General Question

Nullo's avatar

Advice for killing the XP Internet Security virus/scam?

Asked by Nullo (21833 points ) March 30th, 2010

Picked it up some fifteen minutes ago; skated right under the Microsoft Security Essentials, kicked me off of the WND website and closed my Firefox session, and now it’s telling me that the comp’s been infected with every flavor of malware known to man and the only way to fix it is to send money.

I want to murderize it.

Observing members: 0 Composing members: 0

23 Answers

nope's avatar

Here’s my advice…Windows Restore. Kill everything going on right now, even if you have to force your system to quit and shut it down. Reboot, go into system restore, and go back to the last restore point…a day or two before today, perhaps. This will most likely get rid of your problem, if it just occurred today.

davidbetterman's avatar

Run your anti-virus software…then restart and run again…

Don’t do the system restore. Some malware is just waiting for that move…

nope's avatar

@davidbetterman
WHAT?? Can you cite an example where Windows Restore has been compromised?

OreetCocker's avatar

Only way to do this effectively is a full system recovery. System restore and anti virus will not do it! We get 30+ machines a week back with this, because you’ve accepted the packet of information it’s the only guaranteed way!

ragingloli's avatar

The only surefire way is a system HDD format and Reinstallation of WIndows.
And if you use MS security essentials, it is your own fault.
I would use a combo of AVG or Avira and Comodo Firewall.

nope's avatar

@ragingloli Don’t you think that recommending a full sytem reinstall on a reformatted hard drive is overkill here, at least initially? We don’t even know the nature of the OPs problem, other than some VERY vague references. This could potentially, very easily, be taken care of with Windows Restore. Why does everyone seem to be against that? It’s very easy, and very effective.

anartist's avatar

To use system restore, one has to make a restore point, right? It isn’t just done automatically in the background every so often?

ragingloli's avatar

@nope
I am not recommending it. I am just saying that it is the only way to be 99% sure in general.
My recommendation is, use system restore. If that does not work, download and install Comodo Internet Security. It’s defense+ component looks for suspicious software behaviour and will alert you to it. It will also show you the location of the offending file. You can use these dialogues to block the malware and then delete the files manually.

nope's avatar

@anartist Unless the user has gone in and changed default settings, Windows takes automatic resotres, usually around the points where it does updates, which is about weekly. I’m not so sure about XP, but I know in Vista, and in Win7, it also makes a restore point when you install anything. So hopefully, there are points available.

anartist's avatar

@ragingloli I am worried about having too many security things and having them fight each other. I have never heard of Comodo. I have Avast as my main. and spywareblaster, adaware, malwarebytes to run extra scans and winpatrol to note changes and hijack this. I hope i am protected enough.

anartist's avatar

@nope I changed my windows updates stuff so it doesn’t do it automatically—it just alerts me when there are updates. And that Windows Advantage thing is just sitting there waiting to be installed.

nope's avatar

@anartist Yikes. Windows Update and Windows Restore aren’t the same thing…have you tried to fire up Restore, and see if there’s a recent restore point?

anartist's avatar

@nope No. I made one restore point manually[first time I ever did it] before I put some software on and then when I tried to go back to it something was wrong with it.
No I just noticed you mentioned updates in your message. I would not have connected the two. I guess I don’t understand your post. I am venturing on slightly new turf—my ex used to do this stuff for me.

Fred931's avatar

There were so many different “oh this is the only way” posts at first that I thought I would have to go grab my paintball gun. For crowd control. Mehbeh…

DarkScribe's avatar

Remove your hard drive, drop it into a caddy and then clean it using another system. I have often used a Mac to sort out problems using a caddy with an infected PC drive in it. I run a Virtual PC on the Mac load an antivirus app and work from there

rottenit's avatar

McAfee stinger is designed to remove this, I have not tired it yet: http://vil.nai.com/vil/stinger/

njnyjobs's avatar

If you had quickly shut-off your computer when you were hit by the offending notice, you have a more than better chance of getting back on your feet with a System Restore running in Safe Mode as Administrator. Choose a date that’s a week or more in the past, even before some of the Software Distribution Service restore points. After it has restored to a previous date, login again as Administrator in Safe Mode with network support and Install/run malwarebytes.

boxing's avatar

Here is what I would do and have done for others. Before you resort to reformatting hard drive and reinstalling everything, try to find out what files in your computer are causing the problems. You could find out by checking what suspicious processes are running in the background, and what files were downloaded lately, and what registry entries are new, especially those tell the computer what programs to run when it starts up.

Then restart the computer under safe mode, and try to manually delete those files and registry entries.

njnyjobs's avatar

@boxing personally, reformatting a HDD is the last thing I’ll ever do in cases like this. But I would go against fooling around with the Registry as it can cause more irreparable problems than what you’re dealing with, especially if you don’t really know what you’re looking for. However, in an enterprise environment, it is easy for me to resurrect a system from a ghost image, as all data are saved on a file server anyway.

If OP is savvy enough to go through the processes indicated in this thread, he should be able to Restore the system without much trouble. If in fact the problem does not get corrected with the suggestions here outside of reformatting, I would suggest that OP seek the services of a professional.

boxing's avatar

I would agree that going through the registry is risky for users who are familiar with it…

njnyjobs's avatar

@boxing . . you mean, users who are unfamiliar . . .

boxing's avatar

haha...@ninyjobs...it has been a strange day for me…;-)

Nullo's avatar

Problem solved, after a fashion. I backed everything up and gave the machine a healthy dose of Linux.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther