Posted on 08/17/2008 1:24:34 PM PDT by AZFolks
Antivirus XP 2008 By: webmaster | Under: Unwanted Programs 26
Jun
Updated: July 30, 2008
Antivirus XP 2008 is a bogus antivirus application for Windows that was promoted and downloaded automatically by redirecting users internet browser to its predefined website.
Aliases: Adware.AntivirusXP2008
Risk Level: Medium
File Size: Varies
Affected System: Windows
Common Symptoms: 1. Redirects web broswser and pop-up scan results. It will then prompt the user to buy the licensed software.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Download, follow the directions, good to go.
I had to remove it from a couple of machines at work.
I apologize for the misspelling of belong and Republic.
It also goes by VISTA 2008. I googled it a found I website I trusted for removable instructions. It required editing the registry.
You do NOT turn off the computer once you see something is crazy, though you should pull out the Internet connection.
Do a search for new created files that day or so.
Look for especially .exe and .dll files newly created.
Hit Ctrl + ALt + Del and review running processes in task manager.
See particularly if any of the newly found files are running as processes.
Go to the internet and look the files up and see what they say.
Lastly close down, go to safe mode F8 key at startup and potentially delete the new files.
That would be an easily removable thing if caught like some viruses or ad ware.
It can get bad, once my niece asked me to check her computer. There were viruses going for many months, they corrupted the computer and I had to reinstall the operating system.
She had only 465 viruses found.
Got caught last month by a form set up to emulate Vista.It found its way into my system and would not allow access to uninstall. I’d get popups telling me I had 73 viruses and trojans. My virus pgm dtected nothing. I wound up isolating and shredding it with windows defender. No trouble since.
I believe in the death penalty for ——s who foist this crap on users who don't know any better.
Does this mess get downloaded from Windows XP automatic updates???
I would think though that if the computer was already compromised, all kinds of stuff could download at all times, including automatic update time.
It wouldn't be automatic updates doing it, it would be the hackers who send maybe a key logger as you use the Internet.
I don’t think so. My wife had it start it scan and install when she went to a web site. Some how she thought she was going to a sewing site and ... bang, this AV program shows up.
Put down the “beong” and step away from the Free Republi... :) Seriously, though, thanks for posting this.
My daughters’ computer got nailed by this thing.....finally crashed it....she spent 300 to fix it and blamed ME for it! So now I can’t use her laptop.....funny she forgets who bought the darn thing for her!
I’ve seen two computers eaten by this. It claims to be an antivirus program and convinces users to let it doa scan. and yes, if it gets far enough along it does require a Windows reinstall.
It doesn’t require reformatting, however, just a clean reinstall. That does mean you have to reinstall all your programs.
On the rare occasions when something like this has happened, I’ve just used the system restore feature and it worked like a charm.
Just got hit with this little b@stard two days ago after visiting the Pravda site after jumping over from the Drudge Report. Googled and found a lot of activity on this bugger. Went to the malwarebytes.com site and downloaded the free cleaner. It worked perfectly
The bugger disabled my system restore feature.
Spybot S&D is a good cleaner for this one.
How can I find out if this is on my system? This morning I turned it on and got busy elsewhere. I heard the system restart (a first without my being at the keyboard) and it came up the way it usually does.
I’ve got the Vista OS on my computer.
Thanks. I’m not a computer geek at all and the older I get the more I hate to deal with technical things.
I update and run Spybot S&D and Lavasoft Ad-Adware about once a week, and run my Webroot Window Washer every night on 7-pass bleach. My “resident” AV programs are the McAfee that comes free with Comcast and Webroot Spysweeper.
I never have any problems.
Did you download and install the thing, or did you just get redirected to the website. I got the redirect, but I didn’t install the thing.
The list of thing it can disable includes:
Not necessary to go through all of that. Try the Combofix utility linked in post 2.
I usually am able to clean these off without much trouble but my son’s pc was infected with a variant of this XP Antivirus that required wiping the hard drive.
The computer was so compromised that it was easier to just reinstall windows. Could not access (directly) c:\; could not access control panel; system settings; all user accounts were restricted; run command and command prompt were blocked; blocked updates from legit spyware and antivirus scanners - this thing was NASTY!
