Trojan /spyware

[zxspectrum]

Right guys im having trouble with my computer. Ive got either a virus or trojan that i need to sort out my AV etc. I changed from Kaspersky, as it couldnt get rid of it, and put drive sentry on which is pants. I also put spybot search and destroy on but im still struggling with the bleeding thing.

Ive even taken system restore off, and ran windows defender but i cant seem to get rid still. Does any one know of an online scanner that i can use. Ive tried panda mcaffee and trend micro


Ed

[Qs]

Avast! + Malwarebytes' Anti-Malware = Clean computer.

Download both, update both. Get avast! to do a bootscan (prior to entering windows) and do a full sweep with malwarebytes. Should clear most things right up.

Else do my favourite - reformat.

If you can give us some more information we'll be able to help more.

Qs

EDIT - Oh, and Windows Defender is a horrible, horrible piece of software.

[UCHEEKYMONKEY]

Quote:

Originally Posted by Qs

Avast! + Malwarebytes' Anti-Malware = Clean computer.

Download both, update both. Get avast! to do a bootscan (prior to entering windows) and do a full sweep with malwarebytes. Should clear most things right up.

Else do my favourite - reformat.

If you can give us some more information we'll be able to help more.

Qs

EDIT - Oh, and Windows Defender is a horrible, horrible piece of software.

I concur there's some good links from Q's there!

Anychance you can tell us what the name of this spyware is? the latest one that seems to be doing the rounds is Antivirus 2008 xp. It's a real pain to remove!!

[Qs]

Quote:

Originally Posted by UCHEEKYMONKEY

I concur there's some good links from Q's there!

Anychance you can tell us what the name of this spyware is? the latest one that seems to be doing the rounds is Antivirus 2008 xp. It's a real pain to remove!!

Haha funny you mention Antivirus 2008 xp matey. I cleaned up work colleauge's laptop which had that on. She apparantly took it into her local PC repair shop and they were going to charge her £50 to remove it.

I told her to bring it in and cleaned it up in less than an hour.

The next day I come to start work and there's a bottle of Southern Comfort on my desk with a thank you card.

Morale of the story - fix random people's computers - get free booze.

[UCHEEKYMONKEY]

Quote:

Originally Posted by Qs

Haha funny you mention Antivirus 2008 xp matey. I cleaned up work colleauge's laptop which had that on. She apparantly took it into her local PC repair shop and they were going to charge her £50 to remove it.

I told her to bring it in and cleaned it up in less than an hour.

The next day I come to start work and there's a bottle of Southern Comfort on my desk with a thank you card.

Morale of the story - fix random people's computers - get free booze.

1/2 hour to do the following:-

Unregister XP Antivirus 2008 DLL Files:
(Learn how to do this)
shlwapi.dll
wininet.dll

Stop XP Antivirus 2008 Processes:
(Learn how to do this)
XPAntivirus.exe
XPAntivirusUpdate.exe
xpa.exe
xpa2008.exe

Find and Delete these XP Antivirus 2008:
(Learn how to do this)
xpa.exe
xpa2008.exe
XPAntivirus.exe
XPAntivirusUpdate.exe
shlwapi.dll
wininet.dll
XP antivirus
XPAntivirus.lnk
Uninstall XPAntivirus.lnk
XPAntivirus on the Web.lnk
XPAntivirus.url
XP Antivirus 2008.lnk
Uninstall XP Antivirus 2008.lnk

Remove XP Antivirus 2008 Registry Values:
(Learn how to do this)
HKEY_USERS\Software\XP antivirus

Source


blimey you must a fast on the keyboard!

