troubleshooting Question

Complications from XP Security 2011 Virus

Avatar of quixys
quixys asked on
Anti-Virus AppsOS Security
18 Comments1 Solution480 ViewsLast Modified:

I'm working on a PC that was infected by XP Security 2011, and went through the "normal" steps to remove the infection. I have done the same on several other PCs infected by this virus, but this time it seems to have gotten a bit more advanced.

First, I logged on in Safe Mode under the Administrator account, used Registry fix file to allow .Exe's to run, ran renamed rKill, then updated and ran Malwarebytes full scan. Removed selected with Malwarebytes, rebooted in Normal Windows mode, repeated process on User Account.

So, no more popups now from the fake Security Center, but there are a few lingering complications that I can't figure out. First, Avast keeps popping a "Malicious URL Blocked", originating from C:\WINDOWS\System32\svchosts.exe, the URL it's directing to varies each time the pop up is launched. Second, IE is still semi-hijacked, it keeps redirecting when clicking links from Google, and will not allow access to Microsoft Update. I am not able to turn on Automatic Updates either.

HijackThis log is attached. hijackthis.log
Join our community to see this answer!
Unlock 1 Answer and 18 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 18 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros