Windows XP 2008 antivirus spyware

StreamOfTheSky · Aug 23, 2008

Has anyone else encountered this horrible pest? It's called Windows XP 2008 Antivirus, and it is some kind of spyware. It left my background plain blue with an error message that won't go away advising me to use my antivirus software to get rid of two files, win32/Adware.Virtumonde and win32/Privacy Remover.M64, it claims I have. It also seems to have blocked my access to windows update, stopped my ability to install spybot (which I saw on a youtue video comment -- more below -- could fix it), makes it so if you do a search engine search on it, it spits out useful-sounding links that bring you to nowhere, fouls up text size on other pages, and other annoyances.

Thanks to youtube, I was able to at least learn a bit on it, but all the suggestions I've seen there haven't be an option for me so far. For example, using System Restore to rid myself of it would be a great idea...if the spyware hadn't wiped out every single restore point prior to getting infected.

So, I'm getting desperate now. Anyone have solutions I could try? I never even clicked to accept the stupid thing when it prompted me to, yet I still got it. I was under the impression these sorts of tings required you to at least click on a bad link or some such.

Aus_Snow · Aug 23, 2008

Do you already have an antivirus program installed? Antispyware/antimalware? If so, you might need to update, or even replace them with better options. If not, well, you should've.

But you probably still can anyway - for example, if you go to http://pack.google.com and select just Spyware Doctor (you could add more free stuff at a later point if you wanted to) you'll have a pretty decent antispyware program ready to go in no time.

If you have genuine Windows installed, you could've got Windows Defender from Microsoft/Windows Update. I suggest doing so in future, should you get the opportunity.

Other ones I've tried include SuperAntiSpyware (from http://www.superantispyware.com), and Spybot - Search & Destroy (from http://www.safer-networking.org/en/spybotsd/index.html).

With one or two of these, you might have to specify that no, you don't want such and such a toolbar or whatever (can't remember which ones sorry, just keep an eye out during installation - and this goes for any program ever - if you decide to give them a go); these are *optional* bits of *ad*ware, not unavoidable, let alone spyware themselves.

I would suggest having two or three antispyware/antimalware programs installed, in total, and running them one at a time immediately upon installation (they'll generally offer this option, IIRC). Update straight away and then scan, or vice versa - again, they'll probably offer up one of these options by default.

My favourite free antivirus program for Windows XP is 'Avast!'. You can get that from http://www.avast.com - again, with no strings attached. Just make sure you don't have any other real antivirus installed, before adding another one!

Just my 2c. If you can't download anything helpful, or install them, or run them, I did come across soem manual removal instructions for the spyware you've got, and they might work.

Thanee · Aug 23, 2008

No idea, if this is actually helpful...

http://www.xp-vista.com/spyware-removal/xp-antivirus-2008-removal-instructions-xp-antivirus-2008

If all things fail... Backup -> Format -> Reinstall.

Bye
Thanee

StreamOfTheSky · Aug 23, 2008

Double post

StreamOfTheSky · Aug 23, 2008

I had a Mcaffee antivirus from my college, which I recently graduated from, but it probably wouldn't work, I haven't updated it in a few months, and if I still can get updates, I'd have to do it through the campus network (still possible, I work there). I don't know what it did or how it did so so fast, but I don't think any program's going to work. I had Adaware, that found 24 files, but didn't help. I downloaded Spybot, but couldn't install the .exe file, and I saw some people saying the best program to use was malwarebyte's anti-malware program. Which I found a link to on this site http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009

Of course, I found it on a different computer, as mine won't let me access most pages with helpful info. I need to try and get it to my computer by flash drive, I guess. I'm just worried if I could ruin my flash drive too, and for no gain. When I try to instal things now, it says files are corrupted, and won't let me. I'm not sure if trying to do it from a USB port would matter or not.

And yes, Thanee, I've been to that site. Interestingly, I can't follow links to it from my computer, but manually typing in the address worked. Some of the pages that link off of that (like the "how do I do this?" ones) work, but the text is spread out of place overlapping with things.

Aus, please tell me anything to manually remove them. I found this site http://wehackvirus.blogspot.com/2008/07/remove-antivirus-xp-2008.html and tried to follow the directions, but could only find one of those 12 character file names, and got as far as deleting everyhing in my recycle been, only to get stuck on the step of going into HKEY_LOCAL_MACHINE because i only had the one file name, and there was nothing suspicious looking under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (step #8)

My friend works on tech support for the local cable company, so he's going to look at it late tonight when he's out of work. I really hope I don't need to wipe my whole hard drive, like a rep from said cable company told me on the phone. it really sucks -- my computer's 5 years old, I had been starting to look into getting a new one, and now this happens. I'd really like to not lose 5 years of stuff.

