?
Solved

XP Total Security infected my work computer

Posted on 2011-05-01
19
Medium Priority
?
982 Views
Last Modified: 2012-05-11
I have read multiple posts about how to resolve and get rid of this malware program. I have Malwarebytes and it won't launch. I even bought the full version and moved it to the infected computer with a disc, but it won't install.

 Right now, I need help. I'm not a computer geek, but just a computer worker, so I don't feel comfortable running files that I'm not sure about that some unknown sites (where I've read about various solutions) suggests, because this is the computer that provides for a family of 5, and so I need to be really carefull.

Can someone help me who really knows what to do safely? Please?

thank you
0
Comment
Question by:Elizabeth2
  • 5
  • 5
  • 2
  • +1
13 Comments
 

Author Comment

by:Elizabeth2
ID: 35501652
Unfortunately, I don't have the expertise to follow your directions to take out the hard drive. I don't even know how to go into safe mode, though I can google it to fiture it out. I have never had to use safe mode. I also read another post that said not to use combofix as that was not helpful in this solution. I've tried the suggtions about malwarebytes on this page: http://www.wilderssecurity.com/showthread.php?t=297906&highlight=XP+Total+Security, but not having heard of that FixNCR file, I was afraid to try it. I've also read other posts where that did not help. i'm afraid I need step by step instructions, as if you're speaking to a 13 year old girl.
0
 

Author Comment

by:Elizabeth2
ID: 35501657
on that computer, I can't even access a web page. As soon as I go to a URL, a security page error appears in place of the real web page I'm trying to access.

I can't even get to Experts-Exchange on that computer. I'm using my laptop.

I've tried renaming Malwarebytes exe file, and that didn't work.

elizabeth
0
 
LVL 2

Expert Comment

by:aidenscool09
ID: 35501685
Oh, forgot to mention, download the files onto your laptop, and copy them to a USB stick, then plug the USB stick into the infected computer.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 23

Accepted Solution

by:
phototropic earned 2000 total points
ID: 35501901
Elizabeth2,

Sorry, this must be confusing for you. An expert posted bad advice, and both his comment and mine have been removed.

Please go to the following site where you will find comprehensive instructions on how to remove  XP Total Security:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

Once you have run the Mbam scan, please post the scan log here for review, using the "File" tab just below this post, on the left hand side.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 35502019
@Elizabeth2,

Here in the UK it is after midnight.  I will check back in the morning and see how you have got on.

younghv is also on hand to offer help and advice.
0
 
LVL 4

Expert Comment

by:griff4345
ID: 35502487
Elizabeth2:

It's very clear to me that you (self-admittedly) are a bit of a novice at the inner workings of the computer. Additionally, it seems you have a healthy fear of doing the wrong thing as a result of not fully understanding the ramifications. Then you clearly state how important it is, because it serves 5 persons.
    All of this is reason enough for you to NOT bother with any of this and take the system to a qualified facility. It is very likely, based on the previous comments and assumptions, that you will continue to dig a hole from which you cannot escape.
    Trust me -- this is the right thing to do!

---Best of luck!
0
 
LVL 4

Expert Comment

by:griff4345
ID: 35502501
After further examination, I withdraw my comment -- please disregard it.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 35503568
Good morning!  

I hope you have managed to make some progress with your problem.  Don't forget to post your Mbam scan log here once it has completed.
0
 

Author Comment

by:Elizabeth2
ID: 35504405
thank you to everyone who has tried to help. I'm on a different computer right now, still working on this issue, and will return to post the results later this morning. thank you.
0
 

Author Comment

by:Elizabeth2
ID: 35504924
Hi Everyone,

To be accurate, I should state that I had already found the instructions at bleepingcomputer.com, along with some other sets of instructions that were totally different. HOWEVER, just because you find some instructions on the internet, doesn't mean they are accurate or legitimate.

The real help was having you experts at Experts-Exchange CONFIRM that bleepingcomputer.com's instructions were safe to follow, were the correct ones to follow, and is really what I needed. Thank you so much!

Unfortunately, as a web developer, I can do a lot with code, I'm even very knowledgeable with the Mac OS, software and hardware, but when it comes to Microsoft Windows, and PC computers, I'm a 13 year old girl. I know just enough to get into trouble! ;-)

Ok, I'm back up and running. Thank you all very much. I followed the instructions at Bleeping Computer, and this morning changed my virus software from ESET, who let this happen in the first place, to Microsoft Security Essentials.

Can a moderator help me determine how to award points in this case, since there were so many posts? I'm not sure if I am supposed to award points to moderators or not? Do I?

Basically, I followed the steps outlined by phototropic. So, would that be the correct expert to award all the points to, or do I split them up? This has always confused me about Experts-Exchange. When, more than one person helps and says the same thing, how do you determine who to award points to? younghv also was very helpful. Please advise.

I've attached the log, as requested.

Thank you again, and thank you for this awesome site, Experts-Exchange.

elizabeth

 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/1/2011 9:31:57 PM
mbam-log-2011-05-01 (21-31-57).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|Z:\|)
Objects scanned: 1401162
Time elapsed: 4 hour(s), 18 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
J:\_From_E\LLV_CD_Originals\Truth_Trackers\logo.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
J:\_From_E\LLV_CD_Originals\Truth_Trackers\logo_planes.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
J:\_From_E\Loving Las Vegas\Truth_Trackers\logo.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
J:\_From_E\Loving Las Vegas\Truth_Trackers\logo_planes.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
J:\_From_E\Loving Las Vegas\LLV_CD_Originals\Truth_Trackers\logo.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
J:\_From_E\Loving Las Vegas\LLV_CD_Originals\Truth_Trackers\logo_planes.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
J:\_From_E\Loving Las Vegas\Truth_Trackers\logo.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
J:\_From_E\Loving Las Vegas\Truth_Trackers\logo_planes.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Open in new window

0
 
LVL 23

Expert Comment

by:phototropic
ID: 35505130
Glad to hear you are back on track.

Advice on closing questions and awarding points here:

http://www.experts-exchange.com/Community_Support/General/A_2786-How-do-I-close-a-question-at-Experts-Exchange.html?sfQueryTermInfo=1+30+award+do+how+i+point

Once again, I'm sorry you had the confusion of experts arguing with each other and posts being deleted.  The Virus and Spyware Zones are more prone to this sort of thing than anywhere else on ee, unfortunately.
0
 

Author Closing Comment

by:Elizabeth2
ID: 35505411
I really appreciated the kind and respectful tone and accurate advice. What a life-saver! Thank you so much!
0
 
LVL 23

Expert Comment

by:phototropic
ID: 35505533
You're very welcome.

Thanks for the points and grade.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Integration Management Part 2
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question