antispyware xp2009

Discussion in 'ESET NOD32 Antivirus' started by Dad with three, Oct 31, 2008.

Thread Status:
Not open for further replies.
  1. Dad with three

    Dad with three Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    2
    I have an virus that is named, AntiSpyware xp2009. I tried to run ESET NOD32 v3.0 several times and the virus still seems to be active. A message constantly pops up, Your computer is infected.

    Does anyone have suggestions on how to get rid of this virus?
     
  2. Basileia

    Basileia Registered Member

    Joined:
    Sep 15, 2008
    Posts:
    2
    Location:
    South Africa
    Hallo Dad3,

    I got rid with it by doing the following on Windows XP Pro SP3:

    1. Install NOD32 and ran a full scan.
    2. Rebooted into Safe-Mode and disabled System Restore.
    3. Installed Spybot Search & Destroy, installed the downloaded update and ran a full scan.
    4. Booted normal again and ran again a full scan with NOD32 and Spybot.

    Afterwards I enabled Regedit again with a script (looking for it), enabled Folder Options under Tools menu again, reinstalled SP3 for WinXP.

    Reply if you need the script to enable Regedit.

    Regards,

    Bennie
     
  3. Dad with three

    Dad with three Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    2
    Can you send the script to enable Regedit.

    Thank you,
     
  4. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello, probably NOD didn't detect all infected files. Download ESET SysInspector from ESET's website, make a log and send it to support[at]eset.com, please.
     
  5. Basileia

    Basileia Registered Member

    Joined:
    Sep 15, 2008
    Posts:
    2
    Location:
    South Africa
    Hope it works fr you:

    Enabling the Registry Editor
    This malware disables the Registry Editor. To re-enable these tools, perform the following steps:
    Open a text editor, such as NOTEPAD. In the text editor, copy the following codes:

    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\
    CurrentVersion\Policies\System]
    "DisableRegistryTools"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
    CurrentVersion\Policies\System]
    "DisableRegistryTools"=-

    Save the file as {any file name}.REG
    Locate and execute the created .REG file.

    Reboot the system

    Good luck,

    Bennie
     
  6. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, I'd suggest that you download MBAM and give it a try before complicated messing with something else.
     
  7. bjj

    bjj Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    1
    I caught this and some other stuff last Sunday. Renewed my license that same day...now one of my kids was on the machine unattended who knows what buttons he pushed.


    Turned off system restore.
    Down loaded/ran a program> CCleaner.
    Down loaded/ran a program> http://www.malwarebytes.org/index.php
    At this point the computer appeared fine, but ran combofix.exe,mostly because I already downloaded it per http://forums.majorgeeks.com/showthread.php?t=139313 article-note I was not able fully complete all the suggestions in that article.

    Redoing security setup: changed browser from explorer to firefox/thunderbird, added Keyscrambler(paid), Malwarebytes(paid).

    Still have Nod32, since I just paid for another year. Things left to do, but need to do more reading to find out what to add/change.
     
  8. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    in addition to malwarebytes, also download superantispyware from

    http://www.superantispyware.com

    these both have free versions(will be good for you) and do a great job cleaning up the fake antivirus's
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please do as Kosak suggested. ESET SysInspector should help in cases like this, we do not recommend using other tools as it can be solved using ours.
     
Thread Status:
Not open for further replies.