Fake Antispyware XP 2010 program | How to remove it from computer

Experts,

Whats the best way to remove Windows XP AntiSpyware 2010 from my laptop, registry and Windows operating system?  I've done research on it and it's a fraud - a way to collect money and potential ID fraud.

Are there links in Experts Exchange specificially about this, the best way to remove it without harming the computer, etc?  Or any suggestions?

Thanks in advance,

Rob
RobWellsMcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
this guide and program will easily fix it, without hurting anything:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ivano ViolaSystem AdministratorCommented:
Malwarebytes would be the program to use. www.malwarebytes.org (free version)

Here are some instructions on how to remove the rogue antivirus.
http://www.myantispyware.com/2010/02/22/how-to-remove-xp-antispyware-2010-xp-antivirus-pro-2010/

Let us know how it goes.
0
lovepashahCommented:
The Best Way to remove it is to use System Restore to restore your computer to a time when there was no fake antispyware in your computer.

For Below Solution your to work System Restored should be enabled previously in you computer.

To do this Follow this instructions:

1> restart you computer computer in safe mode to do this while bios screen comes up keep tapping F8 function key, In latest motherboards F8 Function key takes you to Boot from order if some blue screen comes up with your hard disk and cd drom just press ESC (Escape) key and keep taping F8 function key it will take to the OS menu where you would be having lot of otion from that select only SAFE MODE.

2> Immediately When you reach in safe mode you will get a window where it asks you yes or now, If you select yes it will open system restore for you & if you select no then follow Ponint 3.

3> Go to start --> Program Files --> Accessories --> System Tools --> Select System Restore.
If followed pint 2 properly skip this point or continue.

4> A window will come up name System Restore with two options 1)Restore my computer to an earlier time & 2) Create restore point. Select 1st option & click next.

5) Next screen would show you the calender and inside calendar there would be few dates highlighted. Highlighted dates are the dates on which restore point was created.

6> Select one highlighted date when you didnt had this problem and click next and it will ask you to confirm to confirm click next you system will restart and start restoring to selected date settings.

0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

JonveeCommented:
A number of the above methods should work - if still unresolved you could try manual removal by following these instructions - there are some useful user comments if you scroll - deleting the user account was a bit severe but it appears to have worked:

"Remove PC AntiSpyware 2010 (Removal Instructions)":
http://www.xp-vista.com/spyware-removal/pcantispyware-pc-antispyware-removal-instructions
0
optomaCommented:
Running any removal tools can potentially harm your OS!
Its depending on how bad its infected+ what is removed as a result.
Its possible that you may have other "unwanted" infections apart from above mentioned so there is never a guarantee that all will ok, only until after the baddies are gone!

Another useful scanner is Hitmanpro
http://www.surfright.nl/en/hitmanpro

Post any logfiles here of scanners used :)

0
perfectpcCommented:
I have loads of customer falling for this 1. I would recommend Malwarebytes as mentioned above. Every computer I have scanned with this has been fixed.

If you find you can't install the program when double clicking, right click the install file and choose start from the options.
0
rpggamergirlCommented:
The suggested tools are all good tools for this, attach the log specially if using ComboFix.
And if the nasties are blocking .exes to run then run exeHelper first to undo the blocks. This tool also removes the common rogues.
Please download exeHelper to your desktop.
http://www.raktor.net/exeHelper/exeHelper.com 
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
0
pegla12Commented:
I suggest you to listen to ivanoviola and use malwarebytes. Some of my users had problem with the same Fake Antispyware XP 2010 program and I got rid of them with malwarebytes. Easy to use and free. Thumbs up.
0
sb7785Commented:
In addition to the other great suggestions posted; if they all fail, try creating a bootable antivirus CD. If that doesn't fix it, then you've got some serious problems. It's always good to keep on hand at anytime:
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_25347695.html 
http://www.experts-exchange.com/articles/Storage/Misc/Creating-a-bootable-CD-USB.html
0
xtreminatorDIYerCommented:
you need to locate the installation file of xp 2010 program first in your system.
first download hijack this: http://free.antivirus.com/hijackthis/
most common location for this program is .. user profile folder who have administrative privilege. and program files
this folder could super hidden so you cant see directly. 
start computer in safe mode ( press f8 button before windows boot screen appear).
open my computer > tools (look at top menu of my computer ) > folder option > view tab > un check "hide protected operating system files" also tick on show hidden files and folder.
after applying  above look in user profile folder c:\documents and settings\user folder (folder named with you user logged in name), and look for hidden file.
if you cant see hidden file, this is surly curse of xp 2010 program.
but by luck if you can see hidden folder and file.
then go to start > programs > xp 2010 antivirus (or what is the name of program) > right click on it property > find target > this will bring you to the cave of evil xp 2010 program.remove all file include folder.
now run hijack this utility you downloaded from :http://free.antivirus.com/hijackthis/
scan system look for the suspicious entries named with xp 2010 program and relative name and remove it.
if all works disable system restore and re-enable this.
common target of XP 2010 program is : system restore,winlogon,windows startup, hidden files problem,task manager disablesd.
so may system restore may not solve problem.
this method could free you system from curse of xp 2010 program.
0
RobWellsMcAuthor Commented:
I'm going through all your suggestions, solutions, options... See what I can do to remove this XP 2010 Antivirus program, etc!
0
RobWellsMcAuthor Commented:
xtreminator,

