Wednesday, January 27, 2010

Antivirus XP 2010 Malware--what a pain

Thanks to everyone for the suggestions, and mainly for the support.

My wife's PC had been infected with the Antivirus Malware twice, and Malwarebytes (free download from CNET.COM) fixed it both times. However, it seemed to have gained some strength by the time it morphed into Antivirus XP 2010.

One interesting thing it did was to disable the other user accounts on my PC so that I could only execute programs via the "Run as' with the infected account I had--so I was really stuck using my infected account to try to solve the problem.

I also found I was unable to boot the PC into Safe Mode--not sure if that's related to the Malware--I hope not.

Also, when I tried to run my copy of Malwarebytes, it had erased mbam.exe--the executable. Then, when I tried to reinstall from the setup I had on my PC, it tried to stop the execution. Using Task Manager, I managed to kill av.exe long enough for the setup to run, but guess what---after the install worked, it once again deleted mbam.exe, leaving me with a folder containing all but the executable.

An Internet site I found suggested renaming the setup executable and installing it in a folder other than Malwarebytes. I did that, and again, using Task Manager to kill av.exe long enough to get started, managed to run Malwarbytes through an entire scan yesterday morning. It identified about 14 infections, rebooted to delete the bad guys, and I was hoping when it came back up all would be fine. It wasn't.

Again, I ran Malwarebytes, but this time it came back clean--as did Symantec and Spyware Doctor. Like you guys, and some advice on the Internet, I came to the conclusion that running a 1 month old version of Malwarebytes didn't cut it.

I fired up Malwarebytes again, selected Update, and it told me it was getting the latest signatures-version, and that it would shut down and reinstall. It didn't--av.exe seemed to be loading whenever anything tried to fire up.

Finally this morning I went out to CNET.com and downloaded the latest setup executable they had--it must have had something in there for this virus-malware, because after once again renaming the setup and installing it into a decoy folder and renaming mbam.exe to something else, I was able to run a 3 hour scan.

I must confess I had some doubt, but it found 5 infections, and after a reboot (shutdown failed, I had to pull the plug on the PC), when it rebooted the malware seemed to have been destroyed.
At least that's the way it appear.

I had some residual error messages that the Internet says indicates I need to clean my registry---I just did that using CCleaner (another free download from CNET.COM), so knock on wood, I seem to be OK now.

Thanks again for your concern and advice.

2 comments:

Anonymous said...

My computer has recently been infected with this virus (Antivirus XP 2010). I know nothing about computer security and a friend downloaded spybot from cnet and it took all evening to scan -- 222 problems -- "the worst he has ever seen." I still have the XP 2010 however, and cannot get on the internet at all with all the popups from XP 2010. Any advice?

John Smiley said...

Check out this post---I have detailed instructions to solve your problem.

http://professorsmiley.blogspot.com/2010/02/spyware-malware-rootkit-viruses.html

You should also check out this website which is a great resource for malware problems

http://www.mybleepingcomputer.com