I’m dubious about the ability of any program to undo all the damage I saw. In a business environment is cheaper just to reinstall Windows. You know its clean when you’re done.
Next time I’ll have recent backups of the system state. Fortunately, mission critical documents are kept on the server and backed up.
By the way, how do you run your utility when drives don’t show up on Explorer?
Do you have a desktop- and can the unit download anything?
If no and no- download it on another machine and put it on a memory stick/thumb drive. Use CTRL+ALT+DEL to bring up the Task Manager. On the Applications tab, hit New Task and navigate to the utility, and run it from there.
You didn’t read my list of things disabled. All drives are unavailable. You can’t run programs from the start menu. That’s also true in safe mode.
Now I’m sure there’s a way to get something done from the command line, but if you are supporting a business and people are standing over your shoulder, you do what you know will get the job done without experimenting.
a windows reinstall deletes and replaces all system files and rebuilds the registry from scratch. The bad side effect is you have to reinstall all your programs. In a business environment that mostly means Office, which takes about ten minutes.
Hah, sounds like you got hit by a rootkit trojan. I got infected by one a few weeks ago. I downloaded and ran SDFix to remove it.
At my business, it is simply a matter of restoring from an image. No reinstallation needed.
But we are talking about home and personal machines here, and a reinstall is burning down the house to get rid of the mice.
Nothing is burned down. Have you looked at the list of things disabled by the latest pest? Walk me step by step through disinfecting a computer on which the start menu is gone, task manager is disabled and disk drives are not showing. We are talking here about a rootkit.
Step 1: Slave the drive to another system.
And this is going to save time? How?
I can do all those things, but a business computer has Windows, documents, Acrobat, and perhaps one or two specialized programs. Windows and the programs can be reinstalled in an hour without any special settings. When you’re done everyything is clean and working. If you use the default folders, all the documents are in place.
Now, the correct thing is to have good backups.
It depends on the specific damage this case- but in general, I disagree. I too do this stuff in a business environment- I specialize in malware eradication for an IT multinational. I typically remove this and all its rider subinfections in 2-3 hours. If I have to reimage a typical unit, with gigs of un-backed up data on it, I have to:
...and then the user isn't really happy because it's still a disruption. There will be group-specific software that the user has to reinstall, so add some time for the hand-holding that goes with that.
I usually start off with CCleaner- to clean out thousands of garbage temp files to cut down the scan time. Then I use a bootable CD- the Ultimate Boot CD for Windows" (v 3.12 by preference) and sweep with A2 Free. That gets around all of the kernel hooked DLLs that are wormed into explorer.exe and winlogon. I nuke anything it finds, less the two false-positives that it normally gets in our environment. Then I reboot normally and hit it with Combofix. I'll use Hijack This! To check to make sure nothing funny is still running and a couple of tools from Winternals if I have any doubts.
I just checked the thread again.
You didn’t read my list of things disabled. All drives are unavailable. You can’t run programs from the start menu. That’s also true in safe mode.
Now I’m sure there’s a way to get something done from the command line, but if you are supporting a business and people are standing over your shoulder, you do what you know will get the job done without experimenting.
a windows reinstall deletes and replaces all system files and rebuilds the registry from scratch. The bad side effect is you have to reinstall all your programs. In a business environment that mostly means Office, which takes about ten minutes.
Been doing this stuff professionally for going on fifteen years, and I know what I'm doing, but thanks for the advice. On the unit in question- I'd build the above linked bootable CD and do the A2 to knock it back to where you've got a usable shell, and add a pass with SFC, to make sure that XP doesn't have funny replaced files. If the operating environment is showing that much damage, there's probably a lot more than AV XP 2K8 going on.
I did an emergency 'Antivirus XP 200x' removal (I forget which variant it was) on Thursday using first Combofix (which got it entirely) and the A2 to check for subinfections. It was clean after just the Combofix. Further reading for anyone interested in other tools (there are many that are written for specific infections) and removal techniques:
Ouch! It’s all too easy for even reasonably savvy users to get nailed by this crap. Most insidious are the official-looking dialog boxes that don’t close when you pick the “Close” button, but are actually links to somewhere you don’t wanna go.
