How to remove XP Internet Security 2010

Discussion in 'ESET Smart Security' started by Didz, Jan 28, 2010.

Thread Status:
Not open for further replies.
  1. Didz

    Didz Registered Member

    Joined:
    Sep 30, 2009
    Posts:
    9
    MY sons PC has just been infected by How to remove "XP Internet Security 2010" a fake security program which includes a key logger (BNK.Win32.Keylogger.gen.)

    His ESET Smart Security program is not detecting it and he is being prevented from accessing the internet until he agree's to purchase the necessary removal tool, which is just a scam to get him to enter his credit card details.

    I need urgent advice on how to remove this program from his PC, before it does irrepairable damamge as I understand it attacks the registry and acts a host for other viruses.
     
  2. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Hello Didz;

    Has your friend tried booting in safe mode ?
    If not, give that a try, and if successful, attempt to download/install Malwarebytes.
    -Also very good are:
    Superantispyware and
    A-Squared.
    All have free versions.

    If safe mode is unavailable, I recommend you download the three applications listed above to a USB flash drive and install to the infected computer from it.

    Please check back with the results, and good luck !
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  4. Didz

    Didz Registered Member

    Joined:
    Sep 30, 2009
    Posts:
    9
    I'm actually reluctant to advise my son to cure this problem by downloading yet more unknown programs onto his PC, even if he was able to access the internet. The obvious potential to use the panic caused by this program to piggy-back more infected programs onto your PC suggests that its better to stick with tried and trusted suppliers, hence the posting on this forum.
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    visit and post at one of the forums linked where any cleanup is under guidance of experienced volunteers who specialises in removing malware. Tell there what the symptom are and you can't access internet and you will be guided from there.

    of course you can always try with Eset
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2219
     
    Last edited: Jan 28, 2010
  6. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Didz;

    Malwarebytes, Superantispyware, and A-Squared are all highly trusted and, in fact, among the most reputable of all security software vendors.
    Which "tried and trusted suppliers" would you trust ?

    Concerning the three security applications that I have recommended, downloading from (their) websites is about as risk-free as it gets.

    Suite yourself.
     
  7. Didz

    Didz Registered Member

    Joined:
    Sep 30, 2009
    Posts:
    9
    Well personally I've never heard of them, and typing in XP Anti-Virus 2010 or AV.EXE into google just produces a wall of similar people offering quick solutions.

    So, I'd prefer to know what ESET suggest as a solution.
     
  8. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
  9. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    While you're waiting for Eset's recommendation, have a read here.

    It's mostly as per wtsinnc's original steer on this :)

    philby
     
  10. Didz

    Didz Registered Member

    Joined:
    Sep 30, 2009
    Posts:
    9
    Actually what I've got him to do is restore his entire PC to yesterday's security checkpoint.

    We are actually checking the results now, but apparently he is now able to access the internet and XP Anti-Virus 2010 has stopped whining at him. The only thing that he found still present was the AV.EXE program file sitting in c:\windows\prefetch. But it wasn't running as a process and the XP Anti-Virus 2010 was not listed as an active application by Task Manager.

    So, it looks like the restore has removed the registry settings that trigger the program to run on boot up, but not actually deleted the program files.

    ****
    Ok! quick update. Simon deleted the AV.EXE file and rebooted his PC. When he did this before the file simply reappeared in a different folder, but this time a disk search revealed no trace of it. So, it looks like we have got rid of it.

    The only remaining issue is how the hell it got onto his PC in the first place with ESET Smart Security guarding the door. He is pretty sure it came from an art and design website he was using for his college work, but ESET should have blocked it.
     
  11. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There is no security solution that would protect you against every single threat. What's more, these rogue AVs are dirty business and the authors are able to release dozens of variants per day when they are sure they are undetected by all or most of antivirus programs. It is crucial to take security precautions described here. If you run into a suspicious file, submit it to ESET per the instructions here.
     
  13. Didz

    Didz Registered Member

    Joined:
    Sep 30, 2009
    Posts:
    9
    Could have done with those links last night, but I couldn't find them when I went to the ESET site. In fact, Simon's home network is firewall protected and my entire family use ESET smart security on their PC's as I bought a multi-license pack to make sure they all use it.

    The particular problem that Simon has is that he attends College, and so he is constantly transporting information backwards and forwards from his college network to his home network, and college networks are notoriously bad for collecting all manner of viral infections which he literally brings home on his data stick and then plugs straight into his PC.

    In fact, he's probably more security conscious than I am and seems to be constantly running virus scans, but nevertheless this one obviosly slipped through and seemed to coincide with some research work he was doing on a wevsite dedicated to conceptual art. So he has now blacklisted that website apparently, the only problem being that it actually had a lot of useful information on it that he needed for his project.

