?
Solved

windows xp product id replaced with virus alert!

Posted on 2008-06-18
9
Medium Priority
?
3,257 Views
Last Modified: 2013-11-24
A virus has infected a computer and replace the windows xp home product id with the phrase VIRUS ALERT!, it also added the same tag to the date time stamp so that the date time stamp shows the date, time and VIRUS ALERT! at the end of every file on the system.
0
Comment
Question by:stevegingell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 10

Expert Comment

by:peetm
ID: 21814541
Have you got rid of/identified the virus at this stage?
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 21814607
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 21814897
stevegingell--But before running HiJackThis, run the antivirus and antispyware programs on your PC (using up to date reference definition files) and delete what they suggest.
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 

Author Comment

by:stevegingell
ID: 21814936
In response to peetm's question.  As far as I know I've successfully removed any and all virus' from the system and belive this to be the damage left from the infection.
For IndiGenus I've included the hijack file.
hijackthis.log
0
 
LVL 10

Expert Comment

by:peetm
ID: 21815175
Ok, so now search the registry - Start | Run | Regedit - then, in Regedit, Edit | Find  VIRUS ALERT!
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 2000 total points
ID: 21815279
Yes, HJT looks clean. How to fix this is explained really well here in miekiemoes blog (she is very highly respected in the anti-malware forums).

http://miekiemoes.blogspot.com/2008/05/virus-alert-in-clock-and-how-to-restore.html
0
 

Author Comment

by:stevegingell
ID: 21817068
IndiGenus had the right repair from miekiemoes web site.  Thanks, 500 point to you.
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 21817123
Glad it worked out. That's not the first time miekiemoes has had my back, she knows her stuff and always seems to be one step ahead of the game. Perhaps because she spends so much of her time on the front lines fighting Malware.

Regards,
Dave
0
 

Author Closing Comment

by:stevegingell
ID: 31468443
Thanks again for your help.  I didn't mean to leave everyone hanging.  I thought I had accepted the answer.  I didn't know about the need to click on the accepted solution link.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question