Oh, God-- What To Do Now?

Perhaps I've said it before: I really hate Windows XP. I only use
because it came with my Dell D610 laptop which I bought cheap. What I
really HATE about XP is it's antivirus feature which occasionally
kicks in to make my life a living hell.

A week ago, something set it off and I kept getting a message about XP
Antivirus Program 2011; that I *needed* this program to get rid of
what it said was 12 infections. Maybe yes, maybe no-- but this message
became malware in itself because I could not get rid of it and it
literally held my laptop hostage until I paid nearly $60 and bought
the damn program! Once a number was keyed in, the program "cleaned" my
system and finally went a way, to lurk in the background like some
Mafia thug waiting to extort me again. I'm not kidding here.

When I tried to use my laptop, not one single program would work
except for the two M$oft programs, IE8 and Outlook express; everything
else I could click on until the cows came home and nothing would
happen-- except that damn AV program might pop up again. Oh yeah,
*that* worked too. But 95% of my programs didn't.

I had a vaguely similar problem before and went into safe mode, to see
what I could do. I couldn't do anything. Everything I tried resulted
in an almost total lockout to my programs. I even tried making new
accounts-- eight of them. Most of them would have the same problem:
the non-Microsoft programs wouldn't work, and the AV program would pop
up although it claimed there were no more infections.

I have been working at this for nearly a week, and now after the 9th
account, I finally got one that worked right. I came to within a hair
of doing a root canal and totally getting rid of WP and installing
something reliable like Windows 2K. But I had already spen $60 for the
Av program and I can't afford to bleed money for this stupid laptop. I
have no doubt that sooner or later, this kind of problem is going to
re-occur as long as it seems to be no way to truly get rid of the AV
program and the part of XP that controls it. I can't keep going
through accounts as this wates a lot of time and by accident, I
already lost a lot of my precious files when I deleted a "corrupt"
account. Does anyone know what to do about a problem like this. If so,
help!

Ron

 

You have a virus nothing to do with xp; see here.
http://www.spywareremove.com/removeXPAntiVirus2011.html

 

I've been a fan of Windows NT and to a lesser extent, Windows 2K; that
kind of crap couldn't happen on either of those two systems. They
happen on XP because the OS doesn't really give you the freedom of
choice to use whatever kind of firewall and Av programs you want to
use: it only recognizes certain programs or even just the one AV
program. Who designed such a totally deranged OS?

If I could, I would go back to Win2k in a heartbeat. Unfortunately, my
copy requires a disk drive to load in parts of Win2k and this laptop
has only a DVD/CD to load programs. Win2k was never all that cheap to
begin with, and it's more costly now than it ever was before, so I sem
to be stuck with XP but I don't like it. I'm not sure I would have
gotten the laptop from Amazon if I had known that XP was its operating
system.

But back to the matter at hand, that article doesn't say what to do
when your computer has been hijacked an you can run *any* other
program to even find the culprit at work or to get rid of it.We are
talking about total lock-down.

Ron

_____________
"People make mistakes. But it takes a computer to sriously **** up."

-- Anonymous --

 

This is a fake antivirus. Among other things, it intercepts the handler
for .exe files and directs the requests to itself ... so any time you try
to run any program it executes the malware instead.

You need to terminate the process from Task Manager. You can then start
CMD.EXE by choosing FILE --> NEW TASK and ctrl-clicking on RUN. From
there, import the "exe file association fix" from the web site of your
choice and run your REAL antivirus to remove the malware. It typically
lives in the NETWORK SERVICE local settings folder.

 

You got scammed, and you're trying to blame the OS?
That's pretty sad. Typically, it is something you did to
allow it to happen:

http://en.wikipedia.org/wiki/Rogue_security_software

http://www.howtogeek.com/howto/8693...s-live-and-other-roguefake-antivirus-malware/

BJ

 

To most, XP was/is the best OS made by MS (and it is based on NT).

 

Sorry to say, you got scammed. You picked up a trojan virus which
pretended it was an antivirus program, and you got tricked into paying
an unknown party $60.

No offense, but I find it curious that you are computer savvy enough
to access USENET, but not savvy enough to recognize the fairly obvious
signs that you were being presented with a virus, not a legitimate
program. You should read up on basic security. Again, no offense.
Trying to help you out so this doesn't happen to you again.

There are NO legitimate antivirus programs out there that will charge
you to scan and clean your system. Either they won't monitor your
system at all, or they will not update the virus definitions. Again,
any antivirus that scans your system but insists on a payment to clean
is NOT legitimate.

Since you created so many accounts, all of which you let be infected
with this virus, you REALLY should wipe the entire hard drive and
reinstall Windows.

And, since it sounds like you weren't actually running any antivirus
software in the first place, I suggest you download one of the free
programs out there... Avast, AVG, etc. Also, download some anti
malware software... Superantispyware for example.

 

The OS *made* it possible, dude. Funny how this virus only runs on
XP... Becasuse none of the past systems-- and especially a good one
like NT-- would rely on a certain AV or firewall program only. The
people who made this rogue program relied on and took advantage of a
stupid design flaw in XP. Yeah, I blame the OS and all th morons who
made it!

Ron

 

Based on NT the same way a 747 was based on the first Wright brother's
plane. There is nothing left of NT's security or structual integrity.
Windows 2k is a whole lot closer to NT and a much better program when
it comes to both stability and security. XP may have more cutesie
bells and whistles, but you pay for that dearly. But if it makes you
happy, go for it; I still think it's crap.

Ron

 

If you had read the link I sent you, you would have found
out the virus changes its name depending the system it is
on. It is NOT only on XP and your whining won't make it so.

 

Golly, gee; I kinda figured that out.

However, I sat for over a week trying to find a way out of a bad
situation, and for reasons unknown, I couldn't even post to Google
Groups for a couple of days. My system was totally locked up and my
number of options could be counted on one finger--

So since you are obviously much more informed than poor stupid me,
what would *you* do when absolutely NOTHING else worked? I'd like to
know.

You don't get it, do you? I have anti-virus programs. I USE anti-virus
programs. But NOTHING will run when the system is totally locked up.

Note that I said NOTHING in big large letters.... My only regret is
that they weren't flamng letters just to be totally clear about this.

If you ever find yourself in such a situation you might be a little
less smug.

Ron

 

Pull yer head in Ron! You can run any of about a dozen or more AV programmes
on XP just fine. Your ignorance is what got you into this mess and it's
stopping anyone from helping you...... Unless you're a troll?
--
Shaun.

"He who fights with monsters might take care lest he thereby become a
monster. And if you gaze for long into an abyss, the abyss gazes also
into you." Friedrich Wilhelm Nietzsche

 

Give it up guys...

Ron is either a troll, or simply and ignorant Ass. Neither deserves
any more help.

 

I've been in the situation. I've had to reinstall Windows due to a
virus/malware that wouldn't go away (or that I didn't trust was truly gone).

Here's a tip for you in the future... Obtain a bootable CD image from
some place you trust with an antivirus program on it. If you ever get
locked out from running software again on your hard drive, you can run
the antivirus software from DVD.

 

responding to
http://www.1-script.com/forums/Oh-God-What-To-Do-Now-article53768--25.htm
schotty456 wrote:
There is a relatively easy fix for this problem... I run a computer repair
business, and problems like this are one of the most common things that I
run into... Follow the steps below, and I assure you that you will be
right back to enjoying your functional computer in no time at all. If you
have any questions, feel free to email me at

1-Google the name of the Fake antivirus program that is popping up on your
system and figure out what the Process Name is.

2-Open up the task manager (Ctrl+Alt+Del) and go to the processes tab,
find the name of the process from step 1, right click it, click "kill
process tree".

3-Download and install the Free version of AVG, www.free.avg.com

4-Update the virus database and run AVG, and get rid of all the infections
that it finds.

5-Clean up the mess of user accounts that you created... Don't
accidentally delete any more of your files.

6-Restart your computer, and Run AVG again, just to be sure.

7-Set up AVG to run automatically once a week, at a time that you never
use your computer.

8-Set up your power settings so that your computer doesn't go to sleep or
shut down when you leave it on.

9-Leave your computer turned at the time you set for AVG to do it's weekly
inspection.

10-Enjoy your wonderful and error free WinXP machine!

~Schotty

 

Good advice. If your business is "Schotty Repair"...I would change it!
JK

 

In

Hi Ron! I don't know how you paid that 60 bucks by, but if it was by
credit card, I would call the credit card company and tell them what
happened if it isn't too late.

And once a computer is badly compromised, it is best to pull the hard
drive out and scan it with a clean computer. My nephew brought over his
laptop for me to work on. And that is how I removed 18 rootkits that was
on his computer.

Some people say once a computer has been badly compromised, you would be
much safer to wipe everything clean and reinstall all over again. And
while it is more work, it would be the safest approach.

And just to let you know where I am coming from, I've been using Windows
since '93. And so far I haven't got one single virus yet (knock on
wood).

 

I think you're pretty far off base here. First of all, XP doesn't
require any particular firewall or AV program. Second of all, why do you
think NT or 2000 were any more (or less) secure than XP? Is it that NT and
2000 tended to be run in corporate situations where much of the environment
could be controlled centrally? You can lock down XP, too: check out the
NIST or DISA STIGs. Technically XP is MUCH more secure because it's patched
against well-known exploits but 2K isn't supported any more.

Other than forcing everyone to run as administrator what flaws are
you thinking about?

Well, that and making the GUI effectively part of the kernel...

And that bogus cooperative multitasking crap... But anyway...

 

Formatted the drive and restored from yesterday's backup.

 

IMHO you can't trust a single file, especially executable programs,
after such an incident. You can choose to trust certain data files if the
cost of restoring known good copies is too high (it shouldn't be. This is
why Ghu, the great, invented incremental backups) but you cannot "clean" the
compromised OS installation. Remove it and start from known good copies, or
you may find savings account withdrawls from ATM's in Kazhikistan on your
statements.