Total XP Security infection - "VMA.exe" - seems invincible

Hey all,

One of my machines has become infected with "Total XP Security" - the exe that runs is "vma.exe" and it's proving to be just about invincible.  Before I reformat the machine, I'd like to see if anyone can help me remove it instead.

I've run rkill and tdsskiller to try and break the process, I've run malware bytes (well, tried to), but the installer for it will not run because every time I try to run it, vma.exe pops up and kills the installer.  This happens both in safe mode and normal mode.  I've looked through hijackthis and autoruns but nothing appeared to be out of line.  The pop ups are driving me mad!  Anyone run into this little sucker before?
Preston55Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

slitheredxscarsCommented:
i ran into that sucker before. luckily i had another uninfected machine. installed anti virus on usb, and ran it. i think it was either avg or comodo. (just recently switched to comodo) if that doesnt work try repairing windows via windows installation cd/dvd
0
Preston55Author Commented:
This thing is a bastard, isn't it!

I am not onsite, so I cannot use a USB drive ATM.  Other ideas?
0
uescompCommented:
are you able to end it with task manager or is task manager getting locked down.  If so simply log off and as soon as you attempt to log in just mash ctrl, alt, and delete to get task manager to start before the virus does.

Also you stated its total xp security, double check to make sure vma.exe is tied to it.  Removing viruses is usually pretty easy but finding the actual file name is difficult.

I just end the process, use msconfig command to open startup menu, find the name of the culprit, open up the registry, do a search for that filename specifically and remove all keys that popup with its name.
Then do a search on the primary drive for files/folders (be sure to show hidden and windows files), when that is done download and install malwarebytes, also download cleanup which is a great program for cleaning up temp files where viruses/spyware like to sit.  Cleanup and be found here:

http://www.stevengould.org/index.php?Itemid=70&id=28&option=com_content&task=view
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

abelenkiyCommented:
download trojanremover from http://www.simplysup.com/
you might want to download it on your pc and then send it over through a file share or whatever the remote access app youre using if your internet browsing is screwed up.
perform an update and let it scan.
do a few runs.
then use spybot with the latest definitions do remove additional junk.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thompsonwirelessCommented:
I have run into this as well and it is less time consuming and less trouble to do a reload.  Hitman Pro and Malwarebytes both didn't get rid of it on my computer.
0
IPTNCommented:
The first thing that I would suggest would be running msconfig and trying to stop any autostarting services or process created by the virus from there. Next if you know where the file for the main virus is you can use unlocker portable which i attached in a self extracting archive to get rid of it. Simply drag the file you want to delete on to unlocker.exe and if no locking handles are found selecting delete and then ok, or if there are locking handles selecting delete in the bottom left hand corner and then hitting unlock all. Try all of this in safe mode if you can then I have also attached a portable version of malwarebytes which you can download and run to extract the self-extracting archive. If you can do a full scan. After it is finished and you restart I would suggest still downloading the Malwarebytes installer and doing another full scan using that copy along with anyother anti-virus software you want to use.
unlocker1.8.8-portable.exe
MalwarebytesPortable.exe
0
lee555J5Commented:
I personally recommend Microsoft Security Essentials (MSE) at
http://www.microsoft.com/security_essentials/
These have free rescue boot discs as well:
http://www.avg.com/us-en/avg-rescue-cd
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
Lee
0
spiderwilk007Commented:
Okay, here is the easiest way to remove XP total security: boot your computer into "safe mode with networking" install malwarebytes, you can download this from malwarebytes.org and load it on a thumb drive. install it and update it to teh newest version and get teh newest definitions. then run it, it should pick up the virus and completely remove it. If this doesn't work go to this link it has manual removal instructions and Malwarebytes instructions.

http://www.myantispyware.com/2010/03/17/how-to-remove-total-xp-security/ 
0
Preston55Author Commented:
You, my friend, are AWESOME.  Thank you so much for pointing that nifty little tool out to me, it worked like magic!  I'll be adding that one to my list of administrator utilities!
0
abelenkiyCommented:
:) glad it worked out.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.