ALERT!!!! ~XP 2012 FAKE Antivirus Working Thread

page: 1
2
<<   2 >>

log in

join

posted on Dec, 11 2011 @ 12:29 AM
link   
CALLING ALL IT professionals.. SERIOUSLY..need your help!!!!!! all other members without 5+ years IT experience will not be of help here, plz just listen, if you do not have 5+ years, your comments will get no reply from me due to the sophistication replication of this particular virus, and it's rapid progression within a 8hrs period; you will only muddy the water.

I'm also asking for help on how to block this virus, since my wife is starting a business and I'm really scared to her system will be infected as well.

Ok, I got the so-called 'simple removal' of the nasty XP 2012 Antivirus .. Virus...I'll be as detailed as much as possible.

Q. What was I doing at the time?
A. Surfing on ATS, killed my FF browser... BAM~! XP 2012 Antivirus comes up! (You can search for the virus on ats or Google it to see screenshots of it.)

My Anti-virus s/w consists of .. Malewarebytes & Avira Anti-virus both versions are up to date..

Both of which have are no longer reliable to remove the 2nd round of this virus.. This virus can now circumvent XP safe mode which, about 3 months ago I could use both in safe mode to remove with no problem.. not not any more.

My step-by-step process to remove it 2nd time around...

1). In safe mode with no networking (XP), was able to run Avira and got 2 hits as expected, which I can't remember what they were, but after quarantining them, I deleted them.

2). Attempted to run Malwarebytes from the desktop, virus pop'd up again, which I was unable to run Malwarebytes because it over rode this program, where as 8hrs before, I was able to .. I tried to run Malwarebytes.exe from my thumb drive, no good, same result; tried to download malwarebytes and reinstall, same result.

3) Full shut down of the system

4). Unplugged my router, thinking it might help for some reason, for full 30+secs, restarted, confirmation of connections

5). Rebooted to safe mode with networking.

6). At the desktop, no internet connection available, Antivirus pop's up..

at this point my pc is on, with the standard FAKE antivirus windows up..and no internet connection..

Avira Antivirus caught one of the viruses and did block it . but, the 2nd time, it did not. I'd like some pro help here in knowledge how to actually BLOCK this virus.. it's not about removal any more.. it's about having a super secure system..

I've used a 2nd firewall with winxp's firewall to block this virus a year ago, which i had to format my drive.

any suggetions would be greatly appreciated.. Thx ATS..!




posted on Dec, 11 2011 @ 12:37 AM
link   
Get the data off that you can.

Nuke and load. The only sure fire way to clean it up.



posted on Dec, 11 2011 @ 12:39 AM
link   

Originally posted by Skewed
Get the data off that you can.

Nuke and load. The only sure fire way to clean it up.


I've tried.. it's not about removal as it is about BLOCKING it ..



posted on Dec, 11 2011 @ 12:39 AM
link   
reply to post by Skewed
 

What above says, but it would be worth using the new Windows Defender offline beta.

windows.microsoft.com...

Try this AV, it is good www.cloudantivirus.com...



posted on Dec, 11 2011 @ 12:44 AM
link   
If the infection already affected that much part of the OS. My best suggestion to you is to put your HDD on another computer either via an enclosure(laptops) or directly in the motherboard. Make sure you have the best possible antivirus out there (you can get free trials, if not you can crack it) and scan your hardrive a few times with different antiviruses.

Back up only the NECESSARY data. And perform a clean install of the OS in the original machine (format hard drive, the long way not the "quick" format) (Recommend Windows 7 ultimate with Bit defender 2012 and any other possible combination) If not just stick with XP.

I am a: A+ certified, MCP on Windows 7, CCNA, CCNP. Also, a computer "scientist" (doesnt really matter). And currently run a business overseas for IT support.

The virus will come back even if you "successfully" disinfect your computer. Trust me I've seen it happen multiple times.



posted on Dec, 11 2011 @ 12:46 AM
link   
I just cleaned my wife's computer and my neighbors computer from this little bugger. You're right that it's one step to this side of impossible to get out because it's clever. However, the solution was mentioned above and it worked for me.

