AntiVirus XP 2008

**cgallery** · 07-23-2008, 07:30 AM

So what did you use to get rid of it?

**alpha** · 07-23-2008, 07:31 AM

AntiVirus XP 2008

I've seen that one also when my wife asked me what to do after the popup. It looks very much like a Microsoft update, but a bell went off and I told her we are running AVG antivirus and we have Microsoft security disabled. This one is very tricky if you don't pay careful attention.

In my wife's case, the popup appeared on an instruction video. I also came across it on my computer, also on a video. It indicated that it was starting to install when I hit cancel so I closed my browser immediately.

Bob

**dkerfoot** · 07-23-2008, 08:25 AM

Originally posted by cgallery

So what did you use to get rid of it?

It isn't a one step process. Eventually, the anti-malware programs will be updated to remove it completely. i.e. old CoolWebSearch - used to be a nightmare to get rid of, but nowadays any anti-malware program removes it with no intervention needed. For now, it requires a good bit of manual work.

My general process is:
1. Kill any rogue processes currently running if possible
2. Uninstall anything that looks like it is related (remove programs)
3. HijackThis! to remove things attached to the browser
4. Run EZClean to clear out most "extra" files - doesn't remove viruses but speeds up scan because there is less junk to sort through
5. If the PC has multiple accounts, I'll also go in and manually clear the Caches and Temp directories of other users.
6. Download and install a good anti-virus and Hitman Pro if not already
7. Switch to safe mode and run both
8. Begin manually tracking down and removing any remaining traces in the folders and registry. I do this through a combination of Google research and having done it many times before.

**OpaDC** · 07-23-2008, 08:27 AM

Spybot has worked pretty good at blocking these things for me.

http://www.safer-networking.org/en/index.html

**ironhat** · 07-23-2008, 08:31 AM

I wonder if this is like some of its predecessors in that after it has infected your PC they offer to sell you their software to uninstall it. I wish that I could recall the other names... I was able to get rid of it with a search of the web and a little toying with the program Search & Destroy (shareware). You can find it here and, no, I'm not affiliated with them in any way. HTH

PS: I also used Hi-Jack This with good success.

**cgallery** · 07-23-2008, 08:54 AM

The method we've been using to clean-up these machines is to remove the hard drive, and clean it in dedicated cleaning machines. We have one machine that we can use the corporate ed. of Symantec, along with the command-line version of McAfee and the Trend system cleaner. Another machine runs AVG. Then we toss the hard drive back into the original machine and load AVAST or AVG, and do further follow-up with SuperAntiSpyware/Spybot.

BUT (and this is a big BUT), there have been quite a few recent new malware infections that aren't in the definitions of any of those products yet. From the command-prompt I usually check \windows\system32 with a "dir /a:h" to look for any hidden DLL's and what-not. I then do a "dir /o:-d/p" to see the most recent additions to the folder. If I see any recent files that aren't native to Windows, I Google the names and try to see what they belong to.

Last week I fired-off a bunch of new viruses I found to Grisoft. They are nice enough to respond back and tell me what they are and they do add them to the definitions. I also send them to Symantec.

But this is getting real old.

**dkerfoot** · 07-23-2008, 10:48 AM

I'll pull the drive and load it into a PC if the computer is really bogged down. That will get rid of the bulk of the junk, but I don't know of any way to scan the registry that way.

I sometimes get a kick out of people arguing over which is the best AV program. To properly frame the question, you have to include "Which Day?" or even "Which Hour?" Anti-Malware is always going to be a trailing edge business. When someone comes up with a novel new malware approach, all the companies will play catch-up for a while.

Spybot is helpful, but unless it has changed recently, it doesn't have an active component to PREVENT infection. All it can do is clean what has already been installed.

**dbhost** · 07-23-2008, 11:44 AM

Originally posted by dkerfoot

I've started to see a new and nasty bit of Malware making the rounds. It is called Antivirus XP 2008 (or some variant such as AntiVirXP).

If you get a pop-up telling you have Malware or that you need to update, look very closely before clicking anything. This bugger is very good at looking “official.”

I’ve now removed it from a couple PCs. It is the nastiest one I’ve seen in a couple years. Reminds me a bit of CoolWebSearch. It has a few tricks that show a real cruel streak: It re-uses a "joke" screensaver to make it look like your PC is constantly blue-screening. It then also removes your screensaver and desktop tabs.

Most folks will not be able to get rid of it themselves. If you do get it, most places will tell you that your only option will be to do a complete reinstall of windows (Nuke & Pave). That isn’t necessary, but it is all most places know how to do.

Make sure you have a current Anti-Virus AND Anti-Spyware installed. AVG 8 is a good free option that now includes both. BUT you can't run it and an old expired Norton or McAfee at the same time - they don't play well together. PM me if you need help with the best process for removing/installing.

Since I run CentOS 5.1 (Linux) all I can say about that is...

neener neener neener, I'll never get that bug! Muahahahahaha!

**Thalermade** · 07-25-2008, 08:49 PM

Originally posted by dkerfoot

I've started to see a new and nasty bit of Malware making the rounds. It is called Antivirus XP 2008 (or some variant such as AntiVirXP). PM me if you need help with the best process for removing/installing.

A big thanks for your help. Just wanted everybody to know. I really appreciate you giving up your time to help me.

Everything seems to be back to Microsoft normal again.

Russ

**DUD** · 07-26-2008, 06:36 AM

Doug

hatis what is wrong with My computer, and I am slowly getting rid of it. I appreciate the

offer of help and will probably take You up on it. Bill

**dkerfoot** · 07-26-2008, 10:22 AM

Originally posted by Thalermade

A big thanks for your help. Just wanted everybody to know. I really appreciate you giving up your time to help me.

Everything seems to be back to Microsoft normal again.

Russ

Great to hear Russ. It is nice to know I was finally able to contribute something of worth back to the BT3 community!

Bill,

It looks like the major anti-malware packages (including the free AVG) are finally able to remove the bugger, but they can't undo all of the damage done. The most annoying is that you can't get to your screensaver and desktop settings because the tabs are missing. Here is the easy fix for that:

Right-click on an empty area of your desktop (anyplace without an icon) and choose properties. You may see that you don't have a Desktop or Screensaver tab.

IF the tabs are missing, go to these links and follow the directions for the "Automated Fix Using an Registration File" located 3/4 of the way down each page.

http://billjr.spaces.live.com/blog/c...6227!362.entry
http://billjr.spaces.live.com/blog/c...6227!675.entry

That should fix the problem and you can now set them back to your preferred settings.

dbhost - I do like Linux and I think the "Security by not running popular software and therefore ensuring the installed base remains so small as to be an unattractive target" strategy is brilliant.

(I really do like Linux, have installed several flavors for server, desktop and xbox and have used Open Office, Gimp, etc, etc, etc...)

AntiVirus XP 2008

AntiVirus XP 2008

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Footer Ad