joygomez
asked on
XP Antispyware firewall alert- virus
Hi,
whenever i try to go to the internet explorer, it gives me this banner that says 'XP Antispyware firewall alert' and won't let me do anything unless i subscripe to their software to remove it. Ofcourse I am not going to be held hostage over this.
But I am stuck. I cannot figure out how to get rid of this. Can someone give me any ideas. Is there a way to remove the IE and then reinstall it. Because i think it is sitting in the IE.
Thanks for any suggestions.
whenever i try to go to the internet explorer, it gives me this banner that says 'XP Antispyware firewall alert' and won't let me do anything unless i subscripe to their software to remove it. Ofcourse I am not going to be held hostage over this.
But I am stuck. I cannot figure out how to get rid of this. Can someone give me any ideas. Is there a way to remove the IE and then reinstall it. Because i think it is sitting in the IE.
Thanks for any suggestions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Only problem is that he may not be able to use the browser to get to the download sites you guys are recommending.
First thing would probably be to try to boot in safe mode (hit F8) during the bootup process and then when the OS asks you how to boot up, boot up in safe mode with networking. You might be able to open up internet explorer then without the dang pop-up showing up.
Then you can go and download malwarebytes.
If that doesn't work, use another computer to get the app and using a USB key, copy the program to the key and copy it to your infected computer and run it from there (if you don't know how to copy stuff over shares).
- Yves
First thing would probably be to try to boot in safe mode (hit F8) during the bootup process and then when the OS asks you how to boot up, boot up in safe mode with networking. You might be able to open up internet explorer then without the dang pop-up showing up.
Then you can go and download malwarebytes.
If that doesn't work, use another computer to get the app and using a USB key, copy the program to the key and copy it to your infected computer and run it from there (if you don't know how to copy stuff over shares).
- Yves
This is a method I use that works on every Rogue that I have seen, removing it by hand......
start>run>"%userprofile%\L ocal Settings"
Is there a randomly named folder, with some .exe files in it? If you enable the Details View, sort the column and look at the most recent ones. There should NOT be any recent .exe files in the "%userprofile%\Local Settings" folder. The viral files will have the most recent "Date Modified", prolly on or before the time of infection.
If so, right click the File>Properties>Security>A dvanced Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.
Reboot, and then go back, your Task Manager should work, Regedit, DOS etc..... Go back into the file properties, and grant yourself Full control, then delete the file......
This can work to get you back in a working state, and then you can followup with your malware scans.
With that said, the key sometimes, is that if you cannot get to Explorer to perform this operation on the file, you need to kill the task. From another machine on your network,, you can use PSexec to stop the process (randomlynamed.exe), and then all the warnings on screen, app blockers etc. are gone.....
DL PSExec here......
http://live.sysinternals.com/psexec.exe
From the other machine.....
start>run>cmd
<PATH TO >psexec \\infectedPCName tasklist
Then when you get the one you want to kill....
From the other machine again.....
start>run>cmd
<PATH TO >psexec \\infectedPCName taskkill /f /im randomlynamed.exe
Then you can proceed to remove the threats via explorer at the above locations.
start>run>"%userprofile%\L
Is there a randomly named folder, with some .exe files in it? If you enable the Details View, sort the column and look at the most recent ones. There should NOT be any recent .exe files in the "%userprofile%\Local Settings" folder. The viral files will have the most recent "Date Modified", prolly on or before the time of infection.
If so, right click the File>Properties>Security>A
Reboot, and then go back, your Task Manager should work, Regedit, DOS etc..... Go back into the file properties, and grant yourself Full control, then delete the file......
This can work to get you back in a working state, and then you can followup with your malware scans.
With that said, the key sometimes, is that if you cannot get to Explorer to perform this operation on the file, you need to kill the task. From another machine on your network,, you can use PSexec to stop the process (randomlynamed.exe), and then all the warnings on screen, app blockers etc. are gone.....
DL PSExec here......
http://live.sysinternals.com/psexec.exe
From the other machine.....
start>run>cmd
<PATH TO >psexec \\infectedPCName tasklist
Then when you get the one you want to kill....
From the other machine again.....
start>run>cmd
<PATH TO >psexec \\infectedPCName taskkill /f /im randomlynamed.exe
Then you can proceed to remove the threats via explorer at the above locations.
To clean and to check if you system is clean do following:
Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php
Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html
64bit
http://dl.surfright.nl/HitmanPro35_x64.exe
If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684
or you could also try FixTDSS.exe from Symantec
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
If this does not resolve your issue then try Combofix:
Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post logs here for further analysis.
Sudeep
Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php
Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html
64bit
http://dl.surfright.nl/HitmanPro35_x64.exe
If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684
or you could also try FixTDSS.exe from Symantec
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
If this does not resolve your issue then try Combofix:
Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post logs here for further analysis.
Sudeep
ASKER
thanks. it worked.
http://free.antivirus.com/hijackthis/
JEJ