IT Experts Enter!!!

**35th-ANV-SS** · 03-14-2011, 05:46 PM

So I'm using my old ass desktop for internet since I managed to download a virus. Need help deleting this motherfucker...

It is the 2011 XP Anti-Virus trojan.

I cannot access the internet at all. I cannot run .exe files so that means I cannot run Malware to remove it.

I've tried booting up in safe mode, the virus still runs.

Any suggestions??

**Knight** · 03-14-2011, 05:50 PM

Try reinstalling Windows.

**jimmybling31** · 03-14-2011, 05:52 PM

Originally Posted by 35th-ANV-SS

So I'm using my old ass desktop for internet since I managed to download a virus. Need help deleting this motherfucker...

It is the 2011 XP Anti-Virus trojan.

I cannot access the internet at all. I cannot run .exe files so that means I cannot run Malware to remove it.

I've tried booting up in safe mode, the virus still runs.

Any suggestions??

use a mac to retrieve personal data off the hard drive externally and run a virus scan on the files before putting them on computer again. format the computer after retrieving files with a full format, not fast. since it starts even in safe mode, not too much you can do.

**Z28Thunder** · 03-14-2011, 05:56 PM

I understand the virus runs in safe mode. Do you not get to a prompt that would let you run an app?? You may need to got into recovery counsel. This should already be on your HD. If not you will need a copy of XP with the same SP you have. Once in recovery mode run fixboot and fixmbr. Then go back into safe mode and fix the issue. Another way to fix it is find a cheap external HDD case that plugs in usb. Take the HD out of your PC and plug it into another. Then run the scan on your HD from that machine. Below is one fix I googled for it.

http://www.precisesecurity.com/rogue...ti-virus-2011/

**jimmybling31** · 03-14-2011, 05:59 PM

Originally Posted by Z28Thunder

I understand the virus runs in safe mode. Do you not get to a prompt that would let you run an app?? You may need to got into recovery counsel. This should already be on your HD. If not you will need a copy of XP with the same SP you have. Once in recovery mode run fixboot and fixmbr. Then go back into safe mode and fix the issue. Another way to fix it is find a cheap external HDD case that plugs in usb. Take the HD out of your PC and plug it into another. Then run the scan on your HD from that machine. Below is one fix I googled for it.

http://www.precisesecurity.com/rogue...ti-virus-2011/

if someone is asking how to deal with it on a car forum chances are they won't be very comfortable in a windows recovery console.

**Z28Thunder** · 03-14-2011, 06:04 PM

Originally Posted by jimmybling31

if someone is asking how to deal with it on a car forum chances are they won't be very comfortable in a windows recovery console.

He asked for help and got several options. The virus does not require a rebuild of windows. Not that a rebuild is not a bad idea. Just stating it can be fixed. Heck if you read the link all you need to do is use Task Manager to end the process. Then clean the drive. He asked for help just trying..

**35th-ANV-SS** · 03-14-2011, 06:07 PM

I can end the app using Task Manager, but it restarts...

And correct, I've never edited a registry before or anything of that nature.

**35th-ANV-SS** · 03-14-2011, 06:09 PM

I managed to get Avast to run, but I don't know if that will detect the virus or not...scanning now.

I also e-mailed myself STOPzilla and downloaded it. Odd, but I can access my work e-mail, but not Google or other sites b/c of the virus.

I'm trying to get STOPzilla to run now. Doesn't look promising.

**35th-ANV-SS** · 03-14-2011, 06:11 PM

Originally Posted by Z28Thunder

http://www.precisesecurity.com/rogue...ti-virus-2011/

I was on that site. I didn't feel comfortable trying to use the "manual delete" option. Seems to be the only way to remove this thing though.

**Z28Thunder** · 03-14-2011, 06:13 PM

Originally Posted by 35th-ANV-SS

I can end the app using Task Manager, but it restarts...

And correct, I've never edited a registry before or anything of that nature.

The recovery console is not editing the registry.. But the link does mention edits you need to make with the registry.

**Z28Thunder** · 03-14-2011, 06:14 PM

Originally Posted by 35th-ANV-SS

I was on that site. I didn't feel comfortable trying to use the "manual delete" option. Seems to be the only way to remove this thing though.