Aus_Snow · Aug 24, 2008

Have you had any luck so far, SotS? The tech support guy helpful? I hope so. Gotta say, it sounds like a particularly nasty bit of malware. Basically - if what little I've read is accurate at all - a package containing (among other things) several trojans. :uhoh:

No wonder it's [/they're] a bit tricky to remove. At first, I just assumed it was like most other trojans/similar programs. Hadn't heard of it.

Still, even if things continue to look bad at this stage, if you could get a list of processes running on your PC, that might help. If even some of them can be terminated, doing so *might* give you the opportunity to uninstall anything you need to, and install (and run) some scanning and cleaning software.

It's a thought. Please treat it with the scepticism any stranger's suggestions deserve.

I won't be offended at all, incidentally.

StreamOfTheSky · Aug 24, 2008

Aus_Snow said:
Still, even if things continue to look bad at this stage, if you could get a list of processes running on your PC, that might help. If even some of them can be terminated, doing so *might* give you the opportunity to uninstall anything you need to, and install (and run) some scanning and cleaning software.

I tried that following the wehackvirus site's instructions, and hit a roadblock, it's just so hard to remove. My friend tried last night using two programs (I think it was combofix and SDfix), but no success. He did discover it had established a root kit, though. And that it had brought other things with it. He took it to work with him today, when he gets out later tonight, I'll go back and get it from him. Worst case scenario, he said, was that he'd have to port all my files except the system ones onto his external hard drive, wipe the hard drive clean, and move them back, so I won't lose my precious files. He deals with this thing a lot at work, but mine was different. He plans to keep my system files on a flash drive to research it more on his own time for "fun."

Thanks for the help, though. If anyone else ever gets it, it's probably common sense, but DO NOT buy anything it prompts you to! I figured it was just a scam and wouldn't fix things if I complied, but commented, "If buying the program really did make it all go away, I'd even be willing to pay up to these a@@holes just to fix it." To which my friend confirmed, buying into the scam doesn't help at all. The company my friend works for, I had called on the phone. Instead of directing me to the specialist tech support he works for (which costs money), the person on the other end told me there was nothing I could do, and should just wipe the hard drive, and recommended a guy to "try" and recover most of my data for a fee. SO glad I didn't listen to him!

evilgenius8000 · Aug 25, 2008

I fixed it by going into Program Files and finding & deleting the folder that was a random jumble of letters (sort by date modified to find the right one). That caused the Windows XP antivirus program to terminate. Once that happened, I was able to run AVG without my computer bluescreening (Windows XP 2008 Antivirus was pretty much locking up my computer whenever i tried to run Spybot or AVG). I figured out that there were a few more virussed files in ../Windows/system32 that seemed to have showed up with the fake antivirus (i think the program was just replicating the crap into system32). I deleted those foreign files, and AVG found one other virus downloader thing (in the temporary internet files... not sure if it was connected though). Everything seems to be running fine now, though. Hope you have some luck fixing your 'puter. Just look for things that have nonsensical filenames and don't seem to belong B-)

Firzair · Aug 25, 2008

You really need a reinstall

Hi StreamOfTheSky,
sounds like a reinstall is in order. As there is already a root kit installed, you should just backup all data and reinstall.
After reinstallation, before connecting to the internet, you should install all xp updates. There are some tools, that let you download the updates to your harddrive for copying them to the new maschine.

Then install:
Real antivirus software
Firefox 3
NoScript extension for firefox
Desktop Firewall like zonealarm
Spybot Search & Destroy
AdAware
... your other default software

Then make a backup of the system with a drive image tool.

If you want to browse really safe, you could install Moka5, then use the fearless browser with it. It starts a virtual linux within your xp with firefox installed for browsing the internet. You are still able to download files and use them in your windows xp, but all those files are downloaded in the linux area to a shared drive.
Nothing gets automatically started in the windows environment. There you can scan all files using the antivirus software and upon confirmation of being clean you can just use them in windows.
I use this setup at home, it not too much of a hassle and the security is high.

Hope that helps.

Greetings
Firzair

Thanee · Aug 25, 2008

StreamOfTheSky said:
I really hope I don't need to wipe my whole hard drive, like a rep from said cable company told me on the phone. it really sucks -- my computer's 5 years old, I had been starting to look into getting a new one, and now this happens. I'd really like to not lose 5 years of stuff.

Backup the files!

If your computer doesn't really let you, find/build a bootable CD/DVD solution (i.e. Knoppix) and boot your computer with that one, then access and backup the files via the file system.

Bye
Thanee

Windows XP 2008 antivirus spyware

StreamOfTheSky

Adventurer

Aus_Snow

First Post

Thanee

First Post

StreamOfTheSky

Adventurer

StreamOfTheSky

Adventurer

Aus_Snow

First Post

StreamOfTheSky

Adventurer

evilgenius8000

First Post

Firzair

First Post

Thanee

First Post

Similar Threads