windows xp repair virus!

Joined
Jun 2, 2011
Messages
980
Reaction score
8
Location
United Kingdom
Hi there mate. Just looked on net and found this. Dont know if any good as I know you say Task Man seems disabled but other bits may work.

"Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Windows XP Repair Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows XP Repair”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows XP Repair Virus.
4. Registry entries created by Windows XP Repair must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows XP Repair start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart the computer.

Windows XP Repair Removal Tool:
In order to completely remove the threat from a computer, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.

Using Portable SuperAntiSpyware:
To thoroughly clean a computer, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Download and run SuperAntiSpyware Portable Scanner.

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.
Technical Details and Additional Information:

Malicious Files Added by Windows XP Repair:

C:\Documents and Settings\<Current User>\Desktop\Windows XP Repair.lnk
C:\Documents and Settings\<Current User>\Start Menu\Programs\Windows XP Repair\
C:\Documents and Settings\<Current User>\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
C:\Documents and Settings\<Current User>\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
C:\Documents and Settings\All Users\Application Data\~
C:\Documents and Settings\All Users\Application Data\~r
C:\Documents and Settings\All Users\Application Data\[random].dll
C:\Documents and Settings\All Users\Application Data\[random].exe
C:\Documents and Settings\All Users\Application Data\[random]
C:\Documents and Settings\All Users\Application Data\[random].exe

Windows XP Repair Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′ "

Richard
 

bhilton

Active member
Joined
Dec 10, 2010
Messages
1,761
Reaction score
2
Location
Ruston, Louisiana
Handicap
5.5
I'm not sure if you have access to another computer, but if you do, I may can help you a little. I've had something like this happen to a few of our computers at work and since I work in IT, I'm the one who has to deal with it. If you do have access to another computer, you can download malwarebytes to that computer and then pull out your hard drive of the infected computer and hook it up as an external hard drive. You should then be able to scan the external hard drive with malwarebytes and it should be able to find the infected files. Once you finish the scan, put the hard drive back in the computer and download malwarebytes on that computer and run it again. I will probably find a few more things on that scan and that should get you back going. There may be some other settings you need to go in and change including the proxy server issue that was mentioned earlier. It's a hassle to do it this way, but it's the best way to get it all off that I've found.
 

Goins

"Not too shabby"
Joined
Jun 5, 2010
Messages
3,410
Reaction score
20
I have the program stopped but it wont log onto the web. What do I need to check in internet options to get back online
 

JR

Well-known member
Joined
Jun 7, 2010
Messages
10,449
Reaction score
135
Handicap
20
I have the program stopped but it wont log onto the web. What do I need to check in internet options to get back online
Look and see if a box called Use Proxy server or something similar is checked. If so, uncheck it.
 

bhilton

Active member
Joined
Dec 10, 2010
Messages
1,761
Reaction score
2
Location
Ruston, Louisiana
Handicap
5.5
When you open up Internet Explorer, click on Tools, then Internet Options. Click on the Connection tab, and then the LAN settings button. There should be a option for a proxy server in there. Uncheck the box if it is checked.
 

Goins

"Not too shabby"
Joined
Jun 5, 2010
Messages
3,410
Reaction score
20
I downloaded malwarebytes onto an SD card and uploaded it, scanned and found 9 infected files and removed them, I then went into the registry and deleted all the entries listed above and still can't get it to do anything. It still won't logon and the proxy server is unchecked. It wont let me use system restore either. Every time I click on it a box pops up saying "system restore is unable to protect your computer at this time, please restart and try again". I'm scanning malware again now but its not gonna find anything. Anymore suggestions?
 

Goins

"Not too shabby"
Joined
Jun 5, 2010
Messages
3,410
Reaction score
20
Its not looking well. I just got off the phone with tech support for my provider. It seems to have done away with my. IP address cause its not coming up under command prompt. Ive done malware 6 times now and deleted the registries and files that are listed on the web and still no luck!
 

Smallville

#WeLoveYouAlex
Joined
Oct 16, 2008
Messages
98,699
Reaction score
455
Location
Kansas City, Kansas
Handicap
In Flux
What a drag, Degoins. Have you got everything already backed up? Sounds like a reformat and install is in the cards.

Did you try the Trojan Remover from simplysup.com that I mentioned earlier?
 

Goins

"Not too shabby"
Joined
Jun 5, 2010
Messages
3,410
Reaction score
20
I may go back to my parents tomorrow and do that as a last resort. I was really hoping malwarebytes would do the trick. If I have to reformat I might as well update, what OS do you guys like?
 

Smallville

#WeLoveYouAlex
Joined
Oct 16, 2008
Messages
98,699
Reaction score
455
Location
Kansas City, Kansas
Handicap
In Flux
I would definitely try that before I reformnatted. It can't hurt.

As far as new stuff, I really like Windows 7.
 

Smallville

#WeLoveYouAlex
Joined
Oct 16, 2008
Messages
98,699
Reaction score
455
Location
Kansas City, Kansas
Handicap
In Flux
How did this turn out?
 

Welcome to The Hackers Paradise

Don't just play golf, live it!

Register Log in
Top