Sometimes manual delete is the only way to get rid of one. If you do not feel comfortable find a nerd or geek friend. I bet they might help out.

**35th-ANV-SS** · 03-14-2011, 06:16 PM

Originally Posted by Z28Thunder

The recovery console is not editing the registry.. But the link does mention edits you need to make with the registry.

OK - going to look at that site again about the recovery console.

Just read this threat is a 8/10...FML.

Don't I need to know the name of the file to stop it??? It keeps changing every time I restart the computer.

One time it was called "dif.exe", another time "2011 XP Anti-virus".

From site: Get rid of XP Anti-Virus 2011 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

I don't know (random characters).exe

**CJREX** · 03-14-2011, 06:23 PM

Try combofix.

I've had it successfully remove a rootkit that Avast and MBAM couldn't budge.

http://www.bleepingcomputer.com/down...virus/combofix

Another thing you may be able to do is download a live Linux like Puppy and boot from the Linux CD, then mount your Windows drive and run the Clam AV on it.

**Z28Thunder** · 03-14-2011, 06:23 PM

Originally Posted by 35th-ANV-SS

OK - going to look at that site again about the recovery console.

Just read this threat is a 8/10...FML.

Don't I need to know the name of the file to stop it??? It keeps changing every time I restart the computer.

One time it was called "dif.exe", another time "2011 XP Anti-virus".

From site: Get rid of XP Anti-Virus 2011 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

I don't know (random characters).exe

The site did not mention recovery console. I did as a way to stop it from doing it at start up. Again I might suggest a Tech friend help you out if your not comfortable with the tools and registry edits.

**Z28Thunder** · 03-14-2011, 06:24 PM

Originally Posted by CJREX

Try combofix.

I've had it successfully remove a rootkit that Avast and MBAM couldn't budge.

http://www.bleepingcomputer.com/down...virus/combofix

That is a good tool as well. But you will have to rename it from combofix. Many rootkits know about combofix.

**jimmybling31** · 03-14-2011, 06:30 PM

IF I get a problem like this at work I just use a mac to recover files, scan them, then rebuild the system. takes 2-3 hours instead of.... whatever it takes to deal with it. 9/10 it's faster to just rebuild.

**35th-ANV-SS** · 03-14-2011, 06:30 PM

I cannot download anything on the infected computer from a website. I can't access the internet on it at all, not even booting up in safe mode with networking.

I tried renaming my current spam removal tools...they still will not run.

I am in the system config utility now and under the start-up tab...

Looking for the exe file that starts up. I don't see anything though really. There are about 20 files that start-up, none of which look like a virus to me.

And as I type this, STOPzilla just started scanning finally. My computer is running EXTREMELY slow though. Guessing this is because the virus is running in the background.

**Z28Thunder** · 03-14-2011, 06:36 PM

Originally Posted by jimmybling31

IF I get a problem like this at work I just use a mac to recover files, scan them, then rebuild the system. takes 2-3 hours instead of.... whatever it takes to deal with it. 9/10 it's faster to just rebuild.

I agree sometimes it is faster to just rebuild. But I fix issues like this daily for users. With the right tools it might take 20 or 30 minutes to fix it. If I get close to an hour then yes it is rebuild time. We have a default image at work and to install off a thumb drive takes about 6 minutes.

**Smittro** · 03-14-2011, 06:39 PM

Clean install, then better virus protection..

Main reason I got rid of Xp was because of it's huge number of internet vulnerabilities and massive amounts of updates it required after reboot..

Get a WIN7 PRO (64bit) powered comp..

I do a clean boot every 30-60 days..

**jimmybling31** · 03-14-2011, 06:40 PM

Originally Posted by Z28Thunder

I agree sometimes it is faster to just rebuild. But I fix issues like this daily for users. With the right tools it might take 20 or 30 minutes to fix it. If I get close to an hour then yes it is rebuild time. We have a default image at work and to install off a thumb drive takes about 6 minutes.

for our main client we have an image we use. For external clients that hold on to every penny would rather have a certain bill for 2-3 hours rather than chancing it for a 1-6 hour bill. Just how my job works though. Small businesses seem to hold their wallets very close when it comes to computer work.