AntiSpyware XP 2010

Discussion in 'NOD32 version 2 Forum' started by shanderawx, Apr 15, 2010.

Thread Status:
Not open for further replies.
  1. shanderawx

    shanderawx Registered Member

    Joined:
    Apr 15, 2010
    Posts:
    2
    Microcenter advised me to buy ESET to help remove Antispyware XP 2010 after a lack of success with malwarebytes and McAfee. I installed it tonight but the nasty program is still there. Any advice on how to remove it?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    First of all, make sure that you have the most recent version of the signature database installed (5029) and run a full disk scan. A newer update 5030 with additional rogue AV detections will be released shortly so it's likely it will cover this variant as well. If not, you can contact customer care (or PM me) and provide them a log from SysInspector which should reveal all suspicious files. If you haven;t upgraded to v. 4.2.40 and you're still using the old version 2, please upgrade as soon as possible. V4 has much better detection ratio as well as self-protection compared to v2.
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Recent variants of this one take some care depending on how deep it got in the system..

    MalwareBytes handles much of it....but sometimes (depending on how deep it got in the system)...you'll need to do several things to bring back functions of the OS. And you may find it blocks some anti ad/spyware programs from even installing, running, and updating.

    Look up Symantecs "unhookexec .inf"...which restores some of the Windows Shell executables, and lookup a tool called FixWin..which has some functions like restoring regedit, taskman, etc.
     
  4. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Yes , something it misses because it strictly depends on updates.

    Earlier I came accross a new variant of XP Antivirus 2010 (or AntiSpyware , I don't remember the name) , called fid.exe
    File size: 190464 bytes
    MD5: fd40ea5e5557dae135a48f29bfa71644
    SHA1: 143a09ce3067469ea4f7c53df985444f77c63adc

    I uploaded the file to Jotti and only Kaspersky and F-Secure caught it.

    Also scanned with the ESET online scanner , used Hitman Pro and MBAM and noticed that NOD32 , GData , PrevX , ASquared , MBAM didn't notice it . The system I met fid.exe on had Panda Cloud Antivirus which obviously didn't detect anything even with Quick scan performed.

    Kaspersky and F-Secure now detects this as Katusha. Norton kill it during execution with SONAR but didn't have local signatures . Insight Network scan killed it successfully as FakeAV. I provide ESET and others the MD5 and SHA1 sums to check that I don't lie.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I'd suggest submitting the file to ESET per the instructions here as I couldn't find that file anywhere.
     
  6. shanderawx

    shanderawx Registered Member

    Joined:
    Apr 15, 2010
    Posts:
    2
    Thank you for your support to date; unfortunately, in our XP running operating system, we have lost all .exe capabilities. o_O We bought ESET two days ago and ran all the updates.
    What do you recommend in that Antispyware XP 2010 probably infected something very basic in our operating system?
     
  7. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  8. Lake

    Lake Registered Member

    Joined:
    Apr 17, 2010
    Posts:
    1
    I'd suggest using AppLocker (Windows 7) with NOD32 (and any AV for that matter ;). Getting familiar with AppLocker will require some reading but well worth it. For Windows XP, you can create a local policy that prevents a specific .exe from running. Like so... User Configuration, expand Administrative Templates, expand System. In right pane, double-click Don't run specified Windows applications. Click Enabled, then click Show. Click Add, and type the name of the exe to be restricted from running. e.g. fid.exe. :thumb:
     
Thread Status:
Not open for further replies.