Wednesday 16th April 2014Login | Register
Pages: 1 [2] 3

AntiVirus XP2008 - Warning!

  • Alex
  • Bright Spark
  • *
  • Posts: 1863
  • View Profile
« Reply #16 on 22/08/2008, 14:24 »
My dad's laptop recently had this, plus a load of other associated adware components. Aside from the adverts the machine ran extremely slow - and I got my mum to change all of her internet banking passwords, just in case.

Don't know how it got there, I only casually browse on the internet now and again. My sister uses it more than me and claims she didn't click anything dodgy, but believe that and you'll believe anything Grin

Tried to remove it manually, with limited success. Also tried some spyware removers and the latest AVG with none at all. AVG took 2.5 hours to scan the PC and not find anything - so I decided to rebuild the laptop. Bit extreme I know, but I figured rather than waiting 2.5 hours for something which might fix it, I may as well fix it Sad

That doesn't help the people who want to remove it I know, and I don't know how to manually do it.
Hopefully AVG has caught up with it now (whatever it was) and will remove it.

The latest psychological trick of the scammers is to make a fake virus checking app, which gives fake warnings about the PC (unless it warns about itself, which would be genuine), in the hope you'll either buy something or apply a 'fix' which would be more of the same I guess.
Logged
« Reply #17 on 22/08/2008, 14:57 »
has anyone tried AdAware or Spybot?
Wake Up and Smell the Coffee!
Logged
« Reply #18 on 22/08/2008, 16:52 »
Hi, Don't know if this will help, My son in law has just got the Antivirus XP 2008, I was on two days trying to get rid of it, only thing I managed to do was start in safe mode, back up his important stuff and did complete reinstall of his op system, I tried everything i could find online but his system just gradually got slower and slower until it took half an hour just to boot up.   
He had all the latest security up to date so I dont know how he ended up with it.

regards

jono
jono
Logged
« Reply #19 on 22/08/2008, 17:31 »
This is ridiculous we shouldnt be subjected to this by this damn company is there nothing that can be done about a company who puts malware on a machine to sell its product this must go against every law in the book so why are they allowed to do it. I am still pulling my hair out with this and wasting so much time i have too much on my computer to do a complete re install if i find anything i will let you know but when Spybot, Avg, and Spyhunter3 are all saying my machine is clean this is a very clever malware programme and very annoying any more help would be greatly appreciated as we might the first of many to get infected.............
Logged
« Reply #20 on 22/08/2008, 17:41 »
This is getting beyond a joke no matter what site i click on it re directs me to various different sites including porn sites which is totally unnaceptable
Logged
« Reply #21 on 22/08/2008, 19:31 »
Do we know the comany behind the software and where they are based?
Wake Up and Smell the Coffee!
Logged
« Reply #22 on 22/08/2008, 20:11 »
The company use the software Antivirusxp2008 and they have a payment site so it shouldnt be very difficult to locate and shutdown but i suppose who is going to bother to do it, everyone is quick to jump on uploaders and downloaders and give them heavy fines so maybe this company should be heavily fined.........
Logged
« Reply #23 on 22/08/2008, 20:59 »
have you tried Googling  for AntiVirus XP2008, there are a lot of links

 

Search Results

   1.
      AntiVirusXP2008 - Symantec.com
      16 Jul 2008 ... Behavior. AntiVirusXP2008 is a misleading application that may give exaggerated reports of threats on the computer. ...
      www.symantec.com/security_response/writeup.jsp?docid=2008-071613-4343-99 - 28k - Cached - Similar pages
   2.
      AntiVirusXP2008 - Symantec.com
      16 Jul 2008 ... Symantec Security Response: comprehensive, global, 24x7 internet protection expertise to guard against complex threats, including virus, ...
      www.symantec.com/security_response/writeup.jsp?docid=2008-071613-4343-99&tabid=2 - 30k - Cached - Similar pages
   3.
      Remove AntivirusXP2008
      AntivirusXP2008 (or Antivirus XP 2008, AntiVirXP08, AntivirusXP 2008,
      www.pcthreat.com/parasitebyid-6953en.html - 28k - Cached - Similar pages
   4.
      Remove Antivirus XP 2008 ( AntivirusXP2008 Removal Instructions ...
      Antivirus XP 2008 ( AntivirusXP2008 ) is a rogue anti-spyware application that is promoted and installed by trojan. Once inside...
      www.removeonline.com/remove-antivirus-xp-2008-antivirusxp2008-removal-instructions/ - 42k - Cached - Similar pages
   5.
      Antivirus XP 2008 or AntivirusXP2008 :: Antivirus XP 2008 Removal ...
      Antivirus XP 2008 Description and Removal Instructions. Find and Detect Antivirus XP 2008 on your PC. Remove, Uninstall and Get Rid of Antivirus XP 2008.
      www.spywareremove.com/removeAntivirusXP2008.html - 37k - Cached - Similar pages
   6.
      RogueAntiSpyware.AntivirusXP2008 - Threat Details
      Information and removal instructions for the RogueAntiSpyware.AntivirusXP2008 infection, this infection can be detected and cleaned using Spyware Doctor.
      www.pctools.com/mrc/infections/id/RogueAntiSpyware.AntivirusXP2008/ - 29k - Cached - Similar pages
Free-online member since 15 Dec 1998
You dont have to be mad to understand what PN are up to, but it helps
Customer Options Team (Cancellations and MAC) 0800 4320200 (option 7) not free onmobile but 0345 4320200 is cheaper (or 0114 296 5098)
Logged
« Reply #24 on 22/08/2008, 21:39 »
That is part of the problem as this malware re directs my browser to several other sites, i have mangaed to use a laptop but most of these require buying a spyware programme and as i have just bought Spy Hunter 3 that was supposed to get rid of this and hasnt i am dubious that the others will remove it and at 30 a throw is a bit expensive to take the chance.SpyHunter3 says my system is clear so that was money well spent i dont think ! I am surprised there is no removal tool for this like there is for Virtumonde....
Logged
« Reply #25 on 22/08/2008, 21:39 »
Fantasticfourum,

You need to remove spyhunter3 it may be a 'rouge' possibly downloaded by a link supplied by antivirus xp 2008 (it may have downloaded it itself also as part of this type of malware is a downloader trojan that just keeps all the nasties alive, chances are it had infected the restore point system also.