On a computer that is not infected with this
.... You'll want Windows Defender, Offline version. I put mine on a USB Flash drive and it takes about 250mb. (It can burn to CD/DVD too) Set USB device to the top of the boot order in BIOS (Set it back later) on the infected machine, and let it go. When it comes up with a boot to Windows Defender from outside your Windows Install environment, you can now ssafely scan and remove it without it interfering in the process.

I also ran Malware Bytes on the followup boot in Safe Mode just to be sure... It picked up a few things on both machines, but I don't know if it was related. Defender got it though. Sure as anything.



posted on Dec, 11 2011 @ 12:47 AM
link   
reply to post by cyoshi
 


If it;s as bad as it sounds..it will block Defender from installing.

My suggestion.....Remove the hard drive. Place as a non bootable secondary slave drive in a second computer with an up to date, competent antivirus. Use the second computer to scan the secondary hard drive and try to remove what you can. Sometimes that will work enough to at least let you load into safe mode after replacing it back where it came from.

Start in safe mode with command line.

Run a /SFC scannow scan from the command line...you might well need the installation disk.

Hopefully those will at least allow you to start it more. Reboot back into safe mode with networking. Connect to Microsoft's site and download the safety scanner from here.

Hopefully it will find more of it and remove it to the point of getting you cleaned up and ready to go again. Some of these latest ones have been putting themselves into the recycle bin too. And preventing you from deleting it there without stopping the running process.



posted on Dec, 11 2011 @ 12:50 AM
link   

Originally posted by webpirate
reply to post by cyoshi
 


If it;s as bad as it sounds..it will block Defender from installing.

My suggestion.....Remove the hard drive. Place as a non bootable secondary slave drive in a second computer with an up to date, competent antivirus. Use the second computer to scan the secondary hard drive and try to remove what you can. Sometimes that will work enough to at least let you load into safe mode after replacing it back where it came from.

Start in safe mode with command line.

Run a /SFC scannow scan from the command line...you might well need the installation disk.

Hopefully those will at least allow you to start it more. Reboot back into safe mode with networking. Connect to Microsoft's site and download the safety scanner from here.

Hopefully it will find more of it and remove it to the point of getting you cleaned up and ready to go again. Some of these latest ones have been putting themselves into the recycle bin too. And preventing you from deleting it there without stopping the running process.


This is why you are running defender in offline mode. It's on it's own self contained, bootable media and never triggers the virus because it's never looking at the hard drives as anything more than files to be scanned. You're right that this virus made worthless the on-board Microsoft security programs. Both machines had them but neither were still functional. Only the outside boot worked.



posted on Dec, 11 2011 @ 01:06 AM
link   

Originally posted by junior2991
If the infection already affected that much part of the OS. My best suggestion to you is to put your HDD on another computer either via an enclosure(laptops) or directly in the motherboard. Make sure you have the best possible antivirus out there (you can get free trials, if not you can crack it) and scan your hardrive a few times with different antiviruses.

Back up only the NECESSARY data. And perform a clean install of the OS in the original machine (format hard drive, the long way not the "quick" format) (Recommend Windows 7 ultimate with Bit defender 2012 and any other possible combination) If not just stick with XP.

I am a: A+ certified, MCP on Windows 7, CCNA, CCNP. Also, a computer "scientist" (doesnt really matter). And currently run a business overseas for IT support.

The virus will come back even if you "successfully" disinfect your computer. Trust me I've seen it happen multiple times.


appreciate the support junior! Thx for the creds.

i'm afraid that if i stick my HDD on another pc, it won't infect that too would it?

and what exactly is the best anti virus out there?, so far these 2 fail on this paticular virus, not sure if i need to by the full verison, and once i do, are they worth it (block after removal)

I'm going to try windows defender, the short way, see if it will from my thumb drive..



posted on Dec, 11 2011 @ 01:08 AM
link   
reply to post by Wrabbit2000
 


Yeah...I was still writing my post after yours came up and I hadn't seen it yet. I see what your saying...your basically booting to Defender outside of the OS before Windows kicks in. Hadn't thought of that.

