AntiSpyware XP 2010

Microcenter advised me to buy ESET to help remove Antispyware XP 2010 after a lack of success with malwarebytes and McAfee. I installed it tonight but the nasty program is still there. Any advice on how to remove it?

 

First of all, make sure that you have the most recent version of the signature database installed (5029) and run a full disk scan. A newer update 5030 with additional rogue AV detections will be released shortly so it's likely it will cover this variant as well. If not, you can contact customer care (or PM me) and provide them a log from SysInspector which should reveal all suspicious files. If you haven;t upgraded to v. 4.2.40 and you're still using the old version 2, please upgrade as soon as possible. V4 has much better detection ratio as well as self-protection compared to v2.

 

Recent variants of this one take some care depending on how deep it got in the system..

MalwareBytes handles much of it....but sometimes (depending on how deep it got in the system)...you'll need to do several things to bring back functions of the OS. And you may find it blocks some anti ad/spyware programs from even installing, running, and updating.

Look up Symantecs "unhookexec .inf"...which restores some of the Windows Shell executables, and lookup a tool called FixWin..which has some functions like restoring regedit, taskman, etc.

 

Yes , something it misses because it strictly depends on updates.

Earlier I came accross a new variant of XP Antivirus 2010 (or AntiSpyware , I don't remember the name) , called fid.exe
File size: 190464 bytes
MD5: fd40ea5e5557dae135a48f29bfa71644
SHA1: 143a09ce3067469ea4f7c53df985444f77c63adc

I uploaded the file to Jotti and only Kaspersky and F-Secure caught it.

Also scanned with the ESET online scanner , used Hitman Pro and MBAM and noticed that NOD32 , GData , PrevX , ASquared , MBAM didn't notice it . The system I met fid.exe on had Panda Cloud Antivirus which obviously didn't detect anything even with Quick scan performed.

Kaspersky and F-Secure now detects this as Katusha. Norton kill it during execution with SONAR but didn't have local signatures . Insight Network scan killed it successfully as FakeAV. I provide ESET and others the MD5 and SHA1 sums to check that I don't lie.

 

I'd suggest submitting the file to ESET per the instructions here as I couldn't find that file anywhere.

 

Thank you for your support to date; unfortunately, in our XP running operating system, we have lost all .exe capabilities. We bought ESET two days ago and ran all the updates.
What do you recommend in that Antispyware XP 2010 probably infected something very basic in our operating system?

 

either submit as already asked
https://www.wilderssecurity.com/showpost.php?p=1659871&postcount=2

or get on of the dedicated volunteer sites help you remove it
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

I'd suggest using AppLocker (Windows 7) with NOD32 (and any AV for that matter . Getting familiar with AppLocker will require some reading but well worth it. For Windows XP, you can create a local policy that prevents a specific .exe from running. Like so... User Configuration, expand Administrative Templates, expand System. In right pane, double-click Don't run specified Windows applications. Click Enabled, then click Show. Click Add, and type the name of the exe to be restricted from running. e.g. fid.exe.