Rouge XP Internet Security 2010 SCAM! How to remove it

vbimport

#1

I already have Full McAfee Security that came with my ATT DSL, I’ve run both the Quick scan and the Full scan and found nothing. These annoying pop ups are terrible. This is what I’m getting non-stop…
_________________________________________
“XP INTERNET SECURITY 2010 ALERT”
“Viruses and/or spy ware are damaging your system right now.
“Your security System is in Danger. Your computer is being hacked with rouge software.
Beware, Spy ware was found, and your computer is now being attacked.
Infection detected in background.
Your data security may be compromised.
Your PC activity is being monitored.”

“Unknown program is scanning your system registry right now! Identity theft detected!
Do you want to block this attack?”…options>

  1. Please get a copy of XP INTERNET SECURITY 2010 to safeguard your PC while surfing the web (RECOMMENDED)

  2. Run a spyware virus, and malware scan
    3) Continue surfing without any security measures (DANGEROUS)"
    Three of the threats: “Macro.Visio.Radiant”, “Trojan.BNK.WIN32.Keylogger.gen”, and EICAR-test-file”

    What stupidity! Yeah, I’m going to believe this is really happening and download the virus, malware, and spyware from the so-called XP INTERNET SECURITY 2010 people, and indeed download and welcome the potential hacker right into my pc!!! Are you kidding me? These people should get a real job with integrity and stop messing with other people’s computers and lives! This is very shameful!!! This is so sad how individuals and companies wreck havoc with the ordinary person minding his or her own business, and suddenly gets bombarded with fake internet security come on ads.

    I’m very careful about what sites I visit, and run frequent scans with usually no risks, AND I recently was so frustrated about not being able to remove the last instance, I had to feverishly wipe my hard drive clean, and reinstall XP OS, all my programs, updates, drivers, documents, music and photos because of this crap! :confused: So I ask you honestly, and seriously….
    HOW DO YOU HAPPEN TO GET THIS ON YOUR COMPUTER in the first place?


#2

You need to get a program like spybot search and destory to remove those unwanted malware on your computer. I never trusted macafee to be a reliable program in the first place. I use Avira free and Z/A firewall and those two have served me well. But try to start your computer in safe mode and use :Z mcafee to remove them cause in safe mode it should only load the needed windows system not any other unwanted startup programs.

Here’s sample link using google to find a way to get rid of that rouge program.

Also in the future know what you click and what site you visit and watch how you click on to close pops.


#3

Coolcolors- Thanks for the reply. With all these popups about me being infected with all kinds of things, I looked in the TASK MGR, and saw this av.exe, which I’ve seen on other website forums as a possible culprit. I wonder if it’s safe to remove but my options are either to put in high or low priority, or to “End Process”.

Someone else told me I would have to replace my NIC /PCI card from the MoBo, reformat my HDD, reinstall windows,and maybe that would work.


#4

If you can get to the internet run (don’t walk!) over to http://malwarebytes.org/ download and run it. Even that may not 100% fix it. Flatten and re-format is the best cure.


#5

[QUOTE=rivrbyte;2495770]Coolcolors- Thanks for the reply. With all these popups about me being infected with all kinds of things, I looked in the TASK MGR, and saw this av.exe, which I’ve seen on other website forums as a possible culprit. I wonder if it’s safe to remove but my options are either to put in high or low priority, or to “End Process”.

Someone else told me I would have to replace my NIC /PCI card from the MoBo, reformat my HDD, reinstall windows,and maybe that would work.[/QUOTE]

I would say a complete reformat of HDD and O/S install is the proper way to kill the malware or virus. But that is of last resort if you can’t get proper functions back after using the cleaning program. But the best advice as given by the MOD and others including me is to wipe clean the HDD and reinstall your O/S and apps and start over again.[I] But make sure you can backup your important data files you created or saved so as to not loose them or have to recreate them again[/I].


#6

Hey,

First of all, you have to fix particular Windows registry values. Otherwise, you won’t be able to run MalwareBytes or any other anti-malware software. Read here how to do that: http://deletemalware.blogspot.com/2010/01/how-to-remove-xp-internet-security-2010.html

Then I think this removal guide should work:
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Good luck!


#7

Ok. That was a complete nightmare! Especially after reformatting my HDD and reinstalling Windows, software, hardware, Bla Bla Bla about two weeks ago!

So I finally found out one of the files was a AV.EXE hidden in my Hikey_Users, ( Application>Classes>.EXE>SHELL>…ETC, then tried to follow that path to my Windows Explorer folder to delete, but it was not visible, even with my File options enabled to view hidden files and folders, so in safe Mode, I downloaded the malwarebytes utility, ran it for 41 mins.,then it found 9 instances of viruses, I removed them and no problems so far! :cool: Thanks for your replies!

btw…in TASK MGR, if you happen to see a AV (dot) Executable file, that’s one of them. I had to keep END TASKING this file long enough to download and run the program,otherwise it will keep you from doing so.


#8

try running Kaspersky stand alone virus removal tool in safe mode
the pop-ups are hiding in your Java cache if you want to do a regedit
plus it changed the value on these items:
Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = 0x00000001 -> 0x00000000
Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = 0x00000001 -> 0x00000000
Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = 0x00000001 -> 0x00000000


#9

There are a bunch of tools…and a bunch of procedures.

Consider a system restore…this is unlikely to solve the problem but shouldn´t do any harm
Also, get CCleaner
Check out your browser options…you can delete everything in your Java cache
Malwarebytes and Spybot Seek & Destroy are highly recommended…update them and run the scans.
Your own anti-virus hasn´t been able to deal with it so consider another such as AVG, Avira, Kaspersky, Norton, etc…there are several which are all good in their own way.
Trend Micro has had some good success stories. They have an online check-up…and they aren´t full of horse manure.

Don´t forget to restart after any “removal of malware” activities
Don´t forget to scan all external drives & USB sticks that have been near your PC in the last year or so

And if nothing works…guess what! Reformat your entire computer …something I have never had to do so far in any malware case…but…:eek:
D


#10

I use Malwarebytes followed by SuperAntispyware (free version) and together they find and remove rogue antivirus software very effectively.

Alan


#11

May I ask why you allow that junk to install on your system?
:wink:

Michael