[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

windows xp product id replaced with virus alert!

Posted on 2008-06-18
9
Medium Priority
?
3,259 Views
Last Modified: 2013-11-24
A virus has infected a computer and replace the windows xp home product id with the phrase VIRUS ALERT!, it also added the same tag to the date time stamp so that the date time stamp shows the date, time and VIRUS ALERT! at the end of every file on the system.
0
Comment
Question by:stevegingell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 10

Expert Comment

by:peetm
ID: 21814541
Have you got rid of/identified the virus at this stage?
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 21814607
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 21814897
stevegingell--But before running HiJackThis, run the antivirus and antispyware programs on your PC (using up to date reference definition files) and delete what they suggest.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:stevegingell
ID: 21814936
In response to peetm's question.  As far as I know I've successfully removed any and all virus' from the system and belive this to be the damage left from the infection.
For IndiGenus I've included the hijack file.
hijackthis.log
0
 
LVL 10

Expert Comment

by:peetm
ID: 21815175
Ok, so now search the registry - Start | Run | Regedit - then, in Regedit, Edit | Find  VIRUS ALERT!
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 2000 total points
ID: 21815279
Yes, HJT looks clean. How to fix this is explained really well here in miekiemoes blog (she is very highly respected in the anti-malware forums).

http://miekiemoes.blogspot.com/2008/05/virus-alert-in-clock-and-how-to-restore.html
0
 

Author Comment

by:stevegingell
ID: 21817068
IndiGenus had the right repair from miekiemoes web site.  Thanks, 500 point to you.
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 21817123
Glad it worked out. That's not the first time miekiemoes has had my back, she knows her stuff and always seems to be one step ahead of the game. Perhaps because she spends so much of her time on the front lines fighting Malware.

Regards,
Dave
0
 

Author Closing Comment

by:stevegingell
ID: 31468443
Thanks again for your help.  I didn't mean to leave everyone hanging.  I thought I had accepted the answer.  I didn't know about the need to click on the accepted solution link.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question