$300 seems like a lot to spend to have cleanup work done, but if I were to charge for the time I put into some of these clobbererd-up machines, it would often reach that or more. It takes a long time to root out some of these problems and then update insecure software on a machine that’s been exposed and neglected for years.
Again, this is a personal computer. We aren’t trying to save time, we are trying to save data.
Even someone who keeps good backups will have a good amount of data loss on a complete reinstall.
Businesses are different.
My method is faster and simpler. Of course, it’s nice if you already have a recent backup of the drive and data in case something goes wrong.
The problem I encountered last week was on a network without a domain controller. At my site that has a domain controller, I can substitute a spare machine. When the user logs on, all the documents and email are synchrionized from the server. Five or ten minutes.
The infected machine can then be fixed at leisure.
Reinstalling Windows doesn't lose any data.
?
Also have you heard of SD Fix? That's another good app, I think. Do you like that one as well?
For anti-malware, I use AntiMalwareBytes; a new version just came out today, as a matter of fact.
Not in my environment, unfortunately. I was pretty much forced to get real good at removing this stuff.
Of course, it’s nice if you already have a recent backup of the drive and data in case something goes wrong.
We don't synch the user's data to the servers. The users are supposed to see to that themselves. Some of the conscientious ones do- but even they usually don't know things like where their PST files are located. A lot of our people are now working remotely, which compounds the problem.
We'd need a hell of a server farm to accomodate all of our user's data- it ain't a small company. I had a end-of-lease laptop swapout last week for a user who was pretty typical: programmer with about 20 GB on the machine that had to be moved. Most I've seen is about 80 GB on a single laptop.
I’ve done dozens of windows reinstalls with losing any data. why would you lose data? there’s no need to reformat. The installer deletes all the system files and the registry and reinstalls from scratch. The installs as clean as if you had reformatted, but it doesn’t delete stuff outside the Windows folder.
Your program installations are gone, but Office reinstalls in about ten minutes. Worst case, you have to copy the documents from the obsolete user folder to the new my documents folder. Five minutes.
Best case scenario, which I’ve used in all but three or four cases, you do a Repair reinstall. This works fine if a virus hasn’t hopelessly corrupted your registry. This takes about 20 minutes on a recent vintage machine. When it’s done you’re ready to go.
If Windows updates get uninstalled, the files are still downloaded. Windows update will find the downloads and install them.
When I wrote the company’s default workstation image- I put Recovery Console in- it’s quite helpful at times. Not the end of the world if you don’t have it- better if you do from a recovery perspective.
SDFix is good for certain infections. Malware Bytes I am experimenting with right now- I don’t have any significant experience with it. I saw it mentioned favorably at Spywarewarrior.com, so I DLed it.
Spywarewarrior.com’s forums by the way, are an absolute treasure trove. These are people who study malware in depth, and you’re not allowed to answer user’s questions as a volunteer unless you’ve been through their training. What it consists of I don’t recall- but I remember being suitably impressed. Good place to go if you have some kind of weird infection that’s stumping you- they’ll help (and they’re *very good*) for free.
If you allow users to accumulate personal music and images in their documents folder, then roaming profiles don’t work well.
I simply tell people they have to keep personal stuff out of My Documents. No one accumulates gigabytes of Word Documents. Not in my experience.
It isn’t Word documents- I’m dealing with programmers/developers. Of all of the data I have to move around, MS Office files are the least of it.
We used to be allowed by policy to ignore their personal data when reimaging a unit. That unfortunately, has changed.
Every system has different backup needs. My only point is that a windows reinstall, using the repair option, fixes most screw-up that can’t be fixed by system restore.
Mostly I am working on Windows XP Home systems and 9 times out of 10 reinstalling Windows will wipe the previous installation and with it all the personal data (referred to as a “Clean Install” as opposed to an “Install in Place”).
In the last two weeks I have done this three times. There was minimal data loss in each case as I was able to slave and retrieve their my docs/photos/psts. In the same period I have cleaned 5 systems of major virus/malware problems with no data loss.
If I could simply reinstall Windows with no data loss, I wouldn’t ever use Spybot S&D, Ad-Aware, Stinger, or have learned how to strip viruses out of the registry by hand.
I would just reinstall Windows everytime a hiccup happened.
But I don’t live in that reality.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.