Help - Virus attack

R

rebhaf

Registered
Messages
7
Hello! I am in an urgent need of help.:mecry:
I had a virus attack today and I don't know how to repair it. The virus is called "Downloader.MisleadApp" and is trying to get me into installing a so called antivirus called "Antivirus XP 2008", which itself is a virus. I am actually using symantec antivirus but it can only delete the generated file every 14 seconds and the mask of the misleading antivirus is appearing every minute inviting to install it, that kind of bothers me a lot as I am exposed to accidently hitting the OK button for the download.
If anybody knows that kind of virus and how to get rid of it, please show me how.
Thank you!
 
maumixio

maumixio

Staff member
Moderator
Messages
2,869
It is not a virus but a Spyware.
run cmd and type without quote : "regsvr32 /u shlwapi.dll" ENTER and “regsvr32 /u wininet.dll” ENTER

check for these files:
* shlwapi.dll
* wininet.dll
* XP antivirus
* XP Antivirus 2008.lnk
* XPAntivirus.lnk
* XPAntivirus.exe
* XPAntivirusUpdate.exe
* XPAntivirus on the Web.lnk
* XPAntivirus.url
* Uninstall XP Antivirus 2008.lnk
* Uninstall XPAntivirus.lnk
and remove from HD
last thing start regedit HKEY_USERS\Software\and check for "XP antivirus" and remove it
That's all I hope this will help you... ;)
 
Last edited:
Rocknroll

Rocknroll

Staff member
Administrator
Messages
6,174
rebhaf said:
I reboot my computer many times and system restore is on, but it's sill there.
Click to expand...

The fact that restore is on doesn't mean anything if you don't use it. You have to restore your computer to earlier point, before infection happened.
But you should try SmitfraudFix or maumixio suggestion first.
 
M

MADRIDISTA

Registered
Messages
1,025
rebhaf said:
I reboot my computer many times and system restore is on, but it's sill there.
Click to expand...

maumixio suggestion first.
or ,enter safe mode and try SmitfraudFix, but turn system restore off
when you are infected with any trojans, spyware, etc, they could have been saved in System Restore and are waiting to re-infect you.
System Restore is a protected directory and your tools can not access it to delete files that may contain infectionss.
although your tools may say they are deleting them, they are not!
 
R

rebhaf

Registered
Messages
7
@ MAUMIXIO

I tried your technique
first normally: it didn' work out
second with the safe mode: same result
third with system restore off: positive

Unfortunately when I put system restore back, the spyware came back as virulent as before.
Is there anyother tip?
I should mention that I didn't find any file or action with the name "XP Antivirus", the only thing I found were the generated files which names were picked up from the Auto-Protect results of the symantec.
 
B

boxgot

hi rebhaf
A idea more:
Get somewhere,or somehow,or Download AVG AV - disconnect from the net - shut symantec down

install AVG - connect to the net - get AVG updates

Run AVG,and Highjack This and try.
 
M

MADRIDISTA

Registered
Messages
1,025
I am not trying to deny you my friend.. but recently I made few tests on 3 computers, with AVG on the first, kaspersky on the second and avast on the third...
..even though it isn't freeware, KIS remains choice number one :)
 
maumixio

maumixio

Staff member
Moderator
Messages
2,869
Again: it is not a virus! Malware but not a virus.
1) Kaspersky is the best absolutely (MADRIDISTA :thum:), you can install full working trial 30 days from Kasperskylab download site
http://www.kaspersky.com/downloads
Click to expand...
or...
2) Run my tricks in Windows Safe mode (uninstall *.dll is most important)
or...
3) more info just searching the web i.e.
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008
Click to expand...
or finally...
4) format HD reinstall OS and keep running KIS preventing new malicious software ;) Good luck.
 
Last edited:
You must log in or register to reply here.
Top