I've got a virus - it's calling itself XP2010 and masquerading as a Windows security update.

Just wanted to warn everyone, and would someone tell me whether I should stop posting, ie whether I can infect the forum by posting?

Have a read here

http://www.2-spyware.com/remove-antivirus-xp-2010.html

Thanks Miz.

Had a read, downloaded Spyware Doctor - unfortunately it seems to be just as bad as the original problem, which I still have. It finds lots of threats including the XP2010 thing - but it won't remove them unless I buy the full version!

But it wouldn't let me get online to do that till I disabled it!

So I don't know where the hell to go from here! Probably down to the local computer shop!

Probably a version of the vista antivirus 2010 that i got last week. It took me ages to fix it, eventually used Spybot Search and Destroy and spy doctor. Even then i could down load the programs but it wouln't let me open them unless i right clicked on the desktop icon and then ran as an administrator.

Try Spybot Search and Destroy first as its free.

Hope you get it sorted BG.

http://www.superantispyware.com/download.html


muy keuyboasrd is broken!@!@

this is as greasrt prograsm..should gert rid of thart nasty 4u!@

another vote for superantispyware from me


..............Sam

And a vote for a Kinesis Contour from me!

I spilt a cuppa on it last night, but it seems to have dried and decided to work again! Hurrah!!

But those ones do look kinda cool!

Trying to use Spy Doctor seems to have made matters worse. And nowAVG is completely disabled so I think I'm unptotected. I think it's going to be a trip to the computer shop, just thinking about trying to deal with it myself is giving me a headache now. I spent 4 hours on it yesterday, I could only get online vis MSN so my daughter in France was searching forums and posting links for me!

Honestly BG..give SuperAntiSpy a shot; it's hot poo! (and free!)

Yeah, but they're pricey as hell. I bought one a few years ago because I was typing so many reports my wrists and hands were aching. Eased right up with a Kinesis Contour. Got a Dvorak one too - good fun relearning how to type, but nobody fecks with my computer at work



I have to confess. One of the guys in the office got this on his laptop. I ended up scrubbing it and reinstalling the whole lot. One weekend later and he's got the fecking thing back on again
I took an inage of his computer after I cleaned it up, so the next reinstall took 20 minutes, but if he gets it again I'm going to go fecking spare.

Good luck!

Just out of interest Bobbi, how did you get it? Did it automatically download as an update or did you find it on a site somewhere?

Dunno really. It wasn't there and then it was - telling me my computer was infected with all kinds of Trojans and trying to get me to 'download the full version' and pay for it.
Computer has now been fixed by Andy the Computer man in local shop - he said some people signed up and had thousands taken from their accounts!

Well, if anyone else gets it - here's a step by step guide how to get shot of it.

And for anyone who can't get on the internet to download the tools - I couldn't get on nwith Firefox or IE the normal way but I could still get on MSN, and found I could access the internet by posting a link in an MSN conversation box then clicking the link - might work for others? It seems to affect different computers in different ways.

I have a question for those with the know-how.

I have half an idea that this may have arrived posing as a security update. I've got a security update waiting to be downloaded now (via automatic updates) but
1)how can I be sure this is genuine?

2)I went to have a look at the MS updates page and it's there but I had to Google for the page so how can I be sure I'm looking at a genuine MS page?


Bit nervous about downloading anything now!

The recent updates from Microsoft are: KB975561(windows update) KB90830(malicious software removal tool) KB976002 (browser choice application) - I know this cos I went and downloaded them earlier direct from Microsoft just to make sure. I didn't bother with KB976002 cos it appears to be a pain that you don't need anyway (apparently the EU has forced Microsoft to give you a choice of what browser you use, but as you already have Firefox I wouldn't bother downloading it either)
It might be worth going directly to Microsoft (not the support site as you're on Firefox and it wont let you view it on that ) Just go to Microsoft Download centre and type the codes in the search box because it says on the net that that virus could masquerade as the window updater - probably won't now yer shot of it - but if yer nervous....

Yep, can you tell me the url for the the Microsoft Download Centre, to make sure I have the genuine one?


Update - VERY interesting! Spyware Dr just finished a scan and removed 2 adware things and one something else, cant remember what it said - and the little yellow 'update' shield has disappeared!

Which leads me to belive that's how I got it. Although someone on another forum just said they got attacked while uploading photos to Photobucket - and that's what I was doing when I had the first popup from the XP2010 so it may have been there.

This one

Cheers, bookmarked that.

As the guy who often spends more time fixing everyone else's PCs up than he does his own job, I discourage people who aren't 100% confident with what they are doing when it comes to spyware and virus removal.
There are many bogus pieces of software under the guise of spyware/virus removal or system optimisation tools which actually do the opposite - often slow your PC down by installing its own spyware - and as previously mentioned, some poor sods fall for it and give out their bank details in hope of getting it sorted.

A few points I've picked up from doing this - quite a lot of times, for various colleagues, family and friends. Sounds like Defiler's done it a few times too...

