Computer Help forum

General discussion

Help! How do I remove the "XP Antivirus Pro 2010" Virus?

by Vanillaman / February 24, 2010 9:45 PM PST

The rogue XP Antivirus Pro 2010 has invaded my PC, taking control of everything, including Windows Security Centre, so I can't do a system restore or run my regular real AntiVirus. It won't allow me to download anything either to remove it. Is there anyway of removing this crippling rogue program??

My OS is Windows XP Home Edition SP3, Compaq/HP SR1421UK.

Please remember, this virus will NOT allow me to download anything.

Post a reply
Discussion is locked
You are posting a reply to: Help! How do I remove the "XP Antivirus Pro 2010" Virus?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Help! How do I remove the "XP Antivirus Pro 2010" Virus?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
The post below uses another name
by lacsr / February 24, 2010 10:29 PM PST

but the procedure is the same. Look here: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010
Scroll down until the part called "Automated Removal Instructions for XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 using Malwarebytes' Anti-Malware" Then follow the instructions. An uninfected computer will be needed, more than likely, to download the softwares used for the disinfection. Ask a friend to do it for you if another computer is not available to you or try a library computer.

Collapse -
Help! How do I remove the "XP Antivirus Pro 2010" Virus?
by Vanillaman / February 25, 2010 6:32 AM PST

I was eventually able to access Malwarebytes, and it did get rid of some, altho, it wouldn't allow me to update it. The last time this happened, I was able to get rid of it by running MBytes, then using "System Restore" to set my PC to a previous state. But, this time, I can access "System Restore" at all, as I get this error message:

"System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator".

Collapse -
Speicif Instructions For Antivirus Pro 2010 Removal
by Grif Thomas Forum moderator / February 25, 2010 12:23 AM PST

Much like the post above, they involve using Malwarebytes.. Follow the instructions in the post:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-pro-2010

In most case, you may need to download the Malwarebytes program installer and update files on a separate computer, copy them to a CD or flash drive, then transport them to the infected machine.. I use the two links below to get that done on the separate computer.:

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Hope this helps.

Grif

Collapse -
Help! How do I remove the "XP Antivirus Pro 2010" Virus?
by Vanillaman / February 25, 2010 7:51 PM PST

I was eventually able to access Malwarebytes, and it did get rid of some, altho, it wouldn't allow me to update it. The last time this happened, I was able to get rid of it by running MBytes, then using "System Restore" to set my PC to a previous state. But, this time, I can access "System Restore" at all, as I get this error message:

"System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator".

Collapse -
When my daughter had this
by lacsr / February 25, 2010 8:41 PM PST

I had to start in "safe mode" do the scan with Malwarebytes. When it was done, restart in safe mode and see if you can turn OFF system restore, then do the scan again, still in "safe mode". Restart again but this time in "normal" mode and run the Malwarebytes scan again. Allow it to update then and run it again. If it is gone, then turn system restore back on.
It is a persistent infection and a real pain to get rid of.

Collapse -
A couple of hints.
by Cursorcowboy / February 25, 2010 9:49 PM PST

1. Rkill - Repair Tool of the Week:

The malware world is changing. It?s getting smarter.
In fact, some infections will detect that you have launched an anti-malware tool such as MalwareBytes and close it down as soon as you open it, which makes your job much harder. This is the exact situation Rkill is designed for.

Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP ?Lawrence Abrams? and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem.

2. The article [310353] describes how to disable common startup programs, settings, and drivers to troubleshoot issues that is known as clean booting when logged on as an administrator or a member of the Administrators group.

Since you probably cannot connect to the Web and read the article, here is a partial excerpt of what to do before running any of the antiviral programs:

To manually start Windows XP with a clean boot, follow these steps:

Step 1: Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows
If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

Collapse -
Don't Run System Restore After The Cleanup
by Grif Thomas Forum moderator / February 26, 2010 10:08 AM PST

The problem with doing such is that System Restore probably has a copy of the malware included.. Restoring back will probably cause the computer to be reinfected.

In order to update Malwarebytes, use the downloadable manual updater I provided a link to above.

And yes, as others have suggested, running "rkill" and using the Malwarebytes scanner in Safe Mode are both good ideas.

And to re-enable System Restore, you need to edit the registry like this.. AFTER Cleaning up the computer completely.

1. Click Start, Run and type regedit.exe and press Enter

2. Navigate to the following key:

HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore

In the right-pane:

* Delete the value DisableConfig
* Delete the value DisableSR

3. Exit the Registry Editor.

Or, if using XP PRO...

1. Click Start, Run and type GPEDIT.MSC

2. Navigate to this path:

-> Computer Configuration
--> Administrative Templates
---> System
----> System Restore

3. Set Turn off System Restore to Not Configured

4. Set Turn off Configuration to Not Configured

Hope this helps.

Grif

Collapse -
2010/PAV/WAV
by Phil Crase / February 25, 2010 11:38 PM PST

This usually works. On a CLEAN computer, download the UPDATED version of Malwarebytes, send it to a flash drive. On the infected computer, boot to SAFE mode, put flash drive in usb port, open file, drag Malwarebytes to desktop, run, reboot, re run Malwarebytes in normal Windows mode, have done this several times with good results. IF this does the trick, get some decent AV/SPYWARE software.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.