OT: XP Antispyware 2010

Submitted by Zone Left on

Folks, typing from my phone, just got a nasty piece of what looks like spyware on my laptop called xp antispyware 2010. Any ideas? It appears to have blocked my registry editor, spyware, and anti-virus from opening.

All I've done is disabled my home network to keep anything from getting out, but I'm looking for advice from any tech types to remove this thing.

Thanks

Blue_Bull_Run

February 23rd, 2010 at 11:21 PM ^

This link purports to solve the problem:

http://www.xp-vista.com/spyware-removal/pcantispyware-pc-antispyware-re…

EDIT - there are some other links out there, too. Not sure which one will work best, you might just have to try a google search.

Now that I see screen shots of that damn thing, I believe I've removed it off of my sisters computer before. If this is the same thing then its one of the easier trojans to remove. MBAM worked like a charm.

willywill9

February 23rd, 2010 at 11:24 PM ^

Funny I had the same dang problem. Blazefire mentioned some steps in another post (http://mgoblog.com/mgoboard/nasty-pop-virus)

I actually just went through these steps and I think my laptop is fine now. knock on wood. I just rebooted in safemode, restored to an earlier date, and used Malewarebytes to fully scan and clear out the rest.

I didn't dl the other recommended programs, as I have an antivirus software already.

bronxblue

February 23rd, 2010 at 11:25 PM ^

Try logging into the system in safe mode - I think if you press F8 during boot time you can initiate the safe start-up. From there, see if you can log in and run the anti-virus and the like.

I looked up the virus quickly, and some people said that the blocking program issue can be side-stepped by right-clicking on the icons and running the programs via a "run" or "start" command. Alternatively, you could right click on the icon, copy the executable path and paste it into the "run" box/quasi-DOS version under the start menu.

Other suggestions:
1. If you have a relatively recent system restore point, go to system tools and see about restarting from an earlier restore point (before the virus).
2. I also found a link to this forum - http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010 that sounds promising. No promises about the quality, but at least a starting-off point.

Good luck.

Big_G

February 24th, 2010 at 8:41 AM ^

The stuff on Bleeping Computer should work fine. Just remember that this piece of malware changes so often that the manual removal instructions might not point to all the files. Best bet is to follow the instructions outlined there to install Malwarebytes, let that do its trick in safe mode and then follow up with the manual uninstall stuff to see if everything was removed. Also its a good idea to flush any temp files, etc to keep anything nasty in there from reinfecting you. Some malware removal stuff flushes temp files automatically though (Combofix for one example).

joeyb

February 23rd, 2010 at 11:50 PM ^

If you don't get this virus perfectly, it will slowly damage the computer more and more. If you can, put the hard drive into an external enclosure (you can generally find ones for $10 or even free) and run the antivirus on it from another machine.

If that isn't an option, boot into safe mode and then follow the instructions in willywill9's link.

e.go.blue

February 24th, 2010 at 2:23 AM ^

Malware-Bytes Anti-Malware is a life saver. As the guides say, boot into safe mode and catch it early and you should be good. I had to do a complete reinstall on a friends computer after everything I tried failed miserably. Of course, that's only a last resort. Read those guides above, they should work for you. Good luck!

cltjr

February 24th, 2010 at 7:34 AM ^

because of that f-cking virus. and no bad surfing either - my sites are pretty much google, yahoo, espn, facebook, detnews, mlive, chitribune, and mgoblog.

Bosch

February 24th, 2010 at 7:45 AM ^

First download rkill @

http://www.technibble.com/rkill-repair-tool-of-the-week/

It is a DOS based tool that will disable active malware.

Then, as e.go.blue recommended, download malwarebytes @

http://www.malwarebytes.org/

You probably will want to be in "Safe Mode with Networking(?)" before downloading the apps. Both are free and should take care of the problem.

EDIT: I know this works because I had an equally nasty one called "Antivirus Soft."

aenima0311

February 24th, 2010 at 1:37 PM ^

+1 for typing exactly what I was about to post.

I do this type of stuff for a living and RKill / Malwarebytes are a life safer. They can't fix everything, but they can easily take care of 80% of all malware-related issues.