ibrahim52
asked on
XP Total Security Virus
Xp Total Security virus has come back in one of my client's Windows XP PC. I dealt with this a long time back but this time it is much stronger version which even loads in startup of safe mode and doesn't allow kaspersky rescue disk to run. Tried every possible solution posted on the internet and nothing worked so far. Thank you.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
veedar has faster fingers :)
This may be a 'name-changing' rogue that appears to be included here:
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011
Read my instructions here and note the "Save As" function to assign a new name to MBAM before you download it.
https://www.experts-exchange.com/A_5124.html
Please DO NOT try using ComboFix - it is NOT indicated for this infection.
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011
Read my instructions here and note the "Save As" function to assign a new name to MBAM before you download it.
https://www.experts-exchange.com/A_5124.html
Please DO NOT try using ComboFix - it is NOT indicated for this infection.
ASKER
heheh...but still i have gone through these links already but i don't know nothing has worked. Even in safe mode it loads and the process name is gcl.exe
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ibrahim52,
If the "Rkill" recommended at bleeping computer didn't work for you, try the "RogueKiller" in my article.
If the "Rkill" recommended at bleeping computer didn't work for you, try the "RogueKiller" in my article.
@ibrahim52,
You could also try finding the location and killing the process named gcl.exe using the process hacker (alternative to task manager).
Download it here:
http://processhacker.sourceforge.net/
Sudeep
You could also try finding the location and killing the process named gcl.exe using the process hacker (alternative to task manager).
Download it here:
http://processhacker.sourceforge.net/
Sudeep
ASKER
Alright lets see if the process hacker works :) thank you
ibrahim52,
You don't want to try stopping just one process that you think is the problem, you want to use an automated program that will identify and stop ALL rogue processes.
You don't want to try stopping just one process that you think is the problem, you want to use an automated program that will identify and stop ALL rogue processes.
Totally agree with younghv, and that should be the right approach. However if killing the gcl.exe process let anti-virus/anti-spyware products run then it would not harm.
Sudeep
Sudeep
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Following on ...when you scroll through the list of running programs presumably you should see the executable gcl.exe, and not the mentioned process tsc.exe. Or it could be composed of <quote>random numbers or characters, and have a shield icon or a padlock icon next to it<unquote>. You've then found the process(s) you're after.
Hmm, looks as if i should have studied veedar's link in detail, before posting mine, sorry :/
ASKER
I don't know but the issue resolved by itself. I went to my client this morning and was surprised to see that no XP TOTAL SECURITY is appearing anymore and i was still able to run ANTI MALWARE BYTES and removed the remaining traces. I don't know i think i ran KASPERSKY RESCUE DISK last time , the scanning was working fine was something and stopped, may be that is the reason it was removed as after kaspersky scan failed i did not bother to turn on the PC again and returned it back to my client. Anyways, i would like to share the points between the experts here and THANK YOU for all your time and the valuable suggestions that helped me coming over to some decision.
ASKER
Thanks to all the experts for giving their best resolving this issue.
ibrahim52,
I was very cordial of you to split all of the points, but the PROBABLE solution was the ability to run Malwarebytes.
It would have been better to 'Accept' the first couple of comments that pointed you to the MBAM site.
I was very cordial of you to split all of the points, but the PROBABLE solution was the ability to run Malwarebytes.
It would have been better to 'Accept' the first couple of comments that pointed you to the MBAM site.
I found a registry fix a while ago that works to repair the issue of not being able to run .exe files after you clean the virus off.
http://www.myantispyware.com/2010/11/18/how-to-remove-pw-exe-malware/
http://www.myantispyware.com/2010/11/18/how-to-remove-pw-exe-malware/