2008 Antivirus Alert
- North Texas Mudduck
- Wordwide & Qualified
- Posts: 2,921
- Joined: Sep 30 2006, 20:22
- Contact:
2008 Antivirus Alert
anyone know how to get rid of the virus alert
it changes the desktop screen
changes the time clock in the bottom right corner to militarytime
where the time is located to the right of that it says VIRUS ALERT
it locks out the task manager
in the start then setting menu it clears that to only be able to see taskbar and menu
anyone got an idea how to kill it
and no stinger or avg wont even touch it
it changes the desktop screen
changes the time clock in the bottom right corner to militarytime
where the time is located to the right of that it says VIRUS ALERT
it locks out the task manager
in the start then setting menu it clears that to only be able to see taskbar and menu
anyone got an idea how to kill it
and no stinger or avg wont even touch it
A gun in the hand is better than a cop on the phone
- TwentyTwo-Zero
- Donor
- Posts: 1,742
- Joined: Oct 23 2007, 12:48
- North Texas Mudduck
- Wordwide & Qualified
- Posts: 2,921
- Joined: Sep 30 2006, 20:22
- Contact:
- TwentyTwo-Zero
- Donor
- Posts: 1,742
- Joined: Oct 23 2007, 12:48
- Black Lightning
- Wordwide & Qualified
- Posts: 599
- Joined: Feb 20 2008, 21:46
- Handle: Black Lightning
- Real Name: Gary
- Antenna: Super Penetrator
- Radio: '78 Cobra 2000 GTL
- Contact:
As a computer tech, I do not recommend Norton 360 to ANYONE. It has caused way, way more problems than it's helped - things such as complete lockout of the internet (something I call 'firewall disconnect'), absolute total hammering of the computer (all your resource are belong to us), things of that nature.TwentyTwo-Zero wrote:Have you tried [Please login or register to view this link]?
In response to the original poster, you got hit with one of the various Smitfraud rootkits. Godspeed in its removal, it's a tough one.
In the meantime, STAY AWAY from anything that calls itself "WinAntiVirus" or "XP AntiVirus Pro 2008" or any mixture of those two terms.
Hey NorthTexas,
That thing you are infected with is called Antivirus 2008. If you do a search on google, you will find a manual way to remove it. The only way to automatically remove it, is to pay for a removal program, that is probably made from the manufacturer. Adaware, Spybot, and all the ot her popular spyware removal tools will not remove this program. I'm "retired" from computer service, but still in the past few weeks I have repaired numerous computers infected with this crap. In a nutshell, you go to Program Files, delete the program, and then remove it from the registry and remove it from the start-up.
Good luck. If ya can't get it removed, shoot me a PM and I'll try to help more.
That thing you are infected with is called Antivirus 2008. If you do a search on google, you will find a manual way to remove it. The only way to automatically remove it, is to pay for a removal program, that is probably made from the manufacturer. Adaware, Spybot, and all the ot her popular spyware removal tools will not remove this program. I'm "retired" from computer service, but still in the past few weeks I have repaired numerous computers infected with this crap. In a nutshell, you go to Program Files, delete the program, and then remove it from the registry and remove it from the start-up.
Good luck. If ya can't get it removed, shoot me a PM and I'll try to help more.
- North Texas Mudduck
- Wordwide & Qualified
- Posts: 2,921
- Joined: Sep 30 2006, 20:22
- Contact:
- lonewolf
- Wordwide & Qualified
- Posts: 692
- Joined: Nov 11 2006, 19:20
- Contact:
- North Texas Mudduck
- Wordwide & Qualified
- Posts: 2,921
- Joined: Sep 30 2006, 20:22
- Contact:
- lonewolf
- Wordwide & Qualified
- Posts: 692
- Joined: Nov 11 2006, 19:20
- Contact:
- causmik
- Donor
- Posts: 851
- Joined: Oct 04 2006, 07:21
- Contact:
RE 2008 Antivirus Alert
I had a similar situation. I kept getting a notification similar to what you are describing. It is a spyware/malware virus. Mine kept prompting me to get a free pc check-up for virus and when one does the spy/malware was installed. I had to spend lots of time removing the installed junk daily until I took my pc to a tech. I have all the goodies to protect against such junk but it still got by. I had to take my pc to a shop where they have the appropriate removal system.North Texas Mudduck wrote:anyone know how to get rid of the virus alert
it changes the desktop screen
changes the time clock in the bottom right corner to militarytime
where the time is located to the right of that it says VIRUS ALERT
it locks out the task manager
in the start then setting menu it clears that to only be able to see taskbar and menu
anyone got an idea how to kill it
and no stinger or avg wont even touch it
The prompt-alert is the virus.
Mike
- Av8r1
- Donor
- Posts: 285
- Joined: Aug 15 2006, 21:57
- Real Name: Bill
- Radio: Kenwood TS-530s
- Contact:
- Falcon99V
- 6 PILL USER
- Posts: 64
- Joined: May 17 2008, 14:20
- Real Name: Bill
- Antenna: Smokin Joe Gun II
- Radio: Galaxy 2517
- Contact:
- TwentyTwo-Zero
- Donor
- Posts: 1,742
- Joined: Oct 23 2007, 12:48
Being a computer tech, then you should also be aware of the fact that these issues were resolved with the release of 360 2.0. It consumes LESS resources then either MacAffee or One Care, doesn't slow your computer down as much as either of those programs and is updated multiple times a day with the most current virus definitions making it a better choice if you are serious about protecting your computer from viruses/trojans and online attacks.Black Lightning wrote: As a computer tech, I do not recommend Norton 360 to ANYONE. It has caused way, way more problems than it's helped - things such as complete lockout of the internet (something I call 'firewall disconnect'), absolute total hammering of the computer (all your resource are belong to us), things of that nature.
