[rustygunner]

Malware sucks! I have a teenage daughter so I should know. Wife's PC at work is jacked up too. Cleaned out the PC at the local KAW dealer as well. Tired of removing spyware, just plain wears me out. Can't just go clicking on everything and act suprised when something bad happens. Fact is 40% of computers online at any given time are bots. That is frightening! 4 in 10 people have someone else operating their PC and don't even know it.

[Hilts]

I'm constantly telling my wife and kids to never ever download and install anything until I am home to check out what it is first. Last weekend I had to run a recovery on my system because it wouldn't boot up saying a file was corrupt or missing. Could have been the file, could have been the boot.ini...I'll never know. Anyway, at least I didn't lose any data, I just had to re-install a bunch of apps. Scared me enough though that I went out and bought 250GB USB drive to back up my important data once a week.

[rustygunner]

Wife and kids have never been big on security...

[Guitar7272]

FWIW - Ive had veoh on my computer for a week or so (since uninstalled) and never got any virus like that.

[Slo'Poke]

Here is that screenie of a 'reroute' that I promised.

[ZeroDown!]

'Poke -

As a tech that troubleshoots virus crap on a regular basis (and wants to shoot the a$$hats responsible for them), never assume that it's totally clear.

If you've never heard of a program called a rootkit, bone up on them. Use several rootkit detecting programs to check for processes and services that are flying under the radar (below kernel level) that searching through XP and the drive by conventional means won't detect, and most if not all anti-virus / malware software programs can't detect, either.

For those that aren't 'puter savvy, if your PC starts acting a bit flaky all of a sudden, and at next restart starts to reboot itself constantly, you're probably infected with something that is trying to call back to another server; when it can't reach that server, it throws an error code that causes the system to fail and since most XP installs remain as default for the 'automatically reboot upon system failure', it will keep rebooting until it can get through.

Windows Sysinternals: Documentation, downloads and additional resources is a good site for utilities, especially the Rootkit Revealer.

F-Secure Blacklight > Rootkit Elimination Technology is another good one - Blacklight Revealer for rootkit detection.

Personally, if my system gets infected with anything, it's an immediate dump of my working files folder and the drive gets formatted. I've seen too much of the identity theft problems (I got that call from the bank saying "did you charge airline tickets in England yesterday? - NOT!) that I take no chances. Rootkits are a royal PITA x1000 - you're never sure if you've gotten everything and it's worth an hour to wipe out and rebuild the PC.

Just my $0.02 on the subject - hope it helps.....

ZD

[The Vulcaniser]

the best anti-virus/malware program around is AVG Pro Version 8 Unlike a lot of other anti-virus programs, this one can be run in safe mode to clean computers, and it won't allow suspct programs to install on your computer in the first place. I have been using AVG for years and have never had an infection on my computer.

[Da_Honest_Truth]

Hey Slo... sorry you had to go through that. i can understand what ya mean about things just popping up on your computer.

i never let anyone on my computers. all 4 of them. even though two are not up and working at the moment. (on purpose of course -- just old computers) and the other two, no one ever gets on them. and if they do, i'm over their shoulders watching and waiting.

i had a virus attack my system once. before i knew about backups way back in the day. so needless to say i lost everything and was highly pi**ed.

[stickboy]

From what I know, XP Antivirus gets installed when you go to a malicious website (myspace, anyone???) with an ad asking if you want to run it (don't remember their exact wording, but they dupe you into thinking you have something). When you click on it, things get run and the application gets installed on your hard drive. I am a computer tech and we have been dealing with this virus almost non-stop on customer computers for about the last 3 weeks... It's a big pain because most of the AV programs, if you can get them to run at this point, don't remove it. There is a lot of manual work involved... Stopping processes, editing the registry and removing executables and .dll files. The funnest one was the customer that had us clean her PC, but forgot to tell us that she had a roaming profile on their company server. She put her computer on the network and guess what...

Rootkits are just scary. I read an article about a guy in Florida last week that got busted for planting a rootkit on some girl's PC, manipulating her built-in webcam, and posting naked pics of her up to some server in some eastern Eurpoean country. Turns out he had done this to a bunch of girls near the on a nearby college campus.

[ozyran440]

My wife and I are avid Eset customers and have been using their Smart Security program for about 6 months or so.

It's not system resource intensive - it runs on half of what Trend Micro's PcCillin required, and uses about 1/4 what Symantec's Norton Antivirus bogged us down with. There are no annoying pop ups, nothing. It just runs and keeps the system clean.

Glad to hear the "Antivirus" was successfully removed. It sounds like something that requires hours to be able to get through and clean up.

Speaking of Windows and computer viruses, I tried to delete the files for IE7.

10 seconds later, they came right back!

[sdbrit68]

just completely wiped all 4 computers with a disc scrubber, and reloaded all again because of that crap

[:::]

You just can't let anyone near you computers. I have to have a specific computer that almost nothing gets downloaded on and rarely ever go to unknown websites on it. I didnt even use it on this website for a while. I let my father get on my computer because he wanted to render some high def home movies because i have the Q6600 chip set and when he was done it wouldn't even start up, and he is a database administrator who has been doing this since the '80s and fixes computer problems for a living and he still managed to f up my comp. Its not about what to trust, the only way to protect a computer is to never use it.

And I have had a question about this stuck in my mind, wasn't the first virus a goverment project that just succeded really well?

[sdbrit68]

And I have had a question about this stuck in my mind, wasn't the first virus a goverment project that just succeded really well?

yes it was, but we called that virus congress

[ZeroDown!]

Quote:

Originally Posted by sdbrit68

And I have had a question about this stuck in my mind, wasn't the first virus a goverment project that just succeded really well?

yes it was, but we called that virus congress

LMAO....

:::, you expected less with a DB admin working on a PC OS? WTFutz were you thinking? Sounds like a severe chair-ware problem to me! :b