So I got that 2009 antivirus malware.

Discussion in 'OT Technology' started by Mycophiles, Jan 26, 2009.

  1. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    A pc that I use just for media conversion and newsgroups got the 2008antivirus malware. It has Comodo Firewall and Antivira on it. Never thought about putting malware protection on anything. Don't know how I got it.

    Anyway, I've downloaded the anti-malware program every says is good (forgot the name). It installed but took forever to install but doesn't run. I cannot do anyone online mal-ware scans (like kasperby) because the computer won't view those pages. (though it will go to any other page just fine).

    I go into safe mode to run the anti-malware program and the screen is blank. SAFE MODE is in the 4 corners and the mouse is there but I can't view the desktop.

    The option in the boot-up menu that says VGA mode. That is for the full version of XP am I right?

    This isn't that big of a problem. :mad: WTF

    Some help?
     
  2. MrEous

    MrEous OT Supporter

    Joined:
    Dec 28, 2004
    Messages:
    5,567
    Likes Received:
    0
    Location:
    Garland (DFW), TX
    Did you download from http://www.malwarebytes.org/?
    I used that one on a machine here at work last week for the same stupid malware problem...no issues.

    I also went into msconfig and ended a startup process that was all blank.
     
  3. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    I installed it but It will not run.

    edit: Thanks for the reply btw.
     
  4. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    32,996
    Likes Received:
    98
    Location:
    St. Louis
    Once your infected with the XP Antivirus program it can be difficult to remove if you do not have other means to get it off like safe mode or manually deactivating start up items. Other means would be to pull the drive out place it in another computer and scan it.

    It also prevents you from installing other antivirus programs to remove it but kaspersky will take it off. There is a 30 day trial version you can download from their site, its effective and even if you dont want to buy it, it will remove it. Then you can use freeware programs to scan for further things if need be like malware bytes

    Trick to getting that off on a live computer is to deactivate some things...look thru the internet explorer connections tab. take out any proxy settings it has setup. Do not use a search feature (google, yahoo) it will produce incorrect results. Try downloading your removal/antivirus program to a jump drive and run from there

    Another way, Start then run

    regsvr32 /u MFC71.dll
    regsvr32 /u MFC71ENU.DLL
    regsvr32 /u msvcp71.dll
    regsvr32 /u msvcr71.dll
    regsvr32 /u shlwapi.dll
    regsvr32 /u wininet.dll

    Manually take it out of the registry

    Start Run > regedit

    HKEY_USERS\Software\XP antivirus

    Delete XP Antivirus folder. Use F3 to search thru. If you can get some stuff out of the registry manually it will cause the program to be lame enough that you can use spyware tools to get the remainder of it off. Reboot the computer after registry removal this will deactivate it enough and stop it from starting back up after post boot.

    Kaspersky
    http://usa.kaspersky.com/trials/home-users/internet-security/
     
  5. Hate Crime

    Hate Crime Don't Hate OT Supporter

    Joined:
    Mar 12, 2006
    Messages:
    5,255
    Likes Received:
    0
    Location:
    Minnesota
    That doesnt sound like antivirus 2009.. that sounds like a rootkit. You most likely have more problems than just antivirus 2009. search for some antirootkit programs, vundofix, spyware scanners and run them in safe mode.
     
  6. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    Problem is I can't get into safe mode. It shows a black screen. When the original antivirus 2009 screen popped up I knew exactly what it was. I shut off all connections with Comodo and then started the journey I'm on now.

    Along with the screen that originally popped up I get a bunch of errors that pop up. "Cannot Load c://windows/system32/xxx.xx " if I just leave it it will just pop up one after another. Same error. Cannot do a system restore.

    Plus... for some reason.. the computer takes forever to boot up. Sometimes it just hangs at the loading windows screen.
     
  7. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    Problem with the rootkit is that I install it and error atapi.xx error comes up. Hit ok and it installs the program but immediately finds no problems. Doesn't even run the scan.

    I need to get into safe mode. Any thoughts on how to do this without the screen being black?
     
  8. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    ** was found but the reg point could not be serviced on all of those. In regedit... under HKEY_USERS\DEFAULT\software there is no XP antivirus

    guess this is a bit more than 2009 antivirus.
     
  9. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    downloading kaspersky as I write this. Not hopeful that it will install though. I'll try a USB drive and see if that works.
     
  10. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    AVG 8 is in conflict with kaspersky and can't get to add/remove programs. shell32 error. Not allowed.
     
  11. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    32,996
    Likes Received:
    98
    Location:
    St. Louis
    take off avg temporarily you might have something more then just the xp one.

    start run msconfig then startup disable all, select services tab, check hide all microsoft services, uncheck all these items. Reboot and go back thru and do a scan. This will turn off start up items just remember to turn back on what you need afterwards
     
  12. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    no go... and I have a Cruz Sandisk flash drive that has U3 software on it that doesn't allow anything to install on it. :mad:
     
  13. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    I took AVG off a while ago. Looking through the folders there was an AVG folder with nothing in it and I deleted it. Didn't help though. Ok, doing the msconfig thing now.
     
  14. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    No-go... mouse moves but everything else is locked up. Tried going to "last known good configuration" next... just for kicks. No-go there also. :/ If I can't get into safe mode I think I'll just reinstall. This computer has windows on it's own partition. No biggy really.
     
  15. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    32,996
    Likes Received:
    98
    Location:
    St. Louis
    any way you can take that drive out and place it into another computer to do a scan? or try a windows repair its similar to reinstalling windows but instead when you get to the part that detects the os, just select repair option
     
  16. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
    I'll take the drive out tonight and try it on another computer. Really is pointless though. This couldn't have come at a better time. I'm reconfiguring a bunch of stuff on the computer as far as hardware and am going to reinstall the OS anyway. Was just trying to fix it for fixing sakes. :big grin:
     
  17. dorkultra

    dorkultra OT's resident crohns dude OT Supporter

    Joined:
    Oct 14, 2005
    Messages:
    22,735
    Likes Received:
    26
    Location:
    yinzer / nilbog, trollhio
    format and reinstall at this point

    you can try to fix your system as much as you can, but it will still never run as well as it did before the invasion
     

Share This Page