RnR wrote:
> On Wed, 03 Sep 2008 08:03:29 -0700, Bruno <myName@myISP.net> wrote:
>
>> I've encountered a couple systems lately in which a program gets
>> installed that looks like an Anti Virus program. One was call Anti
>> Virus 2008, can't recall the other. The program can't be exited and
>> keeps telling you there are viruses and gives you the option to buy
>> the premium version or whatever to fix it. It can come from hijacked
>> web sites.
>>
>> While it looks like the system may be a complete mess, it's very easy
>> to deal with.
>>
>> 1. Open Task Manager (Ctrl-Alt-Del) and kill the program.
>> 2. Run MSConfig, find the program in the Startups and turn it off.
>> Note the folder location of the program (e.g. "C:\Program Files\Anti
>> Virus 2008")
>> 3. Delete the program folder.
>>
>> -Bruno
>
>
> From experience I know #1 and #3 do NOT always work. I can't say
> right now about #2 but my suspicion is that it's not that easy or I
> would have read to do that a LONG time ago. Anyway autoruns is better
> than msconfig if we gotta go that direction.
>
> My advice to the OP is to consider the posts prior to Bruno's to solve
> the problem. I might add tho you could also consider an uninstaller
> which gets into the registry too to uninstall. It may not work in
> every case of malware but it would be worth having as another option
> to try. Also consider using safemode in many cases when trying to get
> rid of sneaky software. In my opinion the more options you have the
> better. Of course good backups are the ultimate.
Seconded. No way that advice is going to work on this one. It takes over
the screen settings and embeds itself so deep you can't just kill the
process.
If you really have this malware, your wallpaper will be changed to giant
warning about viruses and/or spyware.
The smitRem link I posted requires that it be run in safe mode.
"journey" <journey@merr.com> wrote in message
news:es1sb4lao2v6m0r0tcsbeah759dbtm9fad@4ax.com...
> On Tue, 2 Sep 2008 22:38:17 -0400, "Von Fourche"
> <khonakong@hotmail.com> wrote:
>
>> My computer just got attacked by something called Anti Virus XP. Is
>>this a virus?
>>If so what do I do? A complete factory restore? How do I do that on my
>>Dell
>>E510? I think I'm going to have to do a complete factory restore. Please
>>reply quickly!
>>
>>Thanks
>
> I got hit with Anti Virus XP, and it wasn't fun. Very intrusive. I
> can't remember how I got rid of it, but I'll think about it overnight
> and if I can remember I'll post the resolution here.
I did a facotry restor last night. Luckily I had most of my important
stuff in My Documents coppied on an external hard drive. I'm getting my
computer set up again but I know this is going to take time. I've got a
serial card in my Dell hooked up to to my weather station console. I'm
going to have to find the driver for that again and go thru that mess again.
Anyway, I'm not sure how I got hat virus but - I was gone for eight nights
in Indy at the big
drag races. I get back Tuesday night. I punch in "NHRA diecast cars". I go
to the first site, look, then go to the second site and it hits me. I
assume some one in my houshold downloaed this stupid virus thing when I was
in Indy.
I dont even have Microsoft Works installed yet on my pc so I can not correct
my spelling.
What a headache. And the heat index in 96. lol.
On Tue, 2 Sep 2008 22:59:09 -0500, "S.Lewis"
<Gossamer@interesting.com> wrote:
>
>"Von Fourche" <khonakong@hotmail.com> wrote in message
>news:QdednaOxKczmZSDVnZ2dnUVZ_h6dnZ2d@earthlink.c om...
>>
>>
>> My computer just got attacked by something called Anti Virus XP. Is
>> this a virus?
>> If so what do I do? A complete factory restore? How do I do that on my
>> Dell
>> E510? I think I'm going to have to do a complete factory restore. Please
>> reply quickly!
>>
>> Thanks
>>
>
>Download, install and update this product - then scan the entire hard drive.
>It will remove it:
>
>http://www.download.com/Malwarebytes...-10804572.html
>
>(Malwarebytes Anti-Malware Free Edition)
>
>
>Stew
Stew jogged my memory.
I used the program he links to -- Malwarebytes (free). Then I
followed it up by running CCleaner as Ben suggests.
Finally, I did thorough scans using Kaspersky Internet Security.
It seemed to get rid of the virus. I have been paying close attention
to the running processes and to my firewall in case of a remaining
Trojan, virus, or other spyware.
