Link to home
Start Free TrialLog in
Avatar of Preston55
Preston55Flag for United States of America

asked on

Total XP Security infection - "VMA.exe" - seems invincible

Hey all,

One of my machines has become infected with "Total XP Security" - the exe that runs is "vma.exe" and it's proving to be just about invincible.  Before I reformat the machine, I'd like to see if anyone can help me remove it instead.

I've run rkill and tdsskiller to try and break the process, I've run malware bytes (well, tried to), but the installer for it will not run because every time I try to run it, vma.exe pops up and kills the installer.  This happens both in safe mode and normal mode.  I've looked through hijackthis and autoruns but nothing appeared to be out of line.  The pop ups are driving me mad!  Anyone run into this little sucker before?
Avatar of slitheredxscars
slitheredxscars

i ran into that sucker before. luckily i had another uninfected machine. installed anti virus on usb, and ran it. i think it was either avg or comodo. (just recently switched to comodo) if that doesnt work try repairing windows via windows installation cd/dvd
Avatar of Preston55

ASKER

This thing is a bastard, isn't it!

I am not onsite, so I cannot use a USB drive ATM.  Other ideas?
are you able to end it with task manager or is task manager getting locked down.  If so simply log off and as soon as you attempt to log in just mash ctrl, alt, and delete to get task manager to start before the virus does.

Also you stated its total xp security, double check to make sure vma.exe is tied to it.  Removing viruses is usually pretty easy but finding the actual file name is difficult.

I just end the process, use msconfig command to open startup menu, find the name of the culprit, open up the registry, do a search for that filename specifically and remove all keys that popup with its name.
Then do a search on the primary drive for files/folders (be sure to show hidden and windows files), when that is done download and install malwarebytes, also download cleanup which is a great program for cleaning up temp files where viruses/spyware like to sit.  Cleanup and be found here:

http://www.stevengould.org/index.php?Itemid=70&id=28&option=com_content&task=view
ASKER CERTIFIED SOLUTION
Avatar of abelenkiy
abelenkiy

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I have run into this as well and it is less time consuming and less trouble to do a reload.  Hitman Pro and Malwarebytes both didn't get rid of it on my computer.
The first thing that I would suggest would be running msconfig and trying to stop any autostarting services or process created by the virus from there. Next if you know where the file for the main virus is you can use unlocker portable which i attached in a self extracting archive to get rid of it. Simply drag the file you want to delete on to unlocker.exe and if no locking handles are found selecting delete and then ok, or if there are locking handles selecting delete in the bottom left hand corner and then hitting unlock all. Try all of this in safe mode if you can then I have also attached a portable version of malwarebytes which you can download and run to extract the self-extracting archive. If you can do a full scan. After it is finished and you restart I would suggest still downloading the Malwarebytes installer and doing another full scan using that copy along with anyother anti-virus software you want to use.
unlocker1.8.8-portable.exe
MalwarebytesPortable.exe
I personally recommend Microsoft Security Essentials (MSE) at
http://www.microsoft.com/security_essentials/
These have free rescue boot discs as well:
http://www.avg.com/us-en/avg-rescue-cd
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
Lee
Okay, here is the easiest way to remove XP total security: boot your computer into "safe mode with networking" install malwarebytes, you can download this from malwarebytes.org and load it on a thumb drive. install it and update it to teh newest version and get teh newest definitions. then run it, it should pick up the virus and completely remove it. If this doesn't work go to this link it has manual removal instructions and Malwarebytes instructions.

http://www.myantispyware.com/2010/03/17/how-to-remove-total-xp-security/ 
You, my friend, are AWESOME.  Thank you so much for pointing that nifty little tool out to me, it worked like magic!  I'll be adding that one to my list of administrator utilities!
:) glad it worked out.