How to remove XP Internet Security 2010

I guess the question that keeps occurring to me is, what do the Malwarebytes people know that everyone from ESET to Symantec to McAfee can't seem to learn? Malwarebytes' website claims to monitor processes and nip them before they start, talks about heuristic technology, etc. etc. Well, so do the rest.

And though I keep asking, no one has yet answered. . .why, oh why, does ESET's heuristic technology not monitor for the very act of creating an entry in any of Windows' various auto-start or run-at-startup locations? Intercepting that behavior seems like such an obvious place to stop the installation of all manner of unwanted applications, I simply cannot understand why it is not monitored and filtered.

 

Well Eset, like many other companies have expanded so much, they can't stay on top of the game totally. Don't get me wrong, I use ESet (version 3), and never have any problems.

Eset is spread out now, so many platforms, different versions, numerous languages, etc. It's similar to how Nero CD Burning used to be great, then it got way to big. I am not calling ESet bloatware, they have just grown in a different way.

Malwarebytes is still small, they update more than anyone I know of, so they just stay on top of the game in "that" department, "Malware". So they can specialize with more detail.

That's my innocent opinion anyways.

What I would do, if it was me, is sub-contract (not buy out) Malwarebytes technology into ESet. A money maker for both.

 

The reason is simple. An AV program cannot generate too many prompts and most of the actions must be automatized. Common users are unable to determine if an application trying to write to the registry is clean or not. They would soon find out that allowing all actions is easier than denying actions. This approach would certainly do more damage than benefits.
ESET products use the smart ThreatSense technology based on code emulation. This enables us to determine if a file is clean or not by running it in a virtual environment when the behavior and file characteristics are assessed before the code is actually executed. This is done fully automatically in the background without user intervention, allowing common users to use legit applications without hassle whilst still being protected against malware.

 

With respect, Marcos, I disagree. I'm not talking about the whole registry--you're absolutely right, programs are writing to the registry all the time and soon we'd wind up with the kind of warning overload commonly associated with ZoneAlarm...I don't want that either!

However, the portions of the registry that cause auto-running of programs are fairly few--HKLM\Software\Microsoft\Windows\CurrentVersion\Run and its analog in HKCU, HKLM\Software\Microsoft\WindowsNT\Winlogon and its HKCU analog, the "Services" section (creating a new service with automatic startup), and the "Startup" portion of the start menu. One or more of those six locations have been involved in every AV2010 infection I've seen. A warning that simply says "Are you installing a program right now? (Y/N)" or something similar would be all the more intervention necessary, and those six locations are NOT routinely written unless an installation is in process.

Even more specific, your heuristic engine could watch for calls to write to those six locations, specifically initiated by a browser click or hyperlink. That'd make the warning state even less frequent.

It would not replace the (still necessary) prompts for installation of ActiveX or Java controls, for example. These must still be watched by the browser (one of many reasons to upgrade to the current versions of the browser). But it would stop a world of hurt with little additional burden.

 

Imagine a common user visited a legit website and got infected by drive-by malware. It would inform him that his computer was infected and strongly advised to download a super duper xp antivirus cleaner. The user would be happy to install it and would allow the malware to write to the registry. For common users it makes not sense to ask them anything as the decision they'd make would be wrong in most cases. Needless to say that malware could easily circumvent such registry "protection" once it targets at that security software. The assessment of the code must be done virtually automatically without user intervention, otherwise it could do more harm than good.

 

Point --partially-- taken. You are absolutely right that my proposed solution does not get around the social engineering side of things. If the user believes he's doing the right thing by the install (and one of my guys who should know better did this just last week), my proposal is completely useless.

However, I have a number of users who have insisted to me "I knew it was bad, I tried to stop it, and I couldn't." Several variants of these malware installers are engineered so clicking the big red X, hitting the "cancel" button, or whatever are still taken as authorization to install the software--there IS no true cancel or abort option. In these cases, the user would have another opportunity to say "no, I don't want this, don't install it." Except for us uber-geeks, that opportunity only comes if an external program (like ESET) grants it.

 

hey thanks for the help !!! i had the same problem with the xp smart security and restoring seemed to help. I have a question tho. I just restored my computer and am up to the part with the AVE.EXE. Do i HAVE to delete it ? Or c an i just leave it alone? my comp seems to work normally even when its there? what does it do anyway?

 

I also had the virus and just finished running eset and it appears to have removed the virus.

But I'm unable to run any exe programs now. Any help

Thanks in advance.

 

Hello,

Have you tried running the FixEXE program from the web site for ESET's Italian distributor? The program is in English, although the web page it is on is in Italian.

Regards,

Aryeh Goretsky

 

I would STRONGLY recommend you delete it, or at least quarantine it. I know of no valid windows process called ave.exe, and so it's almost certainly related to the infection. If you leave it alone, and then for any reason you accidentally execute it again later, you'll reinfect yourself all over.

 

Thanks for the suggestion, I'll give it a go.

 

my ave.exe has number behind it, is it the same thing ?

 

Very probably. Have you tried scanning the file?

If you aren't certain that it's a problem, submit it to ESET using the instructions on this page: http://search.eset.com/esetkb/index?page=content&id=SOLN141

In theory they should respond to you with a status update. . .although in practice I have yet to see a response to any of my submissions. However, if you quarantine the file (after submitting) and leave it alone for a week or so, then try restoring the file from quarantine, if they've identified it as a threat it'll get caught on restore.

 

This info was helpful to me:

_http://www.malwarehelp.org/ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010.html

This one (ave.exe) and another one (tetirqdtssd.exe) harder to clean, makes me move from Avira 9 Personal to Norton AV 2010.
MalwareBytes AM and SUPERAntiSpyware also can clean this two trojans.