Total XP virus

Morning all,
My PC has been infected with the above. Has anyone any proven methods of removing it, as the web search ones seem to all be different.
It shut down my AVG for me so it could install itself on my PC. I cannot get into add/remove programs via control panel now.
Ta

have you tried a restore

I''ve been here for this kinda thing where they live this stuff: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/
tetonbob is the man on there!

Malwarebytes (MBAM) should shift it, but if it won't let you install MBAM follow the instructions in the link at the bottom:

1st thing to do is clear out all your temporary files, tool of choice is ATF Cleaner, it is free and you do not have to install it. Download and instructions here (Windows XP, 2K, 2003 & Vista ONLY)
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected - > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.


Then, please download MalwareBytes' AntiMalware using the BLUE button for the FREE version.


* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware

* Then click Finish

If an update is found, it will download and install the latest version.

* Once the program has loaded, select > Perform Quick Scan, then click > Scan.
* When the scan is complete, click > OK, then > Show Results to view the results.
* Be sure that everything is checked, and click > Remove Selected.
* When completed, a log will open in Notepad. Save this log to My Documents in case it is needed for reference.
Reboot as required.

Run a scan with the program that found the virus/trojan and report back.



MBAM will not install or run.

If Malwarebytes Anti-malware or any of your security programs won’t install, run or update, then you’ve probably got malware or the effects of malware on the computer (some types of malware will disable Malwarebytes Anti-malware and other security tools).

Follow instructions:

http://www.myantispyware.com/2009/06/08/malwarebytes-wont-install-run-or-update-how-to-fix-it/

the last 2 machines ive had stubborn viruses on ive used a memory stick to transfer avast free edition on to the infected computer, i then ran a boot time scan which shifted enough crap out to allow the computer to run malwarebytes and clean the rest out.

I am in the latter process of clearing Total XP Security virus from my main PC.

I am being guided by a chap from www.bleepingcomputer.com - they are very good.

Initial actions were - system restore (backabout a month), then download malwarebytes which got rid of the virus.
I now have a (possible rootkit) pop up issue left behind which is what I am being guided through at the moment.

Best of luck - malware and its authors suck!

Paul

The one VERY important thing to remember once the computer is 'clean', is to purge all your restore points to prevent you accidentally doing a restore to an infected time and having to start all over again.
Then set a new restore point.

Purging System Restore

To remove all SR Points thus removing any contaminated ones:
Turn OFF System Restore then turn it back ON and then set a new restore point.

In XP:
Follow these instructions (method 2)
Then set a new restore point by following these instructions.


In Vista:
Follow these instructions.
Then set a new restore point by following these instructions


In Windows 7
Follow these instructions
Then set a new restore point by following these instructions

Right chaps, an update:-

I think I have managed to clear the Total XP using Malwarebytes. I could not access the internet on my log in due to the Total XP preventing the opening of .exe's.
The malware only appeared to affect my log in as I could access internet via my wife's log in and download Malwarebytes to shared files.
Then by jiggering around with the program extension types/names managed to run it in my log in.
Everything seems clear although out of around 150000 checked items there were 350 odd infected ones. MWb could not get rid of a handful of them.
One thing now is that my sky b/band is now very slow, but with some research this morning it appears that MWb could be slowing it down so might have to delete it ?

Thanks to all contributers so far......

Leave MBAM onboard but make sure it is not set to start at bootup, that way it will use NIL resources and not even be running to slow Sky.

dave

It doesn't sound dissimilar to the scummy antivirus 2009/2010 etc which will screw up explorer once you delete the evil .exe file. You can use process explorer from sysinternals to find the offending exe file

To restore the ability to run exe files you need to import a registry key. I have a copy that i can upload in anyone ever needs it. i would provide a link to the clever fellow that wrote the key but i can remember where I found it.

To date I have not found a program that will kill it. Have tried AVG Avast MBAM and Prevex amongst others.

in all it will take about 10 minutes to find the file (often called av.exe in local settings in docs'n'settings)

I have now completely removed the total xp security virus.
Apart from installing itself, it also let in some random pop ups.

The total fix in my case was

Install and run defogger - deactivate cd emulators

Download, install and run Combofix -this killed 2 infections and 1 rootkit - if it wants to reboot pc to clear rootkit, let it!

Download and run ESET online virus scan - this found a further 2 virus!

Re-activate cd emulators by running defogger again.

Delete all your old restore points

Defrag your harddrive

Create a new restore point.

get hold of registry fix and let that sort out the registry.


Paul