I steer well clear of things which strongly advertise themselves as free utilities unless I trust their source. AVG is a reasonable free virus scanner but I have removed viruses from several people's PCs who use it therefore I don't see it as that reliable. I strongly recommend Eset's NOD32. It is not free but when I bought my license it cost less than Norton and the mainstream competitors, and it performs faster, uses less memory. It has not let me down yet. Playing it on the safe side, don't install any anti virus/spyware if you've not heard of it before or it hasn't been recommended by someone you trust.

Be prepared to potentially spend a LOT of time on it, but awkwardly a lot of that time is spent waiting for different pieces of software to scan your PC. Zzzz. There are times I've spent a couple of days on a machine removing spyware for people. If you have no valuable info or you have backed it up, sometimes it really is easier to format your hard drive and reinstall windows/software, but you won't know unless you try removal and I have never had to resort to that, touch wood.

Use combinations of several tools, no one piece of software will detect all problems, and as BG has now found out, some nasties can even disable your virus shield/firewall/ineternet connection rendering your PC vulnerable or unable to download any fixes. Very irritating...

My top tools for getting rid of the bugs are Spybot - S&D, Microsoft Antispyware/Windows Defender (yep it is actually worth a shot), Killbox (used for ending stubborn processes and removing protected files) HijackThis (a free browser hijack analysis tool), Process Explorer (useful monitor tool to see what processes and services are running and see their individual memory/processor usage)

Hope this helps, spyware/virus removal really sucks and I hate doing it. Good luck!

Good advice, Forward.

i would also suggest users that have been infected with viruses to update their password details on any important online sites they use. If possible try to use a different machine to change passwords rather than the one that has been attacked and subsequently cleaned. Sometimes you think the AV has done its job, but you can never be absolutely sure.

For what it's worth, here's my 2p...

AVG is not perfect, but then none of them are. But AVG is free, so if you're on a budget (or just want something basic) it's better than nothing at all.
Malwarebytes AntiMalware is an excellent tool for removing spyware (again, free). It's my first stop for things like this.

Both of these programs have priced versions, but I've just used the freebies quite successfully. For work machines it's usually easiest just to scrub and reinstall if there's something properly nasty, because there's no information on them that I need to keep (all on the servers, and backed-up). For home users that's very different (how many people here have taken a backup of their stuff lately?).

If you do have to scrub and reinstall for any reason, and you have access to a networked drive that you can dump some big files onto, or maybe a removable USB hard disc, I can recommend CloneZilla. It'll let you take an offline snapshot of your computer, and record it. So long as it's not too big, you can wind up with a single DVD to restore your computer to good-as-new state in 20 mins or so. Saves a lot of pissing about if you do need to scrub it. If you split your hard disc into a C drive (for Windows, and some core applications), and a D drive (for your data and other applications), just clone the C drive. That way you can at least get Windows bolted back together again, and with only a little luck your D drive will be untainted. But that's a case of forward planning for the next time it happens.

As an aside, it pisses me off just how much viruses plague Windows. It's not all Windows fault, to be fair, but sometimes I long for my old Acorn Archimedes - operating system in ROM so it can't be fecked with...

Edit: oh - and the official url for windows update is http://update.microsoft.com/ - I don't doubt that the one above works, but it may change in the future. This one will always point to the correct location.

I know - but that page won't let you view it unless you're using IE - so the above link is the one posted on that page for people who aren't using IE

I can definitely recommend anyone who's not very computer literate taking it to the shop!
Same bloke saved all my data when the hard drive was fried - when that happened to friend she just bought a new computer and lost everything she had on the old one.

Hmm, this sounds like what happened to my oher half's daughter - browsing a site, popup appears saying "you've got an infection, click here to scan and remove" and it's at that point that the real virus installs itself - whe you clikc on a button to allow it to install.

Weused malwarebytes to remove her infection. Learm what the dialogs for your antivirus and othe scanning software look like. If you see a dialog pop up that is diffrent and you don't think it looks right, do NOT click any buttons that imply ok go ahead and scan, as that's when you get the online trip to Praed Street.

Another question while this thread is going.

Since I got the computer back there's one thing I don't like - the AVG icon had disappeared from the system tray (I think that's what it's called, bottom right of the screen?)
I know AVG is working cos I've checked that it's doing the scheduled scans and updates, and it's marking my emails as being checked. But it's much better when the icon is there as I can see at a glance what it's doing without having to open the control centre. It must be just a setting, but I changed the one I thought was relevant and didn't make any difference.

That was Tools - advanced settings - display tray notifications. All the options on that page are ticked.

Any suggestions?

It may not appear in the system tray until you restart your comuter, as I think it reads the settings once at startup. Avast! is like that, anyway.

I thought that but it didn't appear. Might have to pop into the shop again.

Edit - Better idea, have posted the question on the Free AVG support forum.

Hm, no response from there either! Back to the shop then!

Vista/Win7 or XP?

in the former there is a "hide inactive icons" option if you right click the taskbar, select properties and select notification area

Nope, XP