I did as you told me to do so.  I made a screenshot and saved in safe mode.   Do you see the 2010 XP Antivirus files?
WindowsSAFEMODE.gif
0
RobWellsMcAuthor Commented:
xtreminator,

This is in normal mode - same thing...  I don't see the 2010 XP files...

Perhaps SUPERAntivirus took care of 2010 XP files because I quaranteed a lot of malware and spyware using that program.

Your thoughts xtreminator?
WindowsNORMAL.gif
0
kennyhenaoCommented:
OK. First you need to be in normal mode and do the following.

Download Rkill.com and Combofix (as suggested) - will need to download from another PC and use flash drive to copy over files to infected PC.

Use Rkill to stop malware processes and then run Combofix.
This will permanently remove this.
0
RobWellsMcAuthor Commented:
I think SUPERantivirus took care of it?

Is there another way to find out if I still have this Antispyware XP 2010 program?  Or if it has been quaranteed?
0
B HCommented:
you can re-run any of the tools you used, and see if it is detected again...

malwarebytes is your best bet for verifying the infection is gone.  malwarebytes should always report 0 infections...  if not, fix what it finds, reboot, and run it again until it says zero
0
RobWellsMcAuthor Commented:
Ok you got it byron, will do that now...  Will download Malwarebytes and then go from there and then report on it here...
0
RobWellsMcAuthor Commented:
Here are the results of Malwarebytes Anti-Malware Quick Scan:

Malwarebytes-QuickScanResults.gif
0
RobWellsMcAuthor Commented:
Let me know what your thoughts are - is my computer OK?   Should I quarantine all those files listed in the quick scan?  Or could it DISABLE my computer by taking bits and pieces of the registry with it like what happened with SUPERantiSpyware?   I got my computer fixed when one Experts Exchange expert provided xp-exe-fix.reg to fix the registry.  That fixed the computer upon startup so programs could be activated - and plus I could click on any program instead of having to use the 'OPEN WITH' dialog box to open up any program within the computer - thats what happened when I quaranteed all viruses and malware using SUPERantiSpyware.

Let me know what your thoughts are?  

Plus should I run an Malwarebytes full scan - or is it not necessary because my computers OK?
0
Ivano ViolaSystem AdministratorCommented:
Everything listed there needs to be removed. Click on the remove selected button. It will probably ask you to reboot. Report any other problems you may discover when you log back in.
0
TrustWiseCommented:
Looks like malwarebytes cleaned up what was left. Because the infection was so bad run combofix as well And post the log here
0
RobWellsMcAuthor Commented:
Okay, I'll do just that....
0
B HCommented:
yeah you dont have to worry about malwarebytes stopping something that your computer actually needs... once you're clean, run malwarebytes every few weeks and remove anything it finds
0
RobWellsMcAuthor Commented:
Trustwise - I ran Combofix and here's the log file in notepad.txt.

Experts, check it out.  Any additional steps needed?


0
RobWellsMcAuthor Commented:
Here it is, can't see the attachment in the most recent post.  Hopefully this post shows the log file from Combofix.
COMBOFIX-log.txt
0
TrustWiseCommented:
Combofix picked up a few the others missed, looks good now.
0
RobWellsMcAuthor Commented:
One last question, I ran the Combo quick scan.  Should I run the full scan another time?  Or am I all good and to just stick with running Malwarebytes once every few weeks, etc?
0
B HCommented:
malwarebytes will be ok going forward, unless you get a particularly bad infection... then do combofix in that case
0
RobWellsMcAuthor Commented:
Great, thanks everyone!  Thanks Byron!
0
RobWellsMcAuthor Commented:
PERFECT THANKS!!!
0
TrustWiseCommented:
Any time
0
Ivano ViolaSystem AdministratorCommented:
You're welcome Rob.
0
xtreminatorDIYerCommented:
sorry for late reply......RobWellsMc
I've check screen shots, there is no sigh of xp 2010 in folder but could be in sub directory.
another thing...
you can easily find this program location by
go to start > programs > xp 2010 antivirus (or what is the name of program) > right click on the icon of xp 2010 program go to property > find target > this will bring you to the cave of evil xp 2010 program.remove all file include folder. 
as i mentioned in earlier post...


0
B HCommented:
typically this infection is installed as a rootkit, you likely wouldn't see it on the start menu or as a file... and if you did, it would respawn itself as soon as it was deleted (assuming you could even end-process on it long enough to delete it)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.