Try this -- soldiers

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Main index ] [ Search | Check update time | Archives: 1, 2, 3, 4, [5], 6, 7, 8, 9, 10 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 09:51:14 02/02/09 Mon
Author: TheBluesBrother
Subject: Try this
In reply to: Totores 's message, "HELP i'm infected with antivirus 2009" on 06:49:01 02/02/09 Mon

I wrote this tutorial when AntiVirusXP2008 hit everybodys system, and I have not heard of a 2009 version as yet, maybe this will still work.

....................................................

How to remove the AntiVirusXP2008 virus from your system.

Thanks to symantec for the info:

CODE
http://www.symantec.com/security_response/writeup.jsp?docid=2008-071613-4343-99&tabid=3

Name: AntiVirusXP2008
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, and Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

Disable System Restore (Windows Me/XP).
For specific details on each of these steps, read the following instructions.
To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

How to turn off or turn on Windows XP System Restore.
1 Click Start.
2 Right-click My Computer and then click Properties.
3 On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
4 Click Apply.
5 When you see the confirmation message, click Yes.
6 Click OK.

How to disable or enable Windows Me System Restore.
1 Click Start > Settings > Control Panel.
2 Double-click System. If the System icon is not visible, click View all Control Panel options.
3 On the Performance tab, click File System.
4 On the Troubleshooting tab, check Disable System Restore.
5 Click OK.
6 When you are asked to restart Windows, click Yes.

To delete the value from the registry

Important: strongly recommend that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document:

How to make a backup of the Windows registry.

Run this tool if you can get on the Internet.

CODE
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617?OpenDocument&src=sec_doc_nam

The backup is saved in C:\ with the file name SYM_REGISTRY_BACKUP.

Removing the registry values.

Click Start > Run.
Type regedit
Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool "UnHookExec.inf�, and then continue with the removal.
Download the file UnHookExec.inf and save it to your Windows desktop.

CODE
http://homepage.ntlworld.com/bennett.michael/Tools/UnHookExec.inf
Or
http://securityresponse.symantec.com/avcenter/UnHookExec.inf

(If you cannot connect to the Internet from the infected computer, download to an uninfected computer then save it to a floppy disk. Then take the floppy disk and insert it in the floppy disk drive of the infected computer.)

Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)

Navigate to and delete the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\M*cros*ft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\"AntivirXP08" = "AntivirXP08"
HKEY_LOCAL_MACHINE\SOFTWARE\M*cros*ft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\Program Files\[RANDOM NAME]\[RANDOM NAME].exe"

Navigate to and delete the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\M*cros*ft\Windows\CurrentVersion\Uninstall\[RANDOM NAME]
HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME]
HKEY_LOCAL_MACHINE\SOFTWARE\M*cros*ft\Windows\CurrentVersion\[RANDOM NAME]

Disclaimer: Playing about with your registry can seriously damage you system.

I hope that this info can help somebody.

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

Thanks I'll try this -- Totores, 19:14:17 02/02/09 Mon

Forum timezone: GMT+0
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.