PrevX (used to be a great free icm program - has this to say about spyhunter3 http://www.prevx.com/file...532-0/SPYHUNTER3.EXE.html  its not a nice product.

Keep to the stable diet of using SpyBot S&D (free), A Free(again a very good malware removal app), SpywareDoctor (free as part of the googlepack) use either AVG or Avast.also try looking at add remove programs and try uninstalling them it may work, you may find you need to turn off the restore points for them to actually be removed.

The issue you now have is that the envronment that you need to use these products in is 'infected' and if winantivirus xp is a clever sort it will have protected itself by blocking the instalation of other applications or hinder them working, so you may need to run scans from outside of the install it self

You can do this by using a LiveCD either the FSecure one here http://www.f-secure.com/w...og/archives/00001474.html or by getting another LinuxLive CD with either Clam/Fprot antivirus and perhaps RKhunter (hunts down rootkits) you can also use the livecd to safely transfer any important documents and files to an external usb drive prior to cleaning to make sure that the data is recoverable.

The most important thing to remember is not to panic.

Try the windows native stuff first (as per the third paragraph above)


Hope this helps and good luck

EDIT just noticed that prevx still offers a free scan may be worth a try

Jase

« Last Edit: 22/08/2008, 21:42 by hootiegibbon »

Using PCLinuxOS since 0.91
Registered Linux User #421404
Logged
  • Oldjim
  • Forum Moderator
  • Posts: 26217
  • View Profile
« Reply #26 on 22/08/2008, 21:52 »
If you want a read about it Register has a 5 page article http://www.theregister.co.../08/22/anatomy_of_a_hack/
Jim

Old Harry Rocks
Logged
« Reply #27 on 31/08/2008, 12:24 »
Hello again,

It went away .. for a while.
Started blasting AntiVirus XP2009...
Found out that the thing had got to a few other places.

Infected the following places:

  • System Volume Information/Restore - C:\System Volume Information\_restore{D8AD0B03-64D3-4D49-ABED-F6AC8C1C4873}\RP6
  • C:\System Volume Information\_restore{D8AD0B03-64D3-4D49-ABED-F6AC8C1C4873}\RP5\A0002373.exe
  • User's Temporary Directory - C:\Douments and Settings\Username\Local Settings\Temp\_A00F80C11E.exe
It had also (apparnetly) overwritten/modified System DLLs:

  • %System32%\wsock.dll
  • %System32%\wsock32.dll
  • %System32%\kernel32.dll

Using Avast to "Scan on Startup", it found these.

Using Security Task Manager I was able to find the root cause and  Dr Delete to remove this file:

  • System32 - %System32%\__c00A666F.dat

The __c00A666F.dat file was actually a DLL being used as a Module in both Explorer and IExplore.
Upon renaming the extension to .EXE it had the same Icon as - Username\Local Settings\Temp\_A00F80C11E.exe.

I even went to the trouble of dissassembling these files which I had access to.
The thing was packed by some means, so I couldn't get anymore information out about what it might have been doing.

PSTools - ProcMon, confirmed that the file was being loaded as a Module,
as you can view the Modules loaded by any process with it.

You could throw bloatware which claims to fix thes these things all day and they'll not help you at all.
You just need Tools and some basic idea of whats what.

Hope this helps anyone with the same problems!

Jim,
« Reply #28 on 04/09/2008, 20:03 »
Just to update an earlier post, I've had to deal with three of these infestations this week so far (and it's only Thursday!) and Malwarebytes alone has dealt with all of them quickly and with no fuss or consequential damage.

Try it before looking elsewhere - www.malwarebytes.org

Logged
  • God
  • Posts: 1102
  • God - Moving in mysterious ways.
  • View Profile
« Reply #29 on 04/09/2008, 22:47 »
I had to fix a machine last week and also used malwarebytes it kills it cleanly.
Logged
« Reply #30 on 05/09/2008, 13:01 »
Hello I have only just joined this forum for the purpose of getting help and advice.  Then I came upon this topic which seems very much akin to my problem.  The program calls itself Antivirus 2009 and has a logo in Windows colours.  One day it suddenly filled my screen with scary stuff about Malware and worse, and I registered and bought the product but then had a dispute with them about payment and managed to get a refund.  But I cannot get it to go.  I keep pressing the 'uninstall' and it does go, but then is back again next time I switch on.  I am very new to all this and grateful for any help.
Logged
  • Oldjim
  • Forum Moderator
  • Posts: 26217
  • View Profile
« Reply #31 on 05/09/2008, 13:04 »
That program is a clone of Antivirus XP 2008 so there is a fair chance that www.malwarebytes.org will help
Jim

Old Harry Rocks
Logged
Pages: 1 [2] 3
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We're a Yorkshire-based provider selling broadband and phone services to homes and businesses throughout the UK. Winner of the ISPA 2010 'Best Consumer Customer Service ISP' Award, we're proud to offer the UK's best value standalone broadband.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites