It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
ALERT!!!! ~XP 2012 FAKE Antivirus Working Thread
page: 1share:
CALLING ALL IT professionals.. SERIOUSLY..need your help!!!!!! all other members without 5+ years IT experience will not be of help here, plz just
listen, if you do not have 5+ years, your comments will get no reply from me due to the sophistication replication of this particular virus, and it's
rapid progression within a 8hrs period; you will only muddy the water.
I'm also asking for help on how to block this virus, since my wife is starting a business and I'm really scared to her system will be infected as well.
Ok, I got the so-called 'simple removal' of the nasty XP 2012 Antivirus .. Virus...I'll be as detailed as much as possible.
Q. What was I doing at the time?
A. Surfing on ATS, killed my FF browser... BAM~! XP 2012 Antivirus comes up! (You can search for the virus on ats or Google it to see screenshots of it.)
My Anti-virus s/w consists of .. Malewarebytes & Avira Anti-virus both versions are up to date..
Both of which have are no longer reliable to remove the 2nd round of this virus.. This virus can now circumvent XP safe mode which, about 3 months ago I could use both in safe mode to remove with no problem.. not not any more.
My step-by-step process to remove it 2nd time around...
1). In safe mode with no networking (XP), was able to run Avira and got 2 hits as expected, which I can't remember what they were, but after quarantining them, I deleted them.
2). Attempted to run Malwarebytes from the desktop, virus pop'd up again, which I was unable to run Malwarebytes because it over rode this program, where as 8hrs before, I was able to .. I tried to run Malwarebytes.exe from my thumb drive, no good, same result; tried to download malwarebytes and reinstall, same result.
3) Full shut down of the system
4). Unplugged my router, thinking it might help for some reason, for full 30+secs, restarted, confirmation of connections
5). Rebooted to safe mode with networking.
6). At the desktop, no internet connection available, Antivirus pop's up..
at this point my pc is on, with the standard FAKE antivirus windows up..and no internet connection..
Avira Antivirus caught one of the viruses and did block it . but, the 2nd time, it did not. I'd like some pro help here in knowledge how to actually BLOCK this virus.. it's not about removal any more.. it's about having a super secure system..
I've used a 2nd firewall with winxp's firewall to block this virus a year ago, which i had to format my drive.
any suggetions would be greatly appreciated.. Thx ATS..!
I'm also asking for help on how to block this virus, since my wife is starting a business and I'm really scared to her system will be infected as well.
Ok, I got the so-called 'simple removal' of the nasty XP 2012 Antivirus .. Virus...I'll be as detailed as much as possible.
Q. What was I doing at the time?
A. Surfing on ATS, killed my FF browser... BAM~! XP 2012 Antivirus comes up! (You can search for the virus on ats or Google it to see screenshots of it.)
My Anti-virus s/w consists of .. Malewarebytes & Avira Anti-virus both versions are up to date..
Both of which have are no longer reliable to remove the 2nd round of this virus.. This virus can now circumvent XP safe mode which, about 3 months ago I could use both in safe mode to remove with no problem.. not not any more.
My step-by-step process to remove it 2nd time around...
1). In safe mode with no networking (XP), was able to run Avira and got 2 hits as expected, which I can't remember what they were, but after quarantining them, I deleted them.
2). Attempted to run Malwarebytes from the desktop, virus pop'd up again, which I was unable to run Malwarebytes because it over rode this program, where as 8hrs before, I was able to .. I tried to run Malwarebytes.exe from my thumb drive, no good, same result; tried to download malwarebytes and reinstall, same result.
3) Full shut down of the system
4). Unplugged my router, thinking it might help for some reason, for full 30+secs, restarted, confirmation of connections
5). Rebooted to safe mode with networking.
6). At the desktop, no internet connection available, Antivirus pop's up..
at this point my pc is on, with the standard FAKE antivirus windows up..and no internet connection..
Avira Antivirus caught one of the viruses and did block it . but, the 2nd time, it did not. I'd like some pro help here in knowledge how to actually BLOCK this virus.. it's not about removal any more.. it's about having a super secure system..
I've used a 2nd firewall with winxp's firewall to block this virus a year ago, which i had to format my drive.
any suggetions would be greatly appreciated.. Thx ATS..!
Get the data off that you can.
Nuke and load. The only sure fire way to clean it up.
Nuke and load. The only sure fire way to clean it up.
Originally posted by Skewed
Get the data off that you can.
Nuke and load. The only sure fire way to clean it up.
I've tried.. it's not about removal as it is about BLOCKING it ..
reply to post by Skewed
What above says, but it would be worth using the new Windows Defender offline beta.
windows.microsoft.com...
Try this AV, it is good www.cloudantivirus.com...
What above says, but it would be worth using the new Windows Defender offline beta.
windows.microsoft.com...
Try this AV, it is good www.cloudantivirus.com...
If the infection already affected that much part of the OS. My best suggestion to you is to put your HDD on another computer either via an
enclosure(laptops) or directly in the motherboard. Make sure you have the best possible antivirus out there (you can get free trials, if not you can
crack it) and scan your hardrive a few times with different antiviruses.
Back up only the NECESSARY data. And perform a clean install of the OS in the original machine (format hard drive, the long way not the "quick" format) (Recommend Windows 7 ultimate with Bit defender 2012 and any other possible combination) If not just stick with XP.
I am a: A+ certified, MCP on Windows 7, CCNA, CCNP. Also, a computer "scientist" (doesnt really matter). And currently run a business overseas for IT support.
The virus will come back even if you "successfully" disinfect your computer. Trust me I've seen it happen multiple times.
Back up only the NECESSARY data. And perform a clean install of the OS in the original machine (format hard drive, the long way not the "quick" format) (Recommend Windows 7 ultimate with Bit defender 2012 and any other possible combination) If not just stick with XP.
I am a: A+ certified, MCP on Windows 7, CCNA, CCNP. Also, a computer "scientist" (doesnt really matter). And currently run a business overseas for IT support.
The virus will come back even if you "successfully" disinfect your computer. Trust me I've seen it happen multiple times.
I just cleaned my wife's computer and my neighbors computer from this little bugger. You're right that it's one step to this side of impossible to
get out because it's clever. However, the solution was mentioned above and it worked for me.
On a computer that is not infected with this .... You'll want Windows Defender, Offline version. I put mine on a USB Flash drive and it takes about 250mb. (It can burn to CD/DVD too) Set USB device to the top of the boot order in BIOS (Set it back later) on the infected machine, and let it go. When it comes up with a boot to Windows Defender from outside your Windows Install environment, you can now ssafely scan and remove it without it interfering in the process.
I also ran Malware Bytes on the followup boot in Safe Mode just to be sure... It picked up a few things on both machines, but I don't know if it was related. Defender got it though. Sure as anything.
On a computer that is not infected with this .... You'll want Windows Defender, Offline version. I put mine on a USB Flash drive and it takes about 250mb. (It can burn to CD/DVD too) Set USB device to the top of the boot order in BIOS (Set it back later) on the infected machine, and let it go. When it comes up with a boot to Windows Defender from outside your Windows Install environment, you can now ssafely scan and remove it without it interfering in the process.
I also ran Malware Bytes on the followup boot in Safe Mode just to be sure... It picked up a few things on both machines, but I don't know if it was related. Defender got it though. Sure as anything.
reply to post by cyoshi
If it;s as bad as it sounds..it will block Defender from installing.
My suggestion.....Remove the hard drive. Place as a non bootable secondary slave drive in a second computer with an up to date, competent antivirus. Use the second computer to scan the secondary hard drive and try to remove what you can. Sometimes that will work enough to at least let you load into safe mode after replacing it back where it came from.
Start in safe mode with command line.
Run a /SFC scannow scan from the command line...you might well need the installation disk.
Hopefully those will at least allow you to start it more. Reboot back into safe mode with networking. Connect to Microsoft's site and download the safety scanner from here.
Hopefully it will find more of it and remove it to the point of getting you cleaned up and ready to go again. Some of these latest ones have been putting themselves into the recycle bin too. And preventing you from deleting it there without stopping the running process.
If it;s as bad as it sounds..it will block Defender from installing.
My suggestion.....Remove the hard drive. Place as a non bootable secondary slave drive in a second computer with an up to date, competent antivirus. Use the second computer to scan the secondary hard drive and try to remove what you can. Sometimes that will work enough to at least let you load into safe mode after replacing it back where it came from.
Start in safe mode with command line.
Run a /SFC scannow scan from the command line...you might well need the installation disk.
Hopefully those will at least allow you to start it more. Reboot back into safe mode with networking. Connect to Microsoft's site and download the safety scanner from here.
Hopefully it will find more of it and remove it to the point of getting you cleaned up and ready to go again. Some of these latest ones have been putting themselves into the recycle bin too. And preventing you from deleting it there without stopping the running process.
Originally posted by webpirate
reply to post by cyoshi
If it;s as bad as it sounds..it will block Defender from installing.
