Antivirus XP 2008 (computer virus HELP!)

[Shroom Man 777]

I got infected by this virus that replaced my desktop, and made my computer unable to go to the net. It is hard to remove, and since my computer is no longer capable of using its browsers, I cannot download anything to cure it.

The virus resembles this

But I can't even run CMD to try and manually destroy it. What the hell do I do, guys?

[Bounty]

Any chance of you just reinstalling the OS? Considering how much a bitch this virus is, it may be the most efficient method, and it's the only one sure to work.

Or you can try following the guide you linked to?

[Shroom Man 777]

My computer contains valuable files, and must be preserved. Can anyone tell me a way to destroy this horrible pox?

EDIT:

I can't even use CMD to manually remove the .dll files OR even use the internet in that computer! What the hell?!

[General Zod]

This utility is supposed to blast it away for good, but I nuked my hdd when I caught the fucking thing so I couldn't say for certain. It was posted as a link in the other thread discussing this virus.

[Bounty]

My computer contains valuable files, and must be preserved.

I'd still recommend getting the files off of it and reinstalling. Also, what are you doing keeping irreplaceable files in one location?

[Shroom Man 777]

@ General Zod:

Yeah.

The virus is deceitful, it FOOLED me into thinking that my browsers didn't work anymore. But now I'm in the middle of downloading it.

Fuck these germs!


EDIT:

@ Bounty:

Um, we transfered a lot of our files on to a new computer. But I would get into trouble if I ended up getting all the stuff on the old computer deleted, so... yeah.

Goddamn.

[Ariphaos]

Boot into safemode with networking

Download the batch script from here

http://www.internetinspiration.co.uk/roguefix.htm

Kill the explorer.exe process and run the batch script. Reboot from the task manager. It will probably be gone. If not, repeat but don't reboot, run spybot in safe mode while explorer.exe is shut down, and post a hijackthis log (easier to read a shorter log).

If you don't have at least xp with sp2 installed, it may be significantly tougher, the easiest solution then is just to do a repair install with an sp2 or sp3 windows install disc.

[Edi]

Discussion of the same malware in OT

[Shroom Man 777]

Success! The victory of freedom!

Thanks, Xeriar! I love ya! You beautiful, beautiful man.


I HAVE PURGED MY EXCREMENTS!

[Stark]

Yeah, if you don't have at least XP SP2, you're pretty much doomed with this one. Dare we ask who pressed the button?

[Shroom Man 777]

I was looking at porno

[White Haven]

Repeat after me: Titties don't ask you to download antivirus software. Not even if you're as fucking crazy as Shroom.

[Shroom Man 777]

It just happened, okay! Suddenly this bubble (that looked like normal Windows 'info' bubbles from the lower right corner) appeared telling me I had one thousand viruses, and the Antivirus XP thing just came up and I ignored it.

I am an idiot.

But since the mistake was rectified, I guess it's perfectly alright

[Einhander Sn0m4n]

Get off IE. It's that simple.

[Stark]

It just happened, okay! Suddenly this bubble (that looked like normal Windows 'info' bubbles from the lower right corner) appeared telling me I had one thousand viruses, and the Antivirus XP thing just came up and I ignored it.

I am an idiot.

But since the mistake was rectified, I guess it's perfectly alright

This reflects the critical computer use issue of 'trust'.

[Ariphaos]

Yeah, if you don't have at least XP SP2, you're pretty much doomed with this one. Dare we ask who pressed the button? :)

It's not impossible, it just hooks into various system processes that it can't stick to in sp2, and you have to be a lot sneakier about killing it.

I do prefer Firefox over IE/Opera/Safari, almost entirely because of Noscript. I'm not aware of any other browser having a similarly flexible plugin, anyway.

Also, get Antivir, or if you feel like paying, Nod32, if you don't have one them already. Just about everything else is either insanely processor intensive or is a joke about protecting you. Or both.

With Noscript and a good antivirus, clicking on boobies is a good deal safer.

Edit: The last bits are for Shroomie

[Glocksman]

NOD32 for the win.
I managed to snag my copy of 3.0 for $19 from Newegg.
Sure beats the shit out of Norton's bloatware.

[atg]

EDIT: I can't resist.

Damm you! I can't get that tune out of my head now

[Shroom Man 777]

Get off IE. It's that simple.

I use Firefox, mang.

[Tsyroc]

I had part of AntivirusXp08 at the end of July from clicking on something to download a video codec supposedly necessary to watch a video sex tape! of someone I didn't even know who they were.

Anyway, McAfee notified me right away and killed part of it but because I had decided to run the install instead of downloading it first before running it I got hit with the part where my desktop picture got replaced and I couldn't change it using the usual control panel functions because a couple of the tabs had been removed (suppressed) by the virus.

Luckily for me I did this first thing that day so I was able to hunt down and delete virus files manually based on the time/date and that they were total crap. I did have to edit some stuff in the registry so the Windows control panel would work right again.


The main reason I'm mentioning what happened to me is because supposedly telling people they need to download such and such codec is a very common way for this and several related viruses to get people.

I also find it kind of funny that the virus often tries to get people to buy a bogus antivirus program but if you search the internet for information on these viruses there are tons of people selling you programs to get rid of this virus.

One of the annoying features of this virus is that AntivirusXp08 shows up as a regular program and on the Add/Delete Program portion of the control panel. However, you can't actually uninstall it using the control panel or the supposed uninstall function in its own folder. It's also set up to reinstall itself every time you restart Windows so you have to be thorough in getting rid of all its crap.

[Ariphaos]

If it's not in the k-lite mega codec pack, you don't need it (usually)

[KhyronTheBackstabber]

My sister got hit with this last month. Tricky little son of a bitch. I found this, Malwarebytes' Anti-Malware, for her and it got rid of it.

[Haruko]

My sister got hit with this last month. Tricky little son of a bitch. I found this, Malwarebytes' Anti-Malware, for her and it got rid of it.

I can vouch for the use of that software. When I had hijacker trojans disable my Start Menu and task-bar and continually display false security warnings, I tried a removal tool in safe mode to no avail, but Malwarebytes took care of the problem easily, and I didn't have to go to safe mode. I still use it along with the several other softwares (Avira, Zonealarm, Spybot S&D, Adaware, and Spywareblaster) without any trouble.

[Glocksman]

Get off IE. It's that simple.

Just this morning I had 'Antivirus 2008' pop ups in Firefox 3.0.
I hit 'Alt-F4' to close them because I remembered someone (Shep?) saying that all of the buttons in the popup itself are mapped to install the damn thing including the 'cancel' button.

[Shroom Man 777]

Glocksman, if you're infected, then just do this:

Boot into safemode with networking

Download the batch script from here

http://www.internetinspiration.co.uk/roguefix.htm

Kill the explorer.exe process and run the batch script. Reboot from the task manager. It will probably be gone. If not, repeat but don't reboot, run spybot in safe mode while explorer.exe is shut down, and post a hijackthis log (easier to read a shorter log).

If you don't have at least xp with sp2 installed, it may be significantly tougher, the easiest solution then is just to do a repair install with an sp2 or sp3 windows install disc.

Worked for me, mang.