[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1293
  • Last Modified:

How do I remove XP Home Security 2011?

I have been infected by XP Home Security 2011.
I have tried using ESET to clean the machine - no luck
I have also tried Malwarebytes but it will not load.
NOr can I download it afresh.
Please help
0
digisel
Asked:
digisel
  • 10
  • 6
  • 4
  • +6
2 Solutions
 
PortableTechCommented:
Here is a great page that provides both some automated solutions as well as some manual solutions depending on what you are looking for.

http://www.spywares-remove.com/remove-xp-home-security-2011-xphomesecurity2011-removal-steps
0
 
Timothy McCartneySYS ADMINISTR I INFRASCommented:
Have you tried any of the above applications in safe mode w/ networking? That's your best bet for the initial scanning until your system is clean enough to scan from normal windows mode.

Also try spybot search and destroy http://www.safer-networking.org/index2.html

Super antispyware portable is a great program (gets past a lot of spyware programs that block .exe applications from running) http://www.superantispyware.com/portablescanner.html
0
 
Timothy McCartneySYS ADMINISTR I INFRASCommented:
Also, a fantastic program is Hitman Pro. It installs several different scanners for a more thorough cleaning of your system.

http://www.surfright.nl/en/hitmanpro
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
Sean ScissorsProgram Analyst IICommented:
If MB won't load you will need to run a program called Rkill first.

http://www.bleepingcomputer.com/download/anti-virus/rkill

It will help stop any program trying to prevent you from opening anything else. However try and see if anything will load. It's possible your .exe file within the registry has been modified so no .exe will run. If that is the case then run the attached registry file. It will replace your data with the correct default data then allow you to open files. After you can run MB you should be ok as MB removes most if not everything. Also please refer to the following thread for more information.
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_24860646.html#a35002621

Fix-EXE.reg
0
 
younghvCommented:

Did you use the "Save As" function when you downloaded MBAM?
Many variants of malware can recognize and affect the file name when you are downloading it.

You may have to download it to a clean machine, then copy it to USB stick or CD.
Manual update executable here:
http://forums.malwarebytes.org/index.php?showtopic=3436 

I wrote a little about it here:
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

Are you sure that is the exact name of the malware you're seeing?
If you can post a screenshot for us to look at, it might give us some more clues.

There are only one or two malware variants that call for using Malwarebytes in a "Safe Mode" scan and you should never do that unless you see an actual link/reference to the instructions.
0
 
Sudeep SharmaTechnical DesignerCommented:
If you are facing issues running MalwareBytes I would recommend you to rename the mbam.exe to some dummy name like mb.com and then run it.

http://www.malwarebytes.org/mbam-download.php

I hope that would help

Sudeep
0
 
younghvCommented:
digisel -
You CANNOT "rename" the Malwarebytes executable AFTER downloading it.
You must use the "Save As" function before the file hits your computer.
0
 
digiselAuthor Commented:
Hi all
Thanks for your suggestions.   I have tried all of them but none of them will load.
Younghv  when I download Malwarebytes executable I do not get the option to @Save As@

In any case I already have Malwarebytes loaded on this Pc but I cannot load the file.

ANY OTHER SUGGESTIONS BECAUSE i AM BACK WHERE I STARTED.
0
 
PortableTechCommented:
Well, one shot of last resort is to download Malwarebytes and replace the standard explorer.exe with the malwarebytes exe file.  Explorer is seldom if ever blocked and once you reboot, it should startup malwarebytes in place of explorer.

Once you clean things up you can use safe mode command prompt mode to put explorer.exe back where it belongs.
0
 
Timothy McCartneySYS ADMINISTR I INFRASCommented:
Try this:

http://www.pandasecurity.com/activescan/index/?lang=en-US

It's a cloud scanner by Panda Security.
0
 
younghvCommented:
digisel - Are you using Internet Explorer as your browser?
When downloading any file from the Internet, the options are "Run", "Save", and "Cancel".

Select "Save" and then "Rename" it to something like "xyz" when the "Save As" box opens.
0
 
Sean ScissorsProgram Analyst IICommented:
@digisel

Are you posting these from the current infected computer? If so that means your exe is broken. If not, try opening up any other executable file (i.e. a shortcut) and see if it works. If it doesn't then it could be your exe is broken. Refer to my older post as I attached the reg key to fix it.

If it does open but MB is the only thing not opening then you have to run the rkill and then try opening MB in that order. In your case Mb is the last thing you are going to do as you want it to be able to run thoroughly and also with an updated database.

We might be able to help you further if you could explain the symptoms itself that are happening because the XP Security 2011 has different variations/versions with different symptoms.
0
 
digiselAuthor Commented:
Scissors.   I can open Adobe Reader from the shortcut and Notepad but not IE or Firefox.

Younghv:   I cannot open IE.   I normally use Firefox which I can open
0
 
younghvCommented:
I don't know anything about Firefox - never used it.
Maybe another Expert can tell you how.

