Solved

How do I remove XP Home Security 2011?

Posted on 2011-03-02
31
1,259 Views
Last Modified: 2012-05-11
I have been infected by XP Home Security 2011.
I have tried using ESET to clean the machine - no luck
I have also tried Malwarebytes but it will not load.
NOr can I download it afresh.
Please help
0
Comment
Question by:digisel
  • 10
  • 6
  • 4
  • +6
31 Comments
 
LVL 2

Expert Comment

by:PortableTech
ID: 35020835
Here is a great page that provides both some automated solutions as well as some manual solutions depending on what you are looking for.

http://www.spywares-remove.com/remove-xp-home-security-2011-xphomesecurity2011-removal-steps
0
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 35020845
Have you tried any of the above applications in safe mode w/ networking? That's your best bet for the initial scanning until your system is clean enough to scan from normal windows mode.

Also try spybot search and destroy http://www.safer-networking.org/index2.html

Super antispyware portable is a great program (gets past a lot of spyware programs that block .exe applications from running) http://www.superantispyware.com/portablescanner.html
0
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 35020860
Also, a fantastic program is Hitman Pro. It installs several different scanners for a more thorough cleaning of your system.

http://www.surfright.nl/en/hitmanpro
0
 
LVL 8

Expert Comment

by:Sean Scissors
ID: 35020929
If MB won't load you will need to run a program called Rkill first.

http://www.bleepingcomputer.com/download/anti-virus/rkill

It will help stop any program trying to prevent you from opening anything else. However try and see if anything will load. It's possible your .exe file within the registry has been modified so no .exe will run. If that is the case then run the attached registry file. It will replace your data with the correct default data then allow you to open files. After you can run MB you should be ok as MB removes most if not everything. Also please refer to the following thread for more information.
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_24860646.html#a35002621

Fix-EXE.reg
0
 
LVL 38

Expert Comment

by:younghv
ID: 35021168

Did you use the "Save As" function when you downloaded MBAM?
Many variants of malware can recognize and affect the file name when you are downloading it.

You may have to download it to a clean machine, then copy it to USB stick or CD.
Manual update executable here:
http://forums.malwarebytes.org/index.php?showtopic=3436

I wrote a little about it here:
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

Are you sure that is the exact name of the malware you're seeing?
If you can post a screenshot for us to look at, it might give us some more clues.

There are only one or two malware variants that call for using Malwarebytes in a "Safe Mode" scan and you should never do that unless you see an actual link/reference to the instructions.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35021197
If you are facing issues running MalwareBytes I would recommend you to rename the mbam.exe to some dummy name like mb.com and then run it.

http://www.malwarebytes.org/mbam-download.php

I hope that would help

Sudeep
0
 
LVL 38

Expert Comment

by:younghv
ID: 35021230
digisel -
You CANNOT "rename" the Malwarebytes executable AFTER downloading it.
You must use the "Save As" function before the file hits your computer.
0
 

Author Comment

by:digisel
ID: 35021945
Hi all
Thanks for your suggestions.   I have tried all of them but none of them will load.
Younghv  when I download Malwarebytes executable I do not get the option to @Save As@

In any case I already have Malwarebytes loaded on this Pc but I cannot load the file.

ANY OTHER SUGGESTIONS BECAUSE i AM BACK WHERE I STARTED.
0
 
LVL 2

Expert Comment

by:PortableTech
ID: 35021991
Well, one shot of last resort is to download Malwarebytes and replace the standard explorer.exe with the malwarebytes exe file.  Explorer is seldom if ever blocked and once you reboot, it should startup malwarebytes in place of explorer.

Once you clean things up you can use safe mode command prompt mode to put explorer.exe back where it belongs.
0
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 35021992
Try this:

http://www.pandasecurity.com/activescan/index/?lang=en-US

It's a cloud scanner by Panda Security.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35022093
digisel - Are you using Internet Explorer as your browser?
When downloading any file from the Internet, the options are "Run", "Save", and "Cancel".

Select "Save" and then "Rename" it to something like "xyz" when the "Save As" box opens.
0
 
LVL 8

Expert Comment

by:Sean Scissors
ID: 35022325
@digisel

Are you posting these from the current infected computer? If so that means your exe is broken. If not, try opening up any other executable file (i.e. a shortcut) and see if it works. If it doesn't then it could be your exe is broken. Refer to my older post as I attached the reg key to fix it.

If it does open but MB is the only thing not opening then you have to run the rkill and then try opening MB in that order. In your case Mb is the last thing you are going to do as you want it to be able to run thoroughly and also with an updated database.

We might be able to help you further if you could explain the symptoms itself that are happening because the XP Security 2011 has different variations/versions with different symptoms.
0
 

Author Comment

by:digisel
ID: 35022418
Scissors.   I can open Adobe Reader from the shortcut and Notepad but not IE or Firefox.

Younghv:   I cannot open IE.   I normally use Firefox which I can open
0
 
LVL 38

Expert Comment

by:younghv
ID: 35022549
I don't know anything about Firefox - never used it.
Maybe another Expert can tell you how.

