I've never used an anti-virus package since it's not too difficult to use an anti-malware to scan and delete the villains. But the "XP Total Security" arrived on my desktop a couple of days ago. I was surprised how thoroughly it had wedged iteslf into my PC, disabling Firefox, Windows Security, Windows Automatic Updates, and Malwarebytes, amongst other things. However, it didn't seem to be spreading. It simply arrived, disabled stuff, and started flashing is panic attack message. Within a couple of minutes I found that the Malwarebytes executable was disabled, so I reinstalled it and cleaned out the "XP Total Security". Now Firefox was running again, but Windows Security updates was still disabled. If Automatic Upates won't return to normal, it can be reinstalled from your SP3 files:
You need to go to the C:\WINDOWS\inf folder. (Usually, C:\WINDOWS is the path of the WINDOWS system folder).
The inf folder is a hidden folder, so you need to reset it to "View"
If it's now viewable, go to the C:\WINDOWS\inf folder, double-click the inf folder, right-click au.inf, and then click "Install". If any install files were deleted by the malware, restore them from your SP3 files or XP backup.
You should be up and running now.
However, I'm surprised that McAfee doesn't ID and remove this thing. It's a pest, but it's not a PC-killer, and Malwarebytes sees it & quarantines it promptly.
None of the antivirus applications are much good against these things but Malwarebytes and similar applications are specialised for use against such malware but by the same token Malwarebytes isn't much good against the millions of viruses that the major antiviirus applications can and will deal with. You could have updated and run Malwarebytes in "Safe Mode with Networking" and it would have probably cleaned everything and left your machine as it was.
Alternatively you could have tried System Restore to go back to before all this happened.
I just realised you stated 'I've never used an anti-virus package since it's not too difficult to use an anti-malware to scan..." - that is very unwise. If you don't want to spend the money that's fine, try one of the free antivirus applications and you should also have a software firewall.
I'll quote one of the lead developers of Malwarebytes (Bruce Harrison) which might explain why I'm saying that:
Message was edited by: Ex_Brit on 23/05/11 5:35:20 EDT PM
As far as why MBAM is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AVs seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :
"No, MBAM can't replace your existing antivirus software and is not designed to."
Of course, Ex_Brit, you're quite correct. I keep a firewall, don't go to porn sites, etc., but find that anti-virus is more itch than benefit. And also my servers are armored Linux machines. After 40 years of programming, I find a lot of the protections with their relentless updates are more bother than not. And it's not too difficult (for me) to clean up after an infection. But for most, of course, an anti-virus package should be maintained.Message was edited by: jjjoseph on 5/24/11 12:04:32 AM CDT
Hello Ex Brit and Peacekeeper......have just joined this illustrious group given VERY similar problems I am having with my wife's PC. The Trojan smells and feels very much like the one under discussion, except it is named "Vista Home Security". All the screens I see here look identical to the ones I am seeing on her PC.
Tried running Malwarebytes, but PC would not let me open it. Cannot open MS Internet Explorer, so am bringing programs down on my PC, using a memory stick to transfer to hers. Trojan does pop up in both normal AND safe mode. Am currently doing a stringer scan.
Will try and follow the other steps mentioned above and see what happens....unless anyone has better ideas.
My girlfriends PC picked up this virus a few months ago and I ended up reinstalling all the software on her machine after zapping it. When when she got infected again I began to look for an easier solution. I followed ex-brit's instructions and withing a few hours had zapped theat &*#@ virus and had her machine working, clean, again.
I suggest following his insturctions, worked for me.
you will need to follow
Running rkill to stop the process also maybe also necessary along with the reg fix file.
If you dowmload MWB rename it (the setup file and when you install it instalkl it to a renamed folder other than suggested as some malware can block certain folders from being accessed or rather files in than being run.Message was edited by: Peacekeeper on 16/05/11 1:38:02 PM
As I was just reading your response to "dekkem" above (i.e. about renaming the MWB setup file and installing it into a renamed folder other than the suggested one), I have a couple of questions for you.
I already downloaded MWB a few months back. The files are in my Desktop and I also made a backup copy onto a USB flash drive, but I have not renamed any of the files in either location. Do I need to go in to the Desktop Malwarebytes files and the Malwarebytes files on the flash drive and rename them as you indicated, or (if I were to get infected with malware), would the Malwarebytes program run successfully if executed from the flash drive instead of the Desktop?
Frankly, I'm not very well-versed in just how to go about renaming the files you mentioned; I'm inclined to think I would probably end up renaming the wrong file and create major problems.
Thanks very much for your time and any info
For anyone with access to a working computer.There is a pretty good video here on youtube.May be useful for someone with a less experiance with this junk.He will basically run you through the whole process.Hope this helps someone.