• Welcome to The Truck Stop! We see you haven't REGISTERED yet.

    Your truck knowledge is missing!
    • Registration is FREE , all we need is your birthday and email. (We don't share ANY data with ANYONE)
    • We have tons of knowledge here for your diesel truck!
    • Post your own topics and reply to existing threads to help others out!
    • NO ADS! The site is fully functional and ad free!
    CLICK HERE TO REGISTER!

    Problems registering? Click here to contact us!

    Already registered, but need a PASSWORD RESET? CLICK HERE TO RESET YOUR PASSWORD!

Need help

Unit453

Unit453

Cruises comfortably at 140...
Administrator
Messages
7,124
Reaction score
16
Location
Bradenton, FL
I ended up with a virus yesterday. Not sure where or how I got it but I got it, none the less.

Anyways, I've been using AVG which seems to work very well. I also have spybot which actually located the viruses and moved them to a vault. Problem solved.

During all of this, XP Defender started going crazy with all kinds of warnings and pop ups that simply will not stop. I guess this is the windows XP "free" version of anti virus software. Anyways, my free subscription is up and now, it's telling me that I'm still infected, identity theft is occurring and that my system is being hijacked. Its relentless.

I cant shit this software off. It's redirecting me to their website so that I can pay for their subscription. I think its total b.s. because I cant disable the software or delete it or anything. Every 3 seconds, I'm getting another pop up box telling me about Malware intrusion, System hijack, identity theft, my PC is being monitored, and everything else under the sun.

I've tried to go into control panel and disable it but it will not let me. I've tried restarting but it does no good. I need help here deleting this crap. It wont leave me alone, nor can I right click to disable it.
 
Restart your computer, and try to boot up in safe mode. Then run your anti virus programs.

Some times Nick, I've had to backup and wipe clean. :(
 
Do NOT pay or go to their website !!! Go to housecall.antivirus.com and use the free online scan. I suspect you will need to install either superantispyware or malwarebytes to eliminate this bug.
 
Its already been eliminated by my other programs. I just cant get this XP Defender to shut down.
 
The issue isn't the xp defender... You appear to still have a hijacker running. Defender should not act like that.

Sounds like a spoof to me.
 
Well, spybot caught it and immunized it. In the mean time, I unplugged my cable connection so I couldn't access the internet. I didn't want 6k emails to go out from whatever this is.

I then ran AVG and that came back clean, just found a bunch of tracking cookies.

Now, this XP Defender will not stop the pop ups. I cant shut it down. It constantly brings me to the option where I have no choice but to go to their website to purchase the *real* version. It will not let me disable it.

If I boot up in safe mode, will it turn this friggen thing off?

Or is there a good free anti virus that anyone recommends? Spysweeper is not free but at this point, I'm not putting any credit card info into this computer.
 
I take it you're still on the XP OS? If you had W7, I assure you microsoft security essentials (free) would not let one damn thing through that you don't want all the while not bothering you one bit unless it's to recommend a brief update. I'm thrilled with MSE after all the BS I put up with on the XP OS.
 
I'm not opposed to windows 7. Can I download this somewhere? What's this cost?

D2 Cat, thanks for the link.
 
Nick, I'm serious... don't pay for anything online from these guys.


What you have is a Browser Hijack - related to the 'Antivirus 2009' or 'Internet security' hijacks.

What they do is TRY to get you to go to their website and pay them $ to remove it - and then once they have your $, nothing changes... you still have the same damn thing. If you're lucky. In some cases, they get you to PAY to download a REAL virus/Trojan and install it for them - which gives them COMPLETE control of your machine.

Spybot did NOT catch it and immunize it. Spybot flagged the carrier program.

This XP Defender is not a Microsoft program, and is not related to Windows Defender.

This is similar to what Justin picked up about a year ago... and just as persistent. You will need to download MalwareBytes, FixExe.reg, and follow the directions found here, starting at the text:

"Automated Removal Instructions for XP Security Tool 2010, XP Defender Pro, Vista Security Tool 2010, and Vista Defender Pro using Malwarebytes' Anti-Malware"

Do not download anything off that last page... just follow the directions on how to use MalwareBytes.

If you need more help, let me know.

Jim
 
I attempted to reboot in safe mode but it was freezing up on me and I'm unable to even log in. I'm typing this from my work ToughBook so it looks like I'm down for the count for a while.

Jim, I do apprecite your help. Lets set up a time to where you can walk me through this over the phone and I'll call you. I'm going back to work 1500-0300 for the next two days. Hopefully I can get it booted up at least.
 
Unit453 said:
I attempted to reboot in safe mode but it was freezing up on me and I'm unable to even log in. I'm typing this from my work ToughBook so it looks like I'm down for the count for a while.

Jim, I do apprecite your help. Lets set up a time to where you can walk me through this over the phone and I'll call you. I'm going back to work 1500-0300 for the next two days. Hopefully I can get it booted up at least.
Click to expand...


Well, Nick I appoligize. Safe mode will just boot up the necessitys of windows. I've used it many of times when the computer is messed up so bad that you can even click a icon.
 
Nick, if you were to restore your computer to a earlier time I have had alot of success at this. Download Microsoft Security Essiatials. It is free and works really well.
 
Sorry Tim, SytemRestore won't work in this instance. This malware is the same type as the dreaded 'Antivirus2009' exploit. It's a rogue browser hijack that creates its own entries and resists removal. I'd be willing to bet that the rollback feature is inoperative.

When this thing is active, you can't download or install antivirus programs, it will block access to sites like McAfee or Spysweeper or Microsoft, etc.

It's a nasty little bugger. The only things I know that touch it are Superantispyware and MalwareBytes, and both of them require a registry hack before they will be allowed to run.

This thing is delivered by a Browser Exploit - if you get a pop-up telling you you're infected and that XP Defender or Vista Antivirus (depending on your OS) has caught the little namdit, the best thing to do is shut the machine off. You CAN close the pop-up through task manager, but if you click it you install the payload.

I hate poopy stuff like this... I would LOVE to catch somebody making or releasing one of these. Just once.

I do agree with downloading MSE, once he gets this thing eradicated. Other than being a little resource-heavy, it's a nice program that works well with XP
 
I had a call about this a few weeks ago. I was lucky in the sense that I went into safe mode and restored to a earler time and installed MSE and got rid of it. i have also had to do a fresh install...many hours of hard work if the customer doesn't have any disks. It will make you chase it all over the place....it is wouldn't allow me to download or install and ?.exe files.
 
You must log in or register to reply here.
Back
Top