I did find this link, but it doesn't mean anything to me:
https://addons.mozilla.org/en-US/firefox/addon/save-file-to/
0
 
LVL 8

Expert Comment

by:Sean Scissors
ID: 35022596
@digisel

Sounds like your specific shortcuts might be broken. If you know how travel to your My Computer and go to the program files and search for IE. Right click on your shortcut and see can see where it currently is leading to. The symptoms seem kind of weird but we can get you through this. I have never had to reformat a PC due to a virus.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 8

Expert Comment

by:Sean Scissors
ID: 35022610
@younghv

Forgot to add..Firefox is similar to IE in you can Save or Cancel but Firefox does not allow you to directly run an object through the browser. So when you right click and do save as there is only save or cancel. No run option is there for security reasons. So he still should be able to save the file and change the name.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35022739
S_85 - thanks.
I have to try that thing one of these days.
(Old Dogs, New Tricks.)
0
 
LVL 22

Expert Comment

by:optoma
ID: 35022982
Hi Digisel.
Were you able to download Hitmanpro(mentioned above)?
If so, we can suggest a route to take :)
0
 

Author Comment

by:digisel
ID: 35023819
@ optoma    No I was not able to download HItmanpro
0
 
LVL 22

Expert Comment

by:optoma
ID: 35024741
Can you boot into safe mode with networking and see if it will download for you or download it on another machine and transfer it via cd / removable device
0
 
LVL 1

Expert Comment

by:Trusol
ID: 35025368
What OS are you Running?? if Win Vista or 7 you will need to go to C:\ program data ( if program data is not there you will need to enable "show hidden files and folders" to see the folder) , and look for a folder with random letters and numbers E.G ....thuehe0068948 and inside there you will have 2 files, one is an .exe and cant be deleted right now, please right click the .exe file and rename it to whatever you like (example.exe) and then restart the PC.

That should stop the rogueware from starting up. Now please go back to that location and delete the files inside there. Please then run a full virus and spyware scan which will remove any registry entries of this Rogueware.

If you are running XP,, do you have an icon on the desktop?? if so right click and go properties, this will give you the location of where the .exe file is sitting, navigate to that location and follow the steps above.

Please get back to us as soon as you can, I hope this helps.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35026114
digisel,
You really need to figure out how to properly run "Malwarebytes" on this system - as I recommended here: http:#a35021168

Even if you do as a I said and use another computer - then copy to USB/CD (with the update file), at least you get the right program to start attacking this.
0
 
LVL 7

Accepted Solution

by:
DIIRE earned 350 total points
ID: 35026123
Download RKill.exe and run it.  If you can't download it, then download it from another pc and run it from usb stick on infected pc.  Then try to run Malware Bytes again.  RKill will kill most malware processes and allow AV software to run.

http://www.bleepingcomputer.com/forums/topic308364.html

If that fails, download Combofix from link below and run that. If you can't download combofix to that pc, then download it from another pc and copy the exe to the desktop (combofix must be saved and run from the desktop).  Change the file name to anything but combofix if it wont copy across then run it.  

http://www.bleepingcomputer.com/download/anti-virus/combofix
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 150 total points
ID: 35026192
Finally - complete detailed instructions written by "Grinler" (they don't come any better than him):

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
0
 
LVL 38

Expert Comment

by:younghv
ID: 35026204
@Trusol - the "XP" in the malware name tells you the OS. The leading word will be either XP, Vista, or Win 7 for the different variants.
0
 
LVL 1

Expert Comment

by:Trusol
ID: 35027159
@younghv, completely overlooked that one!
0
 
LVL 38

Expert Comment

by:younghv
ID: 35027290
TBH - I learned that about ONLY after reading Grinler's instructions, so I had about a 10 minute head start.
0
 

Author Comment

by:digisel
ID: 35028801

PROBLEMS PERSIST
thanks for the input from everyone.
 I successfully loaded RKill.exe from a memory stick off another PC.
This allowed me to run malwarebytes on the infected PC.
That program has taken well over two hours.
It found NO infections.
I have that PC sitting there showing this (surprising) news.
Should I try re-booting or what???
Regards
0
 
LVL 38

Expert Comment

by:younghv
ID: 35028851
digisel,
I can't tell from your last comment what steps you have actually taken.

Did you manage to download a clean (re-named) version of MBAM?
Did you follow the instructions contained in my latest post?
http:#a35026192
0
 

Author Comment

by:digisel
ID: 35029578
Hi younghv
1.   I copied the Rkill from my laptop onto a memory stick
2.  I activated Rkill on the infected pc from the memory stick
3.  I activated Malwarebytes from the desktop icon (as per the instruction on bleeping computer)
Then subsequent to your last post I tried to load a new and freshly named malbutes.ex file from thememory stick.
This resulted in the system suddenly re-booting.
Than BINGO - without Malwarebuytes activating the system was cleared of this cursed program and all is well.
Thank you for your diligence and patience and to everyone else who pitched in.

I am sure that everyone has taken something away from this.   And the more people who know how to combat this curse from hell then the less money they will make.
Once again many thanks.
0
 

Author Closing Comment

by:digisel
ID: 35029636
Thanks to DIRE particularly for coming up with RKill - that is what clearly fixed it.
Thanks to all who took part, hope everyone got something out of it.
Cheers
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now