Merry Christmas to everybody!
My computer just got the xp antivirus 2012 attack two days ago. My Mcafee total protection 2011 did not help when virus attacked. At this time, it was more painful than what I deal with google search redirction virus last time. The virus made my system could not run any exe file. I search the website to get the regedit.com idea to help me to solve exe file problem. Later I used Malwarebytes to figure out the virus file. When I removed them (I also planed to send them to McAfee for virus samples), my Mcafee also pop-up to report it detected these virus files. If McAfee really detected those virus, it was too late. Hope McAfee can improve it.
However, after I recover my system, I started my firefox, McAfee reported the firefox tried to make a potentially risky connection to "83.133.121.xxx 83.133.124.xxx 83.133.125.xxx 220.127.116.11 18.104.22.168 ...". After I closed my firefox, McAfee still continue to report these risky connection. Does anyone know how to fix these potentally risky connection? Thanks in advance.
First off you need to turned the pc off and and login as safe mode please check this link http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ or visit google for more information, the run McAfee Antivirus full scan, make sure you have updated your McAfee antivirus, after that make sure you quarantined or remove any virus etc from your system, besides that try with Internet explorer or another browser, check under firefox under network settings and check that you are not using any proxy ot the virus was directing you to another specific website or ip, please contact McAfee support since they are the best !!
Thank you for your reply. I have all those steps which you suggested before. I updated McAfee to latest and used McAfee total protection scan my PC twice. NO help. All reported no virus detection. Further support needed to pay.
Now even firefox did not start, McAfee had reported the ping command tried to ping "22.214.171.124" address. But I did not know what caused ping to started. No ping command in regedit run and starup. Do you know what made ping program started? Thanks.
At this time, I do not know how the google search redirect virus came back again. In addition, when I login into my igoogle, it would auto open another tab for testendonline.com in my firefox 9.0. I used both McAfee and Malwarebytes to scan, neither helps. I also tried SuperAntiSpyware and Avg anti-virus 2012, no help also. I do not know which anti-virus software which I should select for 2012. Do you have any good suggestion? Thanks.
None of the major antivirus software will help with this sort of thing. The best removal guide on the web is here: http://www.bleepingcomputer.com/virus-removal/remove-xp-antivirus-2012 scroll down the page as the first links you see are advertising.
If nothing helps post a Hijackthis log on one of the specialist forumsfor expert advice as follows:
Do not post Hijackthis logs here, we can't help you with those !
Post the logs at one of these specialist Forums:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
Thank you for your information. I have followed the best remove guide. Malwarebytes has reported 0 virus. But my firefox still got the testendonline.com pop up and ping command to ping outside IP which was blocked by McAfee. I may have to post a Hijackthis log on the specialist forums for expert advice.
Kindly Download the Fake alert stinger and perform the full scan if its possible kindly turn off the system restore.
I have downloaded the stinger, turned off the system restore, and performed the full scan, no virus was detected. But my firefox still opened the testendonline.com webpage. Also the ping command was opened by some virus and it continued to ping outside IP after my pc boot up. Any suggestion what can cause this kind issue? Thanks.
kindly download the CF remover tool from the below said link and perform the full scan if there is infection it will asks for no of reboots after finishing the scan kindly perform full scan with McAfee AV
I have downloaded and tried CF remover tool. It run no more than 5 seconds then it showed "Conficker Not Found". No virus was reported.
Today as I used firefox to download the CF remover tool. Now my firefox was taken over by Virus now. Every time I start to open my firefox and click any link, it would auto open www.internetpayday.co/. And I can not close my firefox too. Now the status became more worse than before. Now McAfee did not report any internet block again.
In addition, I found one virus was hidden under %userprofile%\Application Data\Adobe\Flash Player/aei.exe. One file gvextw6g8lpw1ewy4vnx0n1142a7r was under %userprofile%\Applciation Data\ and %userprofile%\Local Settings\Applciation Data\ . Its property showed it was a system file.
I updated the latest Malwarebytes to 12/30, no help. Now I know the ping was a virus too. As I have remove the ping.exe from \windows\ folder. But it still showed up on processes list.