Nasty XP Virus....Please help!

Closed
melovee1111 Posts 2 Registration date Thursday February 12, 2009 Status Member Last seen February 13, 2009 - Feb 13, 2009 at 12:36 PM
 noni - Feb 16, 2009 at 09:46 PM
Hello,
I have the infamous antispyware XP on my PC...along with (seemingly)
other viruses, etc.

I've tried downloading various anti Malware programs, as well as downloads
from microsoft, and the virus/spyware is stopping the downloads.

Any help would be greatly appreciated!

Thank you!
Related:

4 responses

xpcman Posts 19528 Registration date Wednesday October 8, 2008 Status Contributor Last seen June 15, 2019 1,824
Feb 13, 2009 at 01:07 PM
You will need to download the needed tools on a different computer. The Avira Rescue System can be downloaded on another PC with a CD burner. When you execute the download it will burn a Linux based CD with antivirus tools on it. You take it to your infected PC - change the boot order to boot from the CD and start the computer.
The Linux based CD is able to find and optionally remove or rename various virus and malware programs. Out of the box it is in German - you must click on the Union-Jack flag to change the interface to English. The default options just alert you when it finds a problem. You must go to the configuration settings tab and order it to remove the offending programs.

https://www.avira.com

Good Luck
0
melovee1111 Posts 2 Registration date Thursday February 12, 2009 Status Member Last seen February 13, 2009
Feb 13, 2009 at 03:19 PM
Thank you for the response xpcman,

I am going to try your suggestions....
a little technical for me though (maybe I'm on the wrong boards)

Could you please explain how to;
"change the boot order to boot from the CD and start the computer."

Then,
"configuration settings tab and order it to remove the offending programs."

How do I know what the offending programs are?
Will it tell me all of the names?

Maybe I should have waited for that question once I have tried it....

Thank you!
0
xpcman Posts 19528 Registration date Wednesday October 8, 2008 Status Contributor Last seen June 15, 2019 1,824
Feb 13, 2009 at 08:51 PM
Normally the BIOS is set to boot from the first hard drive. This needs to be changed so you can boot from the CD. When you first turn on the computer you need to press the Del or F2 or F10 to F12 key to enter the BIOS settings. Some computers (like Dell) let you change the boot order for just that start-up. Others make you change it in the BIOS (and you need to change back again). There are many different BIOS pages from the very simple to the very-very complex. So, I can't give you the exact procedure for your BIOS. You need to look for a tab/page that is titled "boot order" select it and press enter. You will find that the mouse does not work in the BIOS and you will need to use the tab key and/or the ARROW keys to navigate. Once you find the boot order page - it should give you a list of devices (something like HD0 hard drive, CD drive etc). highlight the CD drive and then change the order using either the page-up/page-down keys or the +/- keys (again each BIOS is different - the exact method may be displayed on the BIOS screen. Finally you exit that screen (probably using the ESC key) and then SAVE you change by exiting with the F10 key.

By this time you may have concluded that this whole process is way over your head.

You then start the computer with the Avira CD in the drive. The PC may ask you to verify that you want to boot from the CD.("Press any key to boot from the CD") . The next screen you see may in German. There is a flag in the lower left of the screen ( Union Jack?). Click on that and the language changes to English. Run the computer scan and see what it finds. You may want to write down what it finds and Google them for more info. If you want the program to remove what it finds - run it a 2nd time. But first click on "configuration" and tick off the option to remove the infection.

Good Luck
0
Thank you for your help.
I tried another method first...a jump drive with an trojan virus removal program...

At first all was well. It was running like normal, back to it's old self, until....
I tried to update I-tunes and Java both.

It's now freezing at the desktop screen and the I-tunes icon is disappearing
and reappearing.
I downloaded the update from the apple site, so I'm wondering if the Java
pop-up asking me to update was mal.

I appreciate all of your help and if you think appropriate, will try the
recommendation with Avira.
I was trying the most convenient solution first ;)

Thanks
0
Keifermail Posts 28 Registration date Saturday February 7, 2009 Status Member Last seen February 15, 2009 5
Feb 15, 2009 at 01:53 AM
You actually have a very nasty worm!

This thing is called the "Kido Worm" , "Downadup" and "Conficker." It began in Oct. 2008 but in December it evolved into a Superworm. Its ability to thwart any attempt to delete it and to spread via USB devices is confounding.

There is a lot of info out there if you Google these names. It is an interesting Worm as it seems to disable every defense before the victim can even launch a counter attack. It disables system restore, shuts off Microsoft updates, blocks Antivirus updates, hijacks the browser (Safari, Explorer, Chrome and Firefox) and finally it downloads more malicious software as it goes. It is impossible to give one set of instructions to remove the Virus as it is different on every machine.

The latest variant of the worm now lets it spread via thumb drives. It operates by copying itself in a random folder created inside the Recycler directory, which is used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder. The worm executes automatically if the Autorun feature is enabled.

Certain TCP functions are also patched to block access to security-related Web sites by filtering every address that contains certain strings. This makes it harder to remove because information about it is difficult to gather from an infected computer. Additionally, the sneaky little worm removes all access rights of the user, except execute and directory usage, to protect its file. Microsoft has created a removal tool for this worm, but if you are infected you must find an uninfected computer to download Microsoft's Malicious Software Removal Tool.

See the following link: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

If you have the Kido/Conficker worm you will no be able to link to the above link.

Microsoft states,
"If your computer is infected with the Conficker worm, you might be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or to access certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner. If that doesn't work, read the following Microsoft Help and Support articles on an uninfected computer. "

My advise is to get the removal tool on a brand new/clean USB device from another computer and then load it onto your computer. The surprising thing is that this thing started in Oct. and already has infected 12.9 million computers. Microsoft has offered a 250K reward to help catch the culprits that created this worm.

The easiest solution is Trojan Remover 6.7.5 which can be downloaded for free here:

https://www.simplysup.com/tremover/index.html
Hope this helps,

Keifer
0
Hi Keifer,

Thanks so much for your help.
You were right about the virus, and the trojan removal helped....

Please see above for what happened next.
I'm hoping it's a different technical issue, as opposed to another
virus.

I am in the process of restoring the point selection to prior
to the I-tunes and Java update..

I'm still getting a message (from AdWatch) that explorer.exe
is trying to make changes.
Sounds like the conficker is still hanging on? being that
IE keeps trying to do ?something? behind the scenes...

Thanks so much, sorry if I'm not explaining the situation
for your understanding...

I'm just a lay-person trying to get my computer to work
so that I can!
(I work from home, so this is really holding things up.)

Thank you!!!
0
Hmmm, anti spyware xp is a fake rogue spyware. its another name of fake ANTIVIRUS 2009
Antivirus 2009 is an unwanted program, from the authors of Antivirus 2008 . These applications have resembling interface and "features". After stealth installation, Antivirus 2009 will show tonns of fake spyware\adware detection messages and offers to remove reported threats (after you purchase commercial version). But in real Antivirus 2009 is not a spyware cleaner, it's just an imitation of spyware remover. Antivirus 2009 can also slow your computer and cause system errors and crashes. Remove Antivirus 2009 using manual removal instructions (for advanced users) or removal tool.

use manual removal guide
http://www.darfuns.com/xp-antivirus2008-removal/
0