cancel
Showing results for 
Search instead for 
Did you mean: 

AntiVirus XP2008 - Warning!

Fantasticfourum
Aspiring Pro
Posts: 386
Thanks: 53
Registered: ‎01-08-2007

Re: AntiVirus XP2008 - Warning!

I have just realised something i cant see spyhunter 3 listed in the above posts so did this damn thing send me to a wrong site when i clicked on one of the links above or am i just losing my mind ??????
Alex
Community Veteran
Posts: 5,500
Thanks: 921
Fixes: 13
Registered: ‎05-04-2007

Re: AntiVirus XP2008 - Warning!

My dad's laptop recently had this, plus a load of other associated adware components. Aside from the adverts the machine ran extremely slow - and I got my mum to change all of her internet banking passwords, just in case.
Don't know how it got there, I only casually browse on the internet now and again. My sister uses it more than me and claims she didn't click anything dodgy, but believe that and you'll believe anything Grin
Tried to remove it manually, with limited success. Also tried some spyware removers and the latest AVG with none at all. AVG took 2.5 hours to scan the PC and not find anything - so I decided to rebuild the laptop. Bit extreme I know, but I figured rather than waiting 2.5 hours for something which might fix it, I may as well fix it Sad
That doesn't help the people who want to remove it I know, and I don't know how to manually do it.
Hopefully AVG has caught up with it now (whatever it was) and will remove it.
The latest psychological trick of the scammers is to make a fake virus checking app, which gives fake warnings about the PC (unless it warns about itself, which would be genuine), in the hope you'll either buy something or apply a 'fix' which would be more of the same I guess.
artmo
Aspiring Champion
Posts: 19,524
Thanks: 421
Registered: ‎12-08-2007

Re: AntiVirus XP2008 - Warning!

has anyone tried AdAware or Spybot?
jono
Aspiring Pro
Posts: 303
Thanks: 8
Fixes: 7
Registered: ‎24-01-2008

Re: AntiVirus XP2008 - Warning!

Hi, Don't know if this will help, My son in law has just got the Antivirus XP 2008, I was on two days trying to get rid of it, only thing I managed to do was start in safe mode, back up his important stuff and did complete reinstall of his op system, I tried everything i could find online but his system just gradually got slower and slower until it took half an hour just to boot up.   
He had all the latest security up to date so I dont know how he ended up with it.
regards
jono
jono
Fantasticfourum
Aspiring Pro
Posts: 386
Thanks: 53
Registered: ‎01-08-2007

Re: AntiVirus XP2008 - Warning!

This is ridiculous we shouldnt be subjected to this by this damn company is there nothing that can be done about a company who puts malware on a machine to sell its product this must go against every law in the book so why are they allowed to do it. I am still pulling my hair out with this and wasting so much time i have too much on my computer to do a complete re install if i find anything i will let you know but when Spybot, Avg, and Spyhunter3 are all saying my machine is clean this is a very clever malware programme and very annoying any more help would be greatly appreciated as we might the first of many to get infected.............
Fantasticfourum
Aspiring Pro
Posts: 386
Thanks: 53
Registered: ‎01-08-2007

Re: AntiVirus XP2008 - Warning!

This is getting beyond a joke no matter what site i click on it re directs me to various different sites including porn sites which is totally unnaceptable
artmo
Aspiring Champion
Posts: 19,524
Thanks: 421
Registered: ‎12-08-2007

Re: AntiVirus XP2008 - Warning!

Do we know the comany behind the software and where they are based?
Fantasticfourum
Aspiring Pro
Posts: 386
Thanks: 53
Registered: ‎01-08-2007

Re: AntiVirus XP2008 - Warning!

The company use the software Antivirusxp2008 and they have a payment site so it shouldnt be very difficult to locate and shutdown but i suppose who is going to bother to do it, everyone is quick to jump on uploaders and downloaders and give them heavy fines so maybe this company should be heavily fined.........
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: AntiVirus XP2008 - Warning!

have you tried Googling  for AntiVirus XP2008, there are a lot of links
 
Search Results
   1.
      AntiVirusXP2008 - Symantec.com
      16 Jul 2008 ... Behavior. AntiVirusXP2008 is a misleading application that may give exaggerated reports of threats on the computer. ...
      www.symantec.com/security_response/writeup.jsp?docid=2008-071613-4343-99 - 28k - Cached - Similar pages
   2.
      AntiVirusXP2008 - Symantec.com
      16 Jul 2008 ... Symantec Security Response: comprehensive, global, 24x7 internet protection expertise to guard against complex threats, including virus, ...
      www.symantec.com/security_response/writeup.jsp?docid=2008-071613-4343-99&tabid=2 - 30k - Cached - Similar pages
   3.
      Remove AntivirusXP2008
      AntivirusXP2008 (or Antivirus XP 2008, AntiVirXP08, AntivirusXP 2008,
      www.pcthreat.com/parasitebyid-6953en.html - 28k - Cached - Similar pages
   4.
      Remove Antivirus XP 2008 ( AntivirusXP2008 Removal Instructions ...
      Antivirus XP 2008 ( AntivirusXP2008 ) is a rogue anti-spyware application that is promoted and installed by trojan. Once inside...
      www.removeonline.com/remove-antivirus-xp-2008-antivirusxp2008-removal-instructions/ - 42k - Cached - Similar pages
   5.
      Antivirus XP 2008 or AntivirusXP2008 :: Antivirus XP 2008 Removal ...
      Antivirus XP 2008 Description and Removal Instructions. Find and Detect Antivirus XP 2008 on your PC. Remove, Uninstall and Get Rid of Antivirus XP 2008.
      www.spywareremove.com/removeAntivirusXP2008.html - 37k - Cached - Similar pages
   6.
      RogueAntiSpyware.AntivirusXP2008 - Threat Details
      Information and removal instructions for the RogueAntiSpyware.AntivirusXP2008 infection, this infection can be detected and cleaned using Spyware Doctor.
      www.pctools.com/mrc/infections/id/RogueAntiSpyware.AntivirusXP2008/ - 29k - Cached - Similar pages
Fantasticfourum
Aspiring Pro
Posts: 386
Thanks: 53
Registered: ‎01-08-2007

