Not joking - ms virus

This is a discussion on Not joking - ms virus within the Tech Board forums, part of the Community Boards category; A person (not me) accidentally activated a program called "XP Antivirus 2008" (It's from MS) that is restricting all access ...

  1. #1
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    1,620

    Not joking - ms virus

    A person (not me) accidentally activated a program called "XP Antivirus 2008" (It's from MS) that is restricting all access to the net using IE7, I even ended it's processes and deleted it's program files, and restarted the computer, but it remains intact. Even when I tell it I don't care about it's opinion it says I must buy the full version for $50 or else (in other words, but you get the idea).
    The only reason I'm doing this now is because I'm in safe mode (yes I know what that means).
    Please help, this person is not happy, I wish to fix this for this person. Thanks.
    A class that doesn't overload all operators just isn't finished yet. -- SmugCeePlusPlusWeenie
    A year spent in artificial intelligence is enough to make one believe in God. -- Alan J. Perlis

  2. #2
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    This isn't that new and it's not developed my Microsoft. It actually recently destroyed one of my family member's computers as well, which we had to reformat. These new fake anti-spyware trojans have gotten so much more aggressive as of late that it's scary.
    Sent from my iPad®

  3. #3
    Registered User
    Join Date
    Apr 2007
    Location
    Sydney, Australia
    Posts
    217
    In safe mode download a program called "highjackthis", run it and deselect anything that you know shouldn't start when windows starts.

  4. #4
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,789

  5. #5
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    1,620
    Thanks for the help! Using Fordy's link I downloaded the free version of SpyHunter, which gave me the class id of Vundo (the core of this trojan), but wouldn't remove it for me. So I got rid off all the reg keys named the class id.

    Vundo Trojan Class ID: 037C7B8A-151A-49E6-BAED-CC05FCB50328
    A class that doesn't overload all operators just isn't finished yet. -- SmugCeePlusPlusWeenie
    A year spent in artificial intelligence is enough to make one believe in God. -- Alan J. Perlis

  6. #6
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,587
    SpyHunter is apparently also some spyware/adware or something along the lines bundled with it according to Spybot.
    The easiest way is just to use NTFS permission settings and disable everything but delete, then reboot the computer.
    Then you can proceed to remove everything.
    But shouldn't Spybot detect this crap?
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  7. #7
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    1,620
    >> But shouldn't Spybot detect this crap?
    I dunno. I never tried.

    >> The easiest way is just to use NTFS permission settings and disable everything but delete, then reboot the computer.
    Not really, removing it wasn't hard, finding it was the thing. (That's what I used SpyHunter for)
    A class that doesn't overload all operators just isn't finished yet. -- SmugCeePlusPlusWeenie
    A year spent in artificial intelligence is enough to make one believe in God. -- Alan J. Perlis

  8. #8
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    It's amazing what you DON'T get when you DON'T click download and then open/run. I only run programs I trust and if a site is forcing something to run most of my protection apps kick into high gear and throw up dialogs everywhere.

    The only 'virus' MS has ever written is Windows Vista.

  9. #9
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,459
    Following on that thought. Three pieces of advise for you friend:

    1. Don't click banners. Particularly don't click banners that promise you things, inform you just won something, provide a mini game, or try to scare you into clicking them. But, mostly don't click banners, period. Much to the dismay of legit web advertisement, the fact is that until online crime fighting gets more active (shouldn't take long. Important legislation has already been passed on a large group of countries and whole departments are being created a little everywhere), web advertisement is mostly a war zone with no rules and, risking a tasteless analogy, the biggest minefield on the web. If banner interests you, take a note of the product name and google for it. If the banner doesn't advertise the name of whatever it's selling, just IGNORE it.

    2. Don't trust the web. Don't trust links, images, files. Fact is the web is also used with criminal intent. Clicking everything you see on the web can only be compared to stop and talk with every stranger you find on the street, or accepting an hitchhike from anyone. Transport real life into the web. Don't think it's a world apart. It's not. It's very palpable to the point of being able to take your credit card away from you, damage your computer or ruin your work. One of the worst acronyms transported to the web was IRL. There's no such thing, in the sense you are always in real life when you are on the web.

    3. Finally, practice safe browsing. XP Anti Virus 2008 is advertised on pornographic and warez websites. He shouldn't go to those websites if he doesn't understand the basics of how to protect himself from all manners of aggressive website scripts. He shouldn't also, of all places, click banners on those websites.
    Last edited by Mario F.; 06-22-2008 at 08:56 PM.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  10. #10
    Registered User
    Join Date
    Nov 2007
    Posts
    57
    I got this once too. I just downloaded Spybot S&D and it got rid of it.
    Although I think I had to run it multiple times, and remove it from the start-up entries.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Speed test result
    By audinue in forum C Programming
    Replies: 4
    Last Post: 07-07-2008, 05:18 AM
  2. Trojan horse generic
    By crvenkapa in forum Tech Board
    Replies: 8
    Last Post: 06-04-2007, 08:49 PM
  3. Ping
    By ZakkWylde969 in forum Tech Board
    Replies: 5
    Last Post: 09-23-2003, 12:28 PM
  4. The Timing is incorret
    By Drew in forum C++ Programming
    Replies: 5
    Last Post: 08-28-2003, 04:57 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21