My suggestion.....Remove the hard drive. Place as a non bootable secondary slave drive in a second computer with an up to date, competent antivirus. Use the second computer to scan the secondary hard drive and try to remove what you can. Sometimes that will work enough to at least let you load into safe mode after replacing it back where it came from.
Start in safe mode with command line.
Run a /SFC scannow scan from the command line...you might well need the installation disk.
Hopefully those will at least allow you to start it more. Reboot back into safe mode with networking. Connect to Microsoft's site and download the safety scanner from here.
Hopefully it will find more of it and remove it to the point of getting you cleaned up and ready to go again. Some of these latest ones have been putting themselves into the recycle bin too. And preventing you from deleting it there without stopping the running process.
This is why you are running defender in offline mode. It's on it's own self contained, bootable media and never triggers the virus because it's never looking at the hard drives as anything more than files to be scanned. You're right that this virus made worthless the on-board Microsoft security programs. Both machines had them but neither were still functional. Only the outside boot worked.
Originally posted by junior2991
If the infection already affected that much part of the OS. My best suggestion to you is to put your HDD on another computer either via an enclosure(laptops) or directly in the motherboard. Make sure you have the best possible antivirus out there (you can get free trials, if not you can crack it) and scan your hardrive a few times with different antiviruses.
Back up only the NECESSARY data. And perform a clean install of the OS in the original machine (format hard drive, the long way not the "quick" format) (Recommend Windows 7 ultimate with Bit defender 2012 and any other possible combination) If not just stick with XP.
I am a: A+ certified, MCP on Windows 7, CCNA, CCNP. Also, a computer "scientist" (doesnt really matter). And currently run a business overseas for IT support.
The virus will come back even if you "successfully" disinfect your computer. Trust me I've seen it happen multiple times.
appreciate the support junior! Thx for the creds.
i'm afraid that if i stick my HDD on another pc, it won't infect that too would it?
and what exactly is the best anti virus out there?, so far these 2 fail on this paticular virus, not sure if i need to by the full verison, and once i do, are they worth it (block after removal)
I'm going to try windows defender, the short way, see if it will from my thumb drive..
reply to post by Wrabbit2000
Yeah...I was still writing my post after yours came up and I hadn't seen it yet. I see what your saying...your basically booting to Defender outside of the OS before Windows kicks in. Hadn't thought of that.
These things can be an absolute nightmare to deal with. They will add themselves to the system restore. To the recycle bin. And multiple other places.
Yeah...I was still writing my post after yours came up and I hadn't seen it yet. I see what your saying...your basically booting to Defender outside of the OS before Windows kicks in. Hadn't thought of that.
These things can be an absolute nightmare to deal with. They will add themselves to the system restore. To the recycle bin. And multiple other places.
Komodo,
There appears to be quite a few YT vids on
dealing with this,Maybe worth watching them
www.youtube.com...
Hope there is some help there,
Violet.
There appears to be quite a few YT vids on
dealing with this,Maybe worth watching them
www.youtube.com...
Hope there is some help there,
Violet.
reply to post by Komodo
I personally use Vipre. It has never missed anything, and it doesn't suck system resources like many AV programs out there do.
You can put it as a second hard drive, but not touch it. Just scan it. But..that's why we are telling you to make sure you have a very good AV on that computer first.
But....if I were you, I;d try Wrabbit's solution first. I hadn;t thought of doing it that way until after he posted it.
I personally use Vipre. It has never missed anything, and it doesn't suck system resources like many AV programs out there do.
You can put it as a second hard drive, but not touch it. Just scan it. But..that's why we are telling you to make sure you have a very good AV on that computer first.
But....if I were you, I;d try Wrabbit's solution first. I hadn;t thought of doing it that way until after he posted it.
The time you are going to spend hacking away at this thing, you could have the system reloaded and back up and running again. I have disk images for
just this very reason. If a user gets one of these things, I just reload the entire thing and I am done with it and the user is happy.
reply to post by Wrabbit2000
can't install, admin rights hi-jacked .. It's only my pc and I don't have admin account since it's only me on the pc .. any suggestions
hold that thought.. windows safety scanner actually did load and is scanning now..
can't install, admin rights hi-jacked .. It's only my pc and I don't have admin account since it's only me on the pc .. any suggestions
hold that thought.. windows safety scanner actually did load and is scanning now..
edit on 11-12-2011 by Komodo because: (no reason given)
edit on 11-12-2011 by Komodo because: (no reason given)
Originally posted by Skewed
The time you are going to spend hacking away at this thing, you could have the system reloaded and back up and running again. I have disk images for just this very reason. If a user gets one of these things, I just reload the entire thing and I am done with it and the user is happy.
yes.. and his data is lost
2nd
Originally posted by webpirate
reply to post by Wrabbit2000
Yeah...I was still writing my post after yours came up and I hadn't seen it yet. I see what your saying...your basically booting to Defender outside of the OS before Windows kicks in. Hadn't thought of that.