Re: AntiVirus XP2008 - Warning!

That is part of the problem as this malware re directs my browser to several other sites, i have mangaed to use a laptop but most of these require buying a spyware programme and as i have just bought Spy Hunter 3 that was supposed to get rid of this and hasnt i am dubious that the others will remove it and at £30 a throw is a bit expensive to take the chance.SpyHunter3 says my system is clear so that was money well spent i dont think ! I am surprised there is no removal tool for this like there is for Virtumonde....
hootiegibbon
Grafter
Posts: 30
Registered: ‎24-06-2008

Re: AntiVirus XP2008 - Warning!

Fantasticfourum,
You need to remove spyhunter3 it may be a 'rouge' possibly downloaded by a link supplied by antivirus xp 2008 (it may have downloaded it itself also as part of this type of malware is a downloader trojan that just keeps all the nasties alive, chances are it had infected the restore point system also.
PrevX (used to be a great free icm program - has this to say about spyhunter3 http://www.prevx.com/filenames/112290380643721532-0/SPYHUNTER3.EXE.html  its not a nice product.
Keep to the stable diet of using SpyBot S&D (free), A² Free(again a very good malware removal app), SpywareDoctor (free as part of the googlepack) use either AVG or Avast.also try looking at add remove programs and try uninstalling them it may work, you may find you need to turn off the restore points for them to actually be removed.
The issue you now have is that the envronment that you need to use these products in is 'infected' and if winantivirus xp is a clever sort it will have protected itself by blocking the instalation of other applications or hinder them working, so you may need to run scans from outside of the install it self
You can do this by using a LiveCD either the FSecure one here http://www.f-secure.com/weblog/archives/00001474.html or by getting another LinuxLive CD with either Clam/Fprot antivirus and perhaps RKhunter (hunts down rootkits) you can also use the livecd to safely transfer any important documents and files to an external usb drive prior to cleaning to make sure that the data is recoverable.
The most important thing to remember is not to panic.
Try the windows native stuff first (as per the third paragraph above)

Hope this helps and good luck
EDIT just noticed that prevx still offers a free scan may be worth a try
Jase
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: AntiVirus XP2008 - Warning!

If you want a read about it Register has a 5 page article http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/
Prod_Man
Grafter
Posts: 287
Registered: ‎04-08-2007

Re: AntiVirus XP2008 - Warning!

Hello again,
It went away .. for a while.
Started blasting AntiVirus XP2009...
Found out that the thing had got to a few other places.
Infected the following places:

  • System Volume Information/Restore - C:\System Volume Information\_restore{D8AD0B03-64D3-4D49-ABED-F6AC8C1C4873}\RP6
  • C:\System Volume Information\_restore{D8AD0B03-64D3-4D49-ABED-F6AC8C1C4873}\RP5\A0002373.exe
  • User's Temporary Directory - C:\Douments and Settings\Username\Local Settings\Temp\_A00F80C11E.exe

It had also (apparnetly) overwritten/modified System DLLs:

  • %System32%\wsock.dll
  • %System32%\wsock32.dll
  • %System32%\kernel32.dll

Using Avast to "Scan on Startup", it found these.
Using Security Task Manager I was able to find the root cause and  Dr Delete to remove this file:

  • System32 - %System32%\__c00A666F.dat

The __c00A666F.dat file was actually a DLL being used as a Module in both Explorer and IExplore.
Upon renaming the extension to .EXE it had the same Icon as - Username\Local Settings\Temp\_A00F80C11E.exe.
I even went to the trouble of dissassembling these files which I had access to.
The thing was packed by some means, so I couldn't get anymore information out about what it might have been doing.
PSTools - ProcMon, confirmed that the file was being loaded as a Module,
as you can view the Modules loaded by any process with it.
You could throw bloatware which claims to fix thes these things all day and they'll not help you at all.
You just need Tools and some basic idea of whats what.
Hope this helps anyone with the same problems!
Jim,
Loombucket
Grafter
Posts: 314
Registered: ‎09-06-2007

Re: AntiVirus XP2008 - Warning!

Just to update an earlier post, I've had to deal with three of these infestations this week so far (and it's only Thursday!) and Malwarebytes alone has dealt with all of them quickly and with no fuss or consequential damage.
Try it before looking elsewhere - www.malwarebytes.org
God
Grafter
Posts: 1,112
Registered: ‎30-07-2007

Re: AntiVirus XP2008 - Warning!

I had to fix a machine last week and also used malwarebytes it kills it cleanly.