In response to the original poster, you got hit with one of the various Smitfraud rootkits. Godspeed in its removal, it's a tough one.
In the meantime, STAY AWAY from anything that calls itself "WinAntiVirus" or "XP AntiVirus Pro 2008" or any mixture of those two terms.
If you go [Please login or register to view this link] you can run a free virus scan on your computer. If you have pop=ups blocked allow them on this site and select "Virus Detection". After the scan is complete you will be instructed on how to remove any/all viruses/trojans/malware that is found. Best of all it is provided by the LEADER in antivirus software - and it is FREE. :wink:
Here is the url in case it didn't come through above:
[Please login or register to view this link]
Save Your Money, Don't Go To The Show
And Don't You Eat That Yellow Snow...Frank Zappa
------------
WR0220 Washington State 38LSB
CPI • Cobra • Icom • Yaesu
And Don't You Eat That Yellow Snow...Frank Zappa
------------
WR0220 Washington State 38LSB
CPI • Cobra • Icom • Yaesu
- KI4MSJ
- Donor
- Posts: 668
- Joined: Nov 09 2006, 10:57
- Handle: Barnstormer
- Real Name: SCOTT
- Radio: ICOM 7000
- Contact:
- Black Lightning
- Wordwide & Qualified
- Posts: 599
- Joined: Feb 20 2008, 21:46
- Handle: Black Lightning
- Real Name: Gary
- Antenna: Super Penetrator
- Radio: '78 Cobra 2000 GTL
- Contact:
What NCMidnight is referring to is a removal tool called "SmitRem" or "Smitfraud Remover". Smitfraud is the malware itself. These latest versions don't go away simply with Smitrem. In my experience, the only way to get rid of it without referring to the 'nuclear option' of reformatting and reinstalling, is to use a BartPE disk of some sort. I use "The Ultimate Boot CD for Windows". You boot the system to that, which is in effect a Windows XP live CD, and the hard drive is not locked by the OS. Also, since you're running a clean copy of XP that cannot be infected (Closed CD-ROMs cannot be written to), you can find the stealth components of the infection which exist in various areas of the system.
XPAntiVirus2008 installs itself into the registry in the following keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon Shell
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify
as well as various named services under
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x\Services (where the 00x in ControlSet00x refers to the most recent one).
It also manipulates registry keys that prevent the user from running regedit or ctrl-shift-esc or ctrl-alt-del to access the task manager. There are registry access tools that you can obtain in order to repair the registry so you can access it with regedit (these tools will not work if the malware is running, however).
With a BartPE CD, you can use the command prompt to delete random filenames in the \windows\system32 directory, files that are usually dated the current date or within the time the computer has been infected. Files with .exe and .dll extensions, as well as any .htm or .html file in the system32 dir. Some variants also create 'INI' files in the system32 dir as well. These are easy to spot however; they're usually large compared to real INI files (e.g. 161,200 bytes) and when you attempt to read them, they're binary and not text. Any filename ending in .ini2 or .ini.bak can safely be deleted. You can use RegEditPE to load the remote registry (the registry on the infected computer) to fix keys in there.
Twenty-Two Zero - I'd love to believe that, however I was dispatched last week to fix someone's computer which had pretty much hard locked from CPU load. The installed Norton 360 2.0 was the culprit. A quick run of the symnrt tool from Symantec fixed it by deleting the software. Symantec software has not been good now for a number of years. The only thing they make that I find useful is Ghost.
XPAntiVirus2008 installs itself into the registry in the following keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon Shell
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify
as well as various named services under
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x\Services (where the 00x in ControlSet00x refers to the most recent one).
It also manipulates registry keys that prevent the user from running regedit or ctrl-shift-esc or ctrl-alt-del to access the task manager. There are registry access tools that you can obtain in order to repair the registry so you can access it with regedit (these tools will not work if the malware is running, however).
With a BartPE CD, you can use the command prompt to delete random filenames in the \windows\system32 directory, files that are usually dated the current date or within the time the computer has been infected. Files with .exe and .dll extensions, as well as any .htm or .html file in the system32 dir. Some variants also create 'INI' files in the system32 dir as well. These are easy to spot however; they're usually large compared to real INI files (e.g. 161,200 bytes) and when you attempt to read them, they're binary and not text. Any filename ending in .ini2 or .ini.bak can safely be deleted. You can use RegEditPE to load the remote registry (the registry on the infected computer) to fix keys in there.
Twenty-Two Zero - I'd love to believe that, however I was dispatched last week to fix someone's computer which had pretty much hard locked from CPU load. The installed Norton 360 2.0 was the culprit. A quick run of the symnrt tool from Symantec fixed it by deleting the software. Symantec software has not been good now for a number of years. The only thing they make that I find useful is Ghost.
- PONY EXPRESS
- Wordwide & Qualified
- Posts: 986
- Joined: Aug 09 2007, 21:04
- Radio: GOLDEN EAGLE Mark IV
- Contact:
Good Luck
Hope you solve your problem .We use Norton 360 but we can't recommend it it doesn't catch all spy ware according to spy-bot