• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3266
  • Last Modified:

windows xp product id replaced with virus alert!

A virus has infected a computer and replace the windows xp home product id with the phrase VIRUS ALERT!, it also added the same tag to the date time stamp so that the date time stamp shows the date, time and VIRUS ALERT! at the end of every file on the system.
0
stevegingell
Asked:
stevegingell
  • 3
  • 3
  • 2
  • +1
1 Solution
 
peetmCommented:
Have you got rid of/identified the virus at this stage?
0
 
IndiGenusCommented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
 
jcimarronCommented:
stevegingell--But before running HiJackThis, run the antivirus and antispyware programs on your PC (using up to date reference definition files) and delete what they suggest.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
stevegingellAuthor Commented:
In response to peetm's question.  As far as I know I've successfully removed any and all virus' from the system and belive this to be the damage left from the infection.
For IndiGenus I've included the hijack file.
hijackthis.log
0
 
peetmCommented:
Ok, so now search the registry - Start | Run | Regedit - then, in Regedit, Edit | Find  VIRUS ALERT!
0
 
IndiGenusCommented:
Yes, HJT looks clean. How to fix this is explained really well here in miekiemoes blog (she is very highly respected in the anti-malware forums).

http://miekiemoes.blogspot.com/2008/05/virus-alert-in-clock-and-how-to-restore.html
0
 
stevegingellAuthor Commented:
IndiGenus had the right repair from miekiemoes web site.  Thanks, 500 point to you.
0
 
IndiGenusCommented:
Glad it worked out. That's not the first time miekiemoes has had my back, she knows her stuff and always seems to be one step ahead of the game. Perhaps because she spends so much of her time on the front lines fighting Malware.

Regards,
Dave
0
 
stevegingellAuthor Commented:
Thanks again for your help.  I didn't mean to leave everyone hanging.  I thought I had accepted the answer.  I didn't know about the need to click on the accepted solution link.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now