[Qs]

Quote:

Originally Posted by UCHEEKYMONKEY

1/2 hour to do the following:-

Unregister XP Antivirus 2008 DLL Files:
(Learn how to do this)
shlwapi.dll
wininet.dll

Stop XP Antivirus 2008 Processes:
(Learn how to do this)
XPAntivirus.exe
XPAntivirusUpdate.exe
xpa.exe
xpa2008.exe

Find and Delete these XP Antivirus 2008:
(Learn how to do this)
xpa.exe
xpa2008.exe
XPAntivirus.exe
XPAntivirusUpdate.exe
shlwapi.dll
wininet.dll
XP antivirus
XPAntivirus.lnk
Uninstall XPAntivirus.lnk
XPAntivirus on the Web.lnk
XPAntivirus.url
XP Antivirus 2008.lnk
Uninstall XP Antivirus 2008.lnk

Remove XP Antivirus 2008 Registry Values:
(Learn how to do this)
HKEY_USERS\Software\XP antivirus

Source


blimey you must a fast on the keyboard!

Lol I said less than an hour but I was approximating.

Regardless you don't need to manually edit out the registry entries in all cases, it depends how deep the installation is. In my case Malwarebytes and Avast! removed the lot, no manual intervention required.

Source - here

And I quote - "Automated Removal Instructions for Antivirus XP 2008 using Malwarebytes' Anti-Malware:"

Why perform extra painstaking work when you can get a program to do it for you?

[BosonMichael]

Quote:

Originally Posted by Qs

Why perform extra painstaking work when you can get a program to do it for you?

Because most of them do an abysmal job at automatically removing them. Although the apps you recommended are decent apps, *nothing* seems to be able to remove even HALF of what's there. Never rely on *any* anti-malware app to do the job automatically, because it *will* miss stuff, I promise you.

Said more plainly... you might *think* it's clean... but it's usually not.

[Qs]

Quote:

Originally Posted by BosonMichael

Because most of them do an abysmal job at automatically removing them. Although the apps you recommended are decent apps, *nothing* seems to be able to remove even HALF of what's there. Never rely on *any* anti-malware app to do the job automatically, because it *will* miss stuff, I promise you.

Said more plainly... you might *think* it's clean... but it's usually not.

I checked manually once the program had finished its work and I couldn't find anything at all. I'm not one to be ignorant and assume that such programs would work flawlessly - in this case it did though.

[BosonMichael]

Quote:

Originally Posted by Qs

I checked manually once the program had finished its work and I couldn't find anything at all. I'm not one to be ignorant and assume that such programs would work flawlessly - in this case it did though.

It might have, in this case... all I'm saying is that one cannot simply assume:

Quote:

Originally Posted by Qs

Avast! + Malwarebytes' Anti-Malware = Clean computer.

Assuming so is a recipe for continued infection.

[UCHEEKYMONKEY]

BM - does have an interesting point!

Although you can use a program to remove or quarantine Antivirus 2008. It's not always gone!

At work it's caught a lot of people out and although the antivirus symantec detect it, it did not remove it and even spy doctor, which stated it detected and remove it. well it came back after another signed onto the network client PC. I'm not convinced you can have a clean system unless you either re-format or run the neccessary checks in the manual removal instructions!

[zxspectrum]

Well guys i have tried everything, every tye of online scanner you can think of and several sets of antivirus. Nothing has got it , its always coming back . So i think ill just reformat the computer as that would be the most surefire way of getting rid of the thing.

One question though,im going to put all my music on a network stirage drive, will they become infected at all or will they be ok .

Ed

[Mr.Cheeks]

copy the data across, and then do a through scan on the network drive

[Sparky]

It looks like it is reinstalling itself when connected to the internet. You could try the scans in safe mode and also remove the spyware from the notes above.

You are probably looking a full reinstall tbh though.

Going back to original post you might have wanted to try a system restore first before you remove all the system restore points.

[zxspectrum]

Well guys i managed to get rid of it and it was the virus below.

Quote:

Originally Posted by UCHEEKYMONKEY

I concur there's some good links from Q's there!

Anychance you can tell us what the name of this spyware is? the latest one that seems to be doing the rounds is Antivirus 2008 xp. It's a real pain to remove!!

I basically did an online virus scan in safe mode with networking so i had a net connection then i went to www.trendmicro.com and followed tthe instructions.

So far so good, no thing has popped up telling me that i need to have my computer looked at. Also it was quite a sophisticated virus and i suppose to the normal everyday user they would quite easily have panicked.

Ed