Bogus AV 2012 Problem

[WilliamP]

I am trying to help someone overcome the infection. The system had the Bogus AV 2012 on it. I ran Avira ,Super Antispyware.Malwarebytes,and HitmanPro. The system is XP Home. I think that it is clean but damaged.(It won't update Windows and I can't burn a CD of his pictures). I ran a scan of GMER and would like to know if it indicates a Root Kit.

[TheKid7]

CD Problem:

1. Right click on MyComputer and click on Properties.
2. Click on the Hardware Tab.
3. Click on Device Manager.
4. Expand DVD/CD-ROM drives.
5. Click on the name of your DVD/CD-ROM drive.
6. Right click, select Uninstall and say OK to uninstalling the device.
7. Restart the PC.
8. When Windows restarts, Windows XP should properly detect and install your DVD/CD-ROM drive.

[TheKid7]

SuperAntiSpyware has many Windows Repair Options. I don't remember at this time where these options are located in SuperAntiSpyware. Open SuperAntiSpyware and look for these options.

[TheKid7]

Do a Full scan with Dr.Web CureIt. Dr.Web CureIt now has a reasonably fast scan speed.

Also, maybe do a scan with the Kaspersky AVP Tool.

Once your problems are sorted out, it is highly recommended to start to routinely Image your hard drive so that any future problems with Malware may be quickly and easily fixed.

[TheKid7]

Perform a Windows XP Repair Install.

How to Perform a Windows XP Repair Install:

http://www.michaelstevenstech.com/XPrepairinstall.htm

Another possible option is Microsoft FixIt Center:

http://fixitcenter.support.microsoft.com/Portal

[WilliamP]

The computer is an HP and has a D drive for System Restore. So I ran the System restore. Had a couple of problems,but seemed fine. I managed to get XP updated. After everything was updated I ran an Avira scan. Avira found 1 TR/Agent.xvp and 8 TR/Emuni.F and hopefully removed them. Has anyone had to deal with these bugs?

[TheKid7]

Quote:

Originally Posted by WilliamP

The computer is an HP and has a D drive for System Restore. So I ran the System restore. Had a couple of problems,but seemed fine. I managed to get XP updated. After everything was updated I ran an Avira scan. Avira found 1 TR/Agent.xvp and 8 TR/Emuni.F and hopefully removed them. Has anyone had to deal with these bugs?

Does the HP Restore from hidden partition have a choice of two Restore options?

Some PC vendors will have something like a Restore option that does not overwrite all files and a Restore option (sometimes refered to as "Destructive Restore") that will overwrite the entire Windows System (C) Partition. If you did not use a "Destructive Restore", there is a chance of Malware being left on the Windows System Partion after the Restore process.

[WilliamP]

There was no choices. Everything seems fine,but I'm concerned. Checking in Google it seems that Avira is the only AV that catches it.

[TheKid7]

Quote:

Originally Posted by WilliamP

There was no choices. Everything seems fine,but I'm concerned. Checking in Google it seems that Avira is the only AV that catches it.

A couple of years ago, I scanned a Compaq PC with the Avira Rescue System CD and Avira identified a HP Utility ('Process Killer' Utility) as a Trojan. I do not remember the name of the Trojan. A web search showed that this was a "false positive".

[WilliamP]

I sent the files to Avira and they said that TR/Emuni.f is a Trojan.

[TheKid7]

You could give Comodo Security Essentials 2.x BETA a try. Keep in mind that it is still in BETA Testing. It may find some false positives, so you will have to determine what to do with any suspect files that are found.

Comodo Security Essentials does not install on the PC. You extract the files to a Folder and Run the appropriate exe file.

http://www.wilderssecurity.com/showp...5&postcount=38