    Its actually quite difficult to know where to stop with this security stuff. In addition to ESET, I also have Mailwasher and Spysweeper on my PC, mainly because I use my PC for business and so get a lot of incoming email and have to access a lot of other peoples websites and networks. I've actually lost count of how many times I've access a website and triggered an alert as some malicious program tries to infect your PC, if only with Adware.
     
  14. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    While the suggestions Marcos linked to help, there's one more that I think should be far more common (but is not) for most users. . .particularly users of any OS prior to Vista/Win7:

    This is, don't allow administrative privileges on the account you use for day-to-day work. Even if your son has the right to install software on his own computer (which I presume to be true since he's in college), he should have a separate Administrator account and a regular user account that is NOT in the "Administrators" group (it may need to be a "Power User" depending on the apps he uses, but if not necessary, don't even make it a power user).

    This way, when he needs to install anything, he's gotta switch users to the Administrator account to do so. Some rogue programs can get around this security--for example they still permit BHOs to be loaded in IE--but a lot can't.

    This simple step has prevented numerous malware infections on my family's computers over the years.

    That said, I still think ESET ought to immunize the auto-run portions of the registry, which would prevent a lot of these zero-day rogue programs. . .and a lot of my own headaches too!
     
  15. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Why not try Malwarebytes it is good in removing rogues and even if you don't know about these programs just try to install and if it does install(in that infected machine) then it will definitely remove that XP-2010 virus.

    You can even try SuperAntiSpyware or try its Portable Version:)


    As macros said no product is 100% good so try these two hope your problem gets solved Good Luck:)
     
  16. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    Great idea, except that at least four of the computers in my company, from which I've had to remove variants of Personal Antivirus, Antivirus 2010, and Antivirus 360, had MalwareBytes installed on them at the time of infection (one also had ESS with current definitions). You'll understand if this has left me less than convinced about the greatness of MalwareBytes. . . :p

     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The standalone rogue AV cleaner will be updated soon to remove additional rogue AVs.
     
  18. Didz

    Didz Registered Member

    Joined:
    Sep 30, 2009
    Posts:
    9
    Well so far (touch wood) the restore seems to have resolved the problem. So, I'm keeping my fingers crossed thats the end of the saga, at least until the next time.
     
  19. sherryxp2000

    sherryxp2000 Registered Member

    Joined:
    Nov 14, 2007
    Posts:
    96
    Malware Bytes

    You should run Malwarebytes FOR SURE.

    It is much better suited at what it does, which is to remove MALWARE.

    You have came to a place where people are telling you some help and recommending this program.

    I run a PC Repair business. The Malwarebytes program will remove much more than any antivirus product, whether it is Eset, Kaspersky, Trendware, Avira, AVG, AVast, Norton, etc. The program is suited to repair KNOWN instances, it is what is specializes in. It's sole purpose. When I say it will remove more, I mean when it comes to malware, not exactly viruses.

    And for your reference, ignore the adverisements on the page below, and read the article.

    http://www.myantispyware.com/2010/0...-security-2010-xp-guardian-antivirus-xp-2010/
     
    Last edited: Feb 2, 2010
  20. mr_yoda

    mr_yoda Registered Member

    Joined:
    Jul 2, 2008
    Posts:
    57
    Location:
    Manchester, UK
    Re: Malware Bytes

    I've just been infected with XP Guardian 2010, which I assume is the same (or at least similar) to the virus mentioned. Eset Smart Security did quarantine and delete something but it was still present. It removed all .exe associations and would not allow me to enter anything in control panel.

    Finally got rid of it by scanning with MalwareBytes in safe mode. I have to say I was absolutely 'bricking it'. Even if you've done a system restore and you think it's gone, it is worth using MalwareBytes and SuperAntiSpyware (both excellent programs and ones to be trusted).
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Malware Bytes

    Have you tried running ESET Rogue AV cleaner?
     
  22. mr_yoda

    mr_yoda Registered Member

    Joined:
    Jul 2, 2008
    Posts:
    57
    Location:
    Manchester, UK
    Re: Malware Bytes

    Not yet. I'll give it a go this evening after work.
     
  23. mr_yoda

    mr_yoda Registered Member

    Joined:
    Jul 2, 2008
    Posts:
    57
    Location:
    Manchester, UK
    Re: Malware Bytes

    Which Rogue AV cleaner am I supposed to download? I've had a look on the Spyware Removal and Antivirus Tools page on the Eset website but there's just a load of names which mean nothing to me.
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas

    Attached Files:

    Last edited: Feb 3, 2010
  25. mr_yoda

    mr_yoda Registered Member

    Joined:
    Jul 2, 2008
    Posts:
    57
    Location:
    Manchester, UK
Thread Status:
Not open for further replies.