"Von Fourche" <khonakong@hotmail.com> wrote in message
news:AZ-dnfnn3JpBTCPVnZ2dnUVZ_rHinZ2d@earthlink.com...
>
> "journey" <journey@merr.com> wrote in message
> news:es1sb4lao2v6m0r0tcsbeah759dbtm9fad@4ax.com...
>> On Tue, 2 Sep 2008 22:38:17 -0400, "Von Fourche"
>> <khonakong@hotmail.com> wrote:
>>
>>> My computer just got attacked by something called Anti Virus XP. Is
>>>this a virus?
>>>If so what do I do? A complete factory restore? How do I do that on my
>>>Dell
>>>E510? I think I'm going to have to do a complete factory restore.
>>>Please
>>>reply quickly!
>>>
>>>Thanks
>>
>> I got hit with Anti Virus XP, and it wasn't fun. Very intrusive. I
>> can't remember how I got rid of it, but I'll think about it overnight
>> and if I can remember I'll post the resolution here.
>
>
>
> I did a facotry restor last night. Luckily I had most of my important
> stuff in My Documents coppied on an external hard drive. I'm getting my
> computer set up again but I know this is going to take time. I've got a
> serial card in my Dell hooked up to to my weather station console. I'm
> going to have to find the driver for that again and go thru that mess
> again.
>
> Anyway, I'm not sure how I got hat virus but - I was gone for eight
> nights in Indy at the big
> drag races. I get back Tuesday night. I punch in "NHRA diecast cars". I
> go to the first site, look, then go to the second site and it hits me. I
> assume some one in my houshold downloaed this stupid virus thing when I
> was in Indy.
>
> I dont even have Microsoft Works installed yet on my pc so I can not
> correct my spelling.
> What a headache. And the heat index in 96. lol.
Spelcheccer fixed! lol. Just kidding! Can't live without Microsoft Word
and a spellchecker.
On Sep 3, 11:31*am, RnR <rnrte...@gmail.com> wrote:
> On Wed, 03 Sep 2008 08:03:29 -0700, Bruno <myN...@myISP.net> wrote:
> >I've encountered a couple systems lately in which a program gets
> >installed that looks like an Anti Virus program. One was call Anti
> >Virus 2008, can't recall the other. The program can't be exited and
> >keeps telling you there are viruses and gives you the option to buy
> >the premium version or whatever to fix it. It can come from hijacked
> >web sites.
>
> >While it looks like the system may be a complete mess, it's very easy
> >to deal with.
>
> >1. Open Task Manager (Ctrl-Alt-Del) and kill the program.
> >2. Run MSConfig, find the program in the Startups and turn it off.
> >Note the folder location of the program (e.g. "C:\Program Files\Anti
> >Virus 2008")
> >3. Delete the program folder.
>
> >-Bruno
>
> From experience I know #1 and #3 do NOT always work. * I can't say
> right now about #2 but my suspicion is that it's not that easy or I
> would have read to do that a LONG time ago. *Anyway autoruns is better
> than msconfig if we gotta go that direction.
>
> My advice to the OP is to consider the posts prior to Bruno's to solve
> the problem. * I might add tho you could also consider an uninstaller
> which gets into the registry too to uninstall. *It may not work in
> every case of malware but it would be worth having as another option
> to try. *Also consider using safemode in many cases when trying to get
> rid of sneaky software. *In my opinion the more options you have the
> better. *Of course good backups are the ultimate. * *- Hide quoted text -
>
> - Show quoted text -
But, an uninstaller would have to be installed prior to the infection
(to monitor where everything went). So your suggestion would have
little merit.
For me (fixing someone elses' recently) a combination of Sysclean
(with the spyware extensions), Spybot S&D, and checking for rootkits
seemed to do the trick.
On my initial scan, Sysclean found 18 bits of crud but didn't kill the
crap completely following a reboot, Spybot S&D found 20 more which
seemed to nail it, but it found a few additionals following an update
a couple of days later.
Malwarebytes also seems to have a good reputation for removing this.
Download the files on an uninfected machine, and leave the affected
one OFFLINE for several days before attempting to clean it up, as new
variants will be installed automatically before the cleanup utils get
chance to catch the "last" variant. It goes without saying to get the
files after the infected machine has been offline to give them a
chance of being updated.
You might also want to run Blacklight (checks for rootkits), Vundofix,
Smitfraudfix, and SDfix. On the target machine I checked, it actually
showed 3 rootkits, but these may have been a false positive as they
appeared to be core functions of the laptop (gfx, audio etc) - as
such, I didn't want to touch them. A further scan a few days after the
initial cleanup didn't show anything.
Links to that lot are on my site at http://www.coreutilities.co.uk -
follow the bottom link on the table. Alternatively, feel free to email
me at the same domain, with "newsgroup@" in front of it :-)
If you're local (i'm in the UK) I can drop a CD in the post to you
with the latest updates up to the day I send it...
"Von Fourche" <khonakong@hotmail.com> wrote in message
news:Xfedne36a5yleyPVnZ2dnUVZ_qrinZ2d@earthlink.co m...
>
> "Von Fourche" <khonakong@hotmail.com> wrote in message
> news:AZ-dnfnn3JpBTCPVnZ2dnUVZ_rHinZ2d@earthlink.com...
>>
>> "journey" <journey@merr.com> wrote in message
>> news:es1sb4lao2v6m0r0tcsbeah759dbtm9fad@4ax.com...
>>> On Tue, 2 Sep 2008 22:38:17 -0400, "Von Fourche"
>>> <khonakong@hotmail.com> wrote:
>>>
>>>> My computer just got attacked by something called Anti Virus XP. Is
>>>>this a virus?
>>>>If so what do I do? A complete factory restore? How do I do that on my
>>>>Dell
>>>>E510? I think I'm going to have to do a complete factory restore.
>>>>Please
>>>>reply quickly!
>>>>
>>>>Thanks
>>>
>>> I got hit with Anti Virus XP, and it wasn't fun. Very intrusive. I
>>> can't remember how I got rid of it, but I'll think about it overnight
>>> and if I can remember I'll post the resolution here.
>>
>>
>>
>> I did a facotry restor last night. Luckily I had most of my important
>> stuff in My Documents coppied on an external hard drive. I'm getting my
>> computer set up again but I know this is going to take time. I've got a
>> serial card in my Dell hooked up to to my weather station console. I'm
>> going to have to find the driver for that again and go thru that mess
>> again.
>>
>> Anyway, I'm not sure how I got hat virus but - I was gone for eight
>> nights in Indy at the big
>> drag races. I get back Tuesday night. I punch in "NHRA diecast cars". I
>> go to the first site, look, then go to the second site and it hits me. I
>> assume some one in my houshold downloaed this stupid virus thing when I
>> was in Indy.
>>
>> I dont even have Microsoft Works installed yet on my pc so I can not
>> correct my spelling.
>> What a headache. And the heat index in 96. lol.
>
>
>
>
> Spelcheccer fixed! lol. Just kidding! Can't live without Microsoft
> Word and a spellchecker.
>
>
Sweet baby Moses floating in a basket.
Yeah, re-imaging will fix it. That's one way around a minor malware
program.
"JayB" <JayB@audiman.net> wrote in message
news:g9n28e$ush$1@registered.motzarella.org...
> Hey Stew,
> is that a technical term for how you people down south fix your I.T.
> problems?
>
Judas H. Priest, man NO. It's how Greek Squad and most OEM tech support
teams handle any software issue....
" I would like to be formatting your disk that is hard. Please find your CD
of Windows."
i'm actually quite surprised to see so many people here reinstalling
windows and doing system restores to get rid of things.
its much easier to put the hard drive, mount in another system,
and delete the few files that are causing the problem,
and after popping it back in, the problem is neutralized and you can
clean up the registry entries that were left behind.
the main key is educating users to practice "safe computing".
if every time someone gets in trouble, they have to reinstall their
system, that's pretty bad.
S.Lewis wrote:
> "JayB" <JayB@audiman.net> wrote in message
> news:g9n28e$ush$1@registered.motzarella.org...
>> Hey Stew,
>> is that a technical term for how you people down south fix your I.T.
>> problems?
>>
>
>
> Judas H. Priest, man NO. It's how Greek Squad and most OEM tech support
> teams handle any software issue....
>
> " I would like to be formatting your disk that is hard. Please find your CD
> of Windows."
>
> Elephant gun/mosquito.
>
> Pass the cornbread and grits.
>
>
Re: Anti Virus XP on my Dell 
Linear Mode
