Posted on 04/16/2010 10:14:36 AM PDT by big black dog
From somewhere, this horrible rogue "antivirus" software called XP Smart Security is managing to install itself. It completely takes over my system and won't let me do anything while constantly displaying messages that I should purchase their scam product to clean up my computer.
The only way I can get rid of it is to completely wipe out my hard drive and then reinstall the operating system. However, even after I do this, I can't access the "add or remove programs" section in the control panel.
And a few days later, this scam software shows up again and I have to go through the process all over again.
I have Norton antivirus but this crap keeps getting through anyway.
This is driving me nuts.
Bump for MalwareBytes - Did mine and my neighbors.
You say you’re wiping your drive and reinstalling. If what you mean by that is that you’re “formatting” the drive and reinstalling, then the virus will not survive that. If you’re simply telling the windows installer to reinstall over an existing Windows, that may not get rid of the virus.
Assuming you are formatting the drive.... it could also be located on a second hard disk, if you have one. Though you’d have to execute it yourself for that to happen once you have reinstalled windows.
Or... you’re browsing the internet with IE and allowing it to run Java/Flash/Active x/etc, and being reinfected when you visit the wrong web page. Suggest using FireFox and the NoScript plugin for that.
I’d rootkit that.
Yep, generally when I’m removing viruses, I start with a few steps.
Run msconfig, and go to the “startup” tab and deselect everything. Then reboot in safe mode.
Then I go to Windows Explorer and do a search for all files modified within the last day or two, or from the time when the problems started. What you will usually find are a bunch of files with the same timestamp or very close scattered throughout the hard drive. If you have no idea what those are, it’s a pretty good indication they are associated with the virus. However, do not delete the files unless you know exactly what you are doing, or else you can hose up your Windows installation. But if you are confident they are from a virus, go ahead and delete them.
These two things alone, have pretty much gotten rid of most of the viruses I’ve encountered without having to wipe out the Operating System. Although in extreme cases, I will use Malwarebytes’ Anti-Malware to get rid of the real pesky ones.
YMMV
bflr
Reboot in safe mode. Go to Accessories, System Tools, System Restore. Pick a date in the recent past and restore your system settings.
I’ve had success using Malwarebytes’ Anti-Malware
I had an IT person I work with clean up my hard drive after I had a similar problem a couple of years ago. She installed a program you can access at start up (by hitting F10 as the system is booting up) that will restore your system to its original configuration, while saving your files. I'm not sure if the virus can infiltrate this program, but it does get rid of the problem, at least for a while.
I got attacked by the virus or ‘scam’ ‘Personal Security’. I couldn’t move on the PC without the big red sign covering the screen, ‘Your computer has been infected...buy our virus protection, etc.’ This appeared right back no matter how many times you deleted the thing.
After trying for hours and scanning my PC with everything I could think of, (including MalwareBytes) I found this on the net:
“The program doesn’t let you download any software. We sent a message to the company that created Personal Security on the “customer service” link that we would track them down and sue them for attacking our kids computer. They emailed this solution and it worked in less than one minute. We still downloaded and ran an antispyware program afterwards to make sure nothing remained. This was their response which worked:
“Dear customer,
Thank you for contacting Customer Support Center.
Please follow my instructions to uninstall the program:
Paste the following string to Windows Explorer address bar and execute it (Press Enter key):
C:\Program Files\Common Files\PSecurityUninstall\Uninstall
or
1. Open My computer, choose Disk C;
2. Find Program Files=>Common Files=>PSecurityUninstall=>Uninstall
3. Run the file Uninstall.lnk
After that our product will be removed.Sometimes it takes more than one try to remove the product due to temporary technical difficulties, so please try to do it several times.
If you have any questions concerning our software, please contact our Customer Support Service.
With best wishes,
Customer Support Team”
___________
It worked the first time for me.
Thanks, I may try that if this happens again. I didn't realize you could operate XP in safe mode, but I looked it up and indeed you can.
I tried doing a system restore in the normal mode, and the virus gives me a message saying that the system administrator has blocked that.
Happened to me a couple of years back. Had to reformat the hard drive and lost lots of vital info. An ounce of prevention was bestowed upon me from a fellow Freeper. Make an image of your hard drive and update occasionally. I use Acronis True Image. If something unfortunate should happen it takes 20 min to get the PC back to where I want it, rather than days reformating and installing all your software again.
The first thing these viruses do is wipe out the ability to system restore.
One thing I did when I got a virus was do the fresh install on a new drive and slave the old one in. The virus may be still be in there but since I wasn’t booting from that drive, it couldn’t resurrect itself.
bookmark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.