These things can be an absolute nightmare to deal with. They will add themselves to the system restore. To the recycle bin. And multiple other places.
I got the impression in reading about it and seeing the material that this was something new out of Microsoft as an outside bootable form of their scan. I sure hadn't heard about it and I was in a class last semester that should have mentioned it. We got information on Combofix and a number of other things (college class) so this was new before this week for me too.
Microsoft is actually proving to be more useful in some of what they are offering free than what they are selling. Go figure. I'm not complaining though.
edit on 11-12-2011 by Wrabbit2000 because: (no reason given)
my internet connnection is dead.. unable to connect ..
any suggestions .. besides power cyclying the moden and router?
any suggestions .. besides power cyclying the moden and router?
Originally posted by Komodo
reply to post by Wrabbit2000
can't install, admin rights hi-jacked .. It's only my pc and I don't have admin account since it's only me on the pc .. any suggestions
hold that thought.. windows safety scanner actually did load and is scanning now..
edit on 11-12-2011 by Komodo because: (no reason given)edit on 11-12-2011 by Komodo because: (no reason given)
Windows safety scanner found and removed 7 infections.. however, see my post above this one on my connection issues
reply to post by Komodo
Yes, I have a strong suggestion. If you are planning on running an online business, trash Windows and run Linux. Sounds to me like you are already infected.
distrowatch.com...
Yes, I have a strong suggestion. If you are planning on running an online business, trash Windows and run Linux. Sounds to me like you are already infected.
distrowatch.com...
new topics
-
I hate dreaming
Rant: 14 minutes ago -
Is the origin for the Eye of Horus the pineal gland?
Philosophy and Metaphysics: 1 hours ago -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 2 hours ago -
Biden says little kids flip him the bird all the time.
2024 Elections: 2 hours ago -
The Democrats Take Control the House - Look what happened while you were sleeping
US Political Madness: 2 hours ago -
Sheetz facing racial discrimination lawsuit for considering criminal history in hiring
Social Issues and Civil Unrest: 2 hours ago -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News: 4 hours ago -
MH370 Again....
Disaster Conspiracies: 5 hours ago -
Are you ready for the return of Jesus Christ? Have you been cleansed by His blood?
Religion, Faith, And Theology: 7 hours ago -
Chronological time line of open source information
History: 9 hours ago
top topics
-
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News: 4 hours ago, 14 flags -
The Democrats Take Control the House - Look what happened while you were sleeping
US Political Madness: 2 hours ago, 9 flags -
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events: 15 hours ago, 8 flags -
A man of the people
Medical Issues & Conspiracies: 10 hours ago, 8 flags -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 2 hours ago, 7 flags -
Biden says little kids flip him the bird all the time.
2024 Elections: 2 hours ago, 6 flags -
4 plans of US elites to defeat Russia
New World Order: 12 hours ago, 4 flags -
Are you ready for the return of Jesus Christ? Have you been cleansed by His blood?
Religion, Faith, And Theology: 7 hours ago, 3 flags -
Is the origin for the Eye of Horus the pineal gland?
Philosophy and Metaphysics: 1 hours ago, 3 flags -
Sheetz facing racial discrimination lawsuit for considering criminal history in hiring
Social Issues and Civil Unrest: 2 hours ago, 3 flags
active topics
-
Man sets himself on fire outside Donald Trump trial
Mainstream News • 19 • : imitator -
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events • 28 • : Xtrozero -
12 jurors selected in Trump criminal trial
US Political Madness • 89 • : ImagoDei -
Is the origin for the Eye of Horus the pineal gland?
Philosophy and Metaphysics • 4 • : JoelSnape -
Biden says little kids flip him the bird all the time.
2024 Elections • 9 • : FlyersFan -
Fossils in Greece Suggest Human Ancestors Evolved in Europe, Not Africa
Origins and Creationism • 72 • : Xtrozero -
I hate dreaming
Rant • 0 • : FlyersFan -
MH370 Again....
Disaster Conspiracies • 8 • : Lazy88 -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works • 27 • : purplemer -
911 emergency lines are DOWN across multiple states
Breaking Alternative News • 8 • : nugget1