I did find this link, but it doesn't mean anything to me:
https://addons.mozilla.org/en-US/firefox/addon/save-file-to/
0
 
Sean ScissorsProgram Analyst IICommented:
@digisel

Sounds like your specific shortcuts might be broken. If you know how travel to your My Computer and go to the program files and search for IE. Right click on your shortcut and see can see where it currently is leading to. The symptoms seem kind of weird but we can get you through this. I have never had to reformat a PC due to a virus.
0
 
Sean ScissorsProgram Analyst IICommented:
@younghv

Forgot to add..Firefox is similar to IE in you can Save or Cancel but Firefox does not allow you to directly run an object through the browser. So when you right click and do save as there is only save or cancel. No run option is there for security reasons. So he still should be able to save the file and change the name.
0
 
younghvCommented:
S_85 - thanks.
I have to try that thing one of these days.
(Old Dogs, New Tricks.)
0
 
optomaCommented:
Hi Digisel.
Were you able to download Hitmanpro(mentioned above)?
If so, we can suggest a route to take :)
0
 
digiselAuthor Commented:
@ optoma    No I was not able to download HItmanpro
0
 
optomaCommented:
Can you boot into safe mode with networking and see if it will download for you or download it on another machine and transfer it via cd / removable device
0
 
TrusolCommented:
What OS are you Running?? if Win Vista or 7 you will need to go to C:\ program data ( if program data is not there you will need to enable "show hidden files and folders" to see the folder) , and look for a folder with random letters and numbers E.G ....thuehe0068948 and inside there you will have 2 files, one is an .exe and cant be deleted right now, please right click the .exe file and rename it to whatever you like (example.exe) and then restart the PC.

That should stop the rogueware from starting up. Now please go back to that location and delete the files inside there. Please then run a full virus and spyware scan which will remove any registry entries of this Rogueware.

If you are running XP,, do you have an icon on the desktop?? if so right click and go properties, this will give you the location of where the .exe file is sitting, navigate to that location and follow the steps above.

Please get back to us as soon as you can, I hope this helps.
0
 
younghvCommented:
digisel,
You really need to figure out how to properly run "Malwarebytes" on this system - as I recommended here: http:#a35021168

Even if you do as a I said and use another computer - then copy to USB/CD (with the update file), at least you get the right program to start attacking this.
0
 
DIIRECommented:
Download RKill.exe and run it.  If you can't download it, then download it from another pc and run it from usb stick on infected pc.  Then try to run Malware Bytes again.  RKill will kill most malware processes and allow AV software to run.

http://www.bleepingcomputer.com/forums/topic308364.html

If that fails, download Combofix from link below and run that. If you can't download combofix to that pc, then download it from another pc and copy the exe to the desktop (combofix must be saved and run from the desktop).  Change the file name to anything but combofix if it wont copy across then run it.  

http://www.bleepingcomputer.com/download/anti-virus/combofix
0
 
younghvCommented:
Finally - complete detailed instructions written by "Grinler" (they don't come any better than him):

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
0
 
younghvCommented:
@Trusol - the "XP" in the malware name tells you the OS. The leading word will be either XP, Vista, or Win 7 for the different variants.
0
 
TrusolCommented:
@younghv, completely overlooked that one!
0
 
younghvCommented:
TBH - I learned that about ONLY after reading Grinler's instructions, so I had about a 10 minute head start.
0
 
digiselAuthor Commented:

PROBLEMS PERSIST
thanks for the input from everyone.
 I successfully loaded RKill.exe from a memory stick off another PC.
This allowed me to run malwarebytes on the infected PC.
That program has taken well over two hours.
It found NO infections.
I have that PC sitting there showing this (surprising) news.
Should I try re-booting or what???
Regards
0
 
younghvCommented:
digisel,
I can't tell from your last comment what steps you have actually taken.

Did you manage to download a clean (re-named) version of MBAM?
Did you follow the instructions contained in my latest post?
http:#a35026192
0
 
digiselAuthor Commented:
Hi younghv
1.   I copied the Rkill from my laptop onto a memory stick
2.  I activated Rkill on the infected pc from the memory stick
3.  I activated Malwarebytes from the desktop icon (as per the instruction on bleeping computer)
Then subsequent to your last post I tried to load a new and freshly named malbutes.ex file from thememory stick.
This resulted in the system suddenly re-booting.
Than BINGO - without Malwarebuytes activating the system was cleared of this cursed program and all is well.
Thank you for your diligence and patience and to everyone else who pitched in.

I am sure that everyone has taken something away from this.   And the more people who know how to combat this curse from hell then the less money they will make.
Once again many thanks.
0
 
digiselAuthor Commented:
Thanks to DIRE particularly for coming up with RKill - that is what clearly fixed it.
Thanks to all who took part, hope everyone got something out of it.
Cheers
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 10
  • 6
  • 4
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now