These things can be an absolute nightmare to deal with. They will add themselves to the system restore. To the recycle bin. And multiple other places.



posted on Dec, 11 2011 @ 01:15 AM
link   
Komodo,

There appears to be quite a few YT vids on
dealing with this,Maybe worth watching them

www.youtube.com...

Hope there is some help there,

Violet.



posted on Dec, 11 2011 @ 01:18 AM
link   
reply to post by Komodo
 


I personally use Vipre. It has never missed anything, and it doesn't suck system resources like many AV programs out there do.

You can put it as a second hard drive, but not touch it. Just scan it. But..that's why we are telling you to make sure you have a very good AV on that computer first.

But....if I were you, I;d try Wrabbit's solution first. I hadn;t thought of doing it that way until after he posted it.



posted on Dec, 11 2011 @ 01:20 AM
link   
The time you are going to spend hacking away at this thing, you could have the system reloaded and back up and running again. I have disk images for just this very reason. If a user gets one of these things, I just reload the entire thing and I am done with it and the user is happy.



posted on Dec, 11 2011 @ 01:22 AM
link   
reply to post by Wrabbit2000
 


can't install, admin rights hi-jacked .. It's only my pc and I don't have admin account since it's only me on the pc .. any suggestions

hold that thought.. windows safety scanner actually did load and is scanning now..


edit on 11-12-2011 by Komodo because: (no reason given)
edit on 11-12-2011 by Komodo because: (no reason given)



posted on Dec, 11 2011 @ 01:22 AM
link   

Originally posted by Skewed
The time you are going to spend hacking away at this thing, you could have the system reloaded and back up and running again. I have disk images for just this very reason. If a user gets one of these things, I just reload the entire thing and I am done with it and the user is happy.


yes.. and his data is lost

2nd



posted on Dec, 11 2011 @ 01:23 AM
link   
reply to post by Komodo
 


I mentioned earlier to get the data off.



posted on Dec, 11 2011 @ 01:25 AM
link   

Originally posted by webpirate
reply to post by Wrabbit2000
 


Yeah...I was still writing my post after yours came up and I hadn't seen it yet. I see what your saying...your basically booting to Defender outside of the OS before Windows kicks in. Hadn't thought of that.

These things can be an absolute nightmare to deal with. They will add themselves to the system restore. To the recycle bin. And multiple other places.

I got the impression in reading about it and seeing the material that this was something new out of Microsoft as an outside bootable form of their scan. I sure hadn't heard about it and I was in a class last semester that should have mentioned it. We got information on Combofix and a number of other things (college class) so this was new before this week for me too.


Microsoft is actually proving to be more useful in some of what they are offering free than what they are selling. Go figure. I'm not complaining though.
edit on 11-12-2011 by Wrabbit2000 because: (no reason given)



posted on Dec, 11 2011 @ 03:45 AM
link   
my internet connnection is dead.. unable to connect ..

any suggestions .. besides power cyclying the moden and router?



posted on Dec, 11 2011 @ 03:56 AM
link   

Originally posted by Komodo
reply to post by Wrabbit2000
 


can't install, admin rights hi-jacked .. It's only my pc and I don't have admin account since it's only me on the pc .. any suggestions

hold that thought.. windows safety scanner actually did load and is scanning now..


edit on 11-12-2011 by Komodo because: (no reason given)
edit on 11-12-2011 by Komodo because: (no reason given)


Windows safety scanner found and removed 7 infections.. however, see my post above this one on my connection issues



posted on Dec, 11 2011 @ 09:00 AM
link   
reply to post by Komodo
 


Yes, I have a strong suggestion. If you are planning on running an online business, trash Windows and run Linux. Sounds to me like you are already infected.
distrowatch.com...






top topics



 
2
<<   2 >>

log in

join