Rouge XP Internet Security 2010 SCAM! How to remove it?

[rivbyte]

I already have Full McAfee Security that came with my ATT DSL, I've run both the Quick scan and the Full scan and found nothing. These annoying pop ups are terrible. This is what I'm getting non-stop.....
_________________________________________
"XP INTERNET SECURITY 2010 ALERT”
“Viruses and/or spy ware are damaging your system right now.
“Your security System is in Danger. Your computer is being hacked with rouge software.
Beware, Spy ware was found, and your computer is now being attacked.
Infection detected in background.
Your data security may be compromised.
Your PC activity is being monitored."

"Unknown program is scanning your system registry right now! Identity theft detected!
Do you want to block this attack?"..options>
1) Please get a copy of XP INTERNET SECURITY 2010 to safeguard your PC while surfing the web (RECOMMENDED)
2) Run a spyware virus, and malware scan
3) Continue surfing without any security measures (DANGEROUS)"
Three of the threats: “Macro.Visio.Radiant”, “Trojan.BNK.WIN32.Keylogger.gen”, and EICAR-test-file”

What stupidity! Yeah, I’m going to believe this is really happening and download the virus, malware, and spyware from the so-called XP INTERNET SECURITY 2010 people, and indeed download and welcome the potential hacker right into my pc!!!! Are you kidding me? These people should get a real job with integrity and stop messing with other people’s computers and lives! This is very shameful!!! This is so sad how individuals and companies wreck havoc with the ordinary person minding his or her own business, and suddenly gets bombarded with fake internet security come on ads.

I’m very careful about what sites I visit, and run frequent scans with usually no risks, AND I recently was so frustrated about not being able to remove the last instance, I had to feverishly wipe my hard drive clean, and reinstall XP OS, all my programs, updates, drivers, documents, music and photos because of this crap! So I ask you honestly, and seriously….
HOW DO YOU HAPPEN TO GET THIS ON YOUR COMPUTER in the first place?

Most “help” sites I’ve seen to remove this intrusion software has you downloading another file of their own like “Spydoctor”, or “Malwarebytes Anti Malware”, to remove such problematic heartaches.
Is there a way to remove this myself, WITHOUT downloading yet another possible software threat?

 

[MustISO]

You can format your hard drive if you want to remove it without using any applications. I'm sure there's a manual way to do it somewhere but there are tools out there for just this type of thing so why not use them.

You can find some info here:
http://forums.anandtech.com/showthread.php?t=98805

I would suggest disabling automatic recover points in Windows. Booting to safe mode and installing something like Kaspersky AV removal tool, Malwarebytes or something similar and scanning while in safe mode.

 

[StormSide]

http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

Be warned that a lot of these rogues are installing tdl3/tdss rootkits on systems.

You can scan with hitman pro 3.5 or Dr. Web Cure it to see if they are installed on your system.

 

[rivbyte]

Thank you for the replies!
Just so you know, I never purposely or deliberately clicked on anything to run a scan from "xp internet security 2010" after pop ups telling me I was infected with malware, trojans,and keyloggers. Right away,after the first one, and several hundred more, I knew it because this hapen two weeks ago I had the same problem, then I reformatted my HDD, and reinstalled windows.

The McAfee I have is the Anti-Virus Plus Select that comes with my ATT ELITE 6MB DSL, but now I am going to use the malwarebytes on a regular basis as well.

Ok. That was a complete nightmare! Especially after reformatting my HDD and reinstalling Windows, software, hardware, Bla Bla Bla about two weeks ago!

So I finally found out one of the files was a AV.EXE hidden in my Hikey_Users, ( Application>Classes>.EXE>SHELL>....ETC, then tried to follow that path to my Windows Explorer folder to delete, but it was not visible, even with my File options enabled to view hidden files and folders, so in safe Mode, I downloaded the malwarebytes utility, ran it for 41 mins.,then it found 9 instances of viruses, I removed them and no problems so far! Thanks for your replies!

btw....in TASK MGR, if you happen to see a AV (dot) Executable file, that's one of them. I had to keep END TASKING this file long enough to download and run the program,otherwise it will keep you from doing so.

 

[jed.moulton]

http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

Be warned that a lot of these rogues are installing tdl3/tdss rootkits on systems.

You can scan with hitman pro 3.5 or Dr. Web Cure it to see if they are installed on your system.

I have used that tutorial several times without issues. Thanks for the heads up about the root kits - will have to check tonight.

 

[samTHEman]

Look, you DO NOT need to format your hard drive like someone else said, there are some good manual removal methods as well as automatic through antivirus removers to remove XP Internet Security 2010.

Let me give you some manual removal tips for XP Internet Security 2010.

Remember this is a rogue antivirus and this malware is tricky so you have to try and out smart it.

Here is the first thing you should do:
1) reboot your computer and RIGHT when Windows begins to load, open task manager (ctrl + alt + del).
2) End this process: av.exe
3) Open up a good spyware program and run a scan to find XP Internet Security 2010.

Ending the process will disable XP Internet Security 2010 allowing you ample time to remove the malware.

If the scan does not find XP Internet Security 2010, then consider running a free scan with spyware doctor from my website.

If you don't want to use a virus scanner, then go about removing the files I have listed on my website that are associated with XP Internet Security 2010.

XP Internet Security 2010

---

Thanks for spamming. I edited your referral link to go directly to PC Tools' link for the product.

Good bye.

Harvey
Senior AnandTech Moderator/Administrator[/b]

 

[santz]

holy shit! you are screwed! I am sorry, I went to almost all procedures and forums and whatnot to get advice. There are only 2 sure ways to remove, First is to format it, the second would require you to be an astronaut and possess a nuke!

 

[MadScientist]

Cleaned this off a computer yesterday. It took about 2 hours. Just follow the instructions from bleepingcomputer that Stormside's post links to.
The virus also runs in Safe Mode and will prevent you from downloading and installing Malawarebytes Anti-malware.
I first ran rkill.com from a flash drive to stop the virus processes and then installed and ran MBA to get rid of it.

 

[leo.m]

Manual virus removal is not what unexperienced computer user would want to do. There are good removal tools created that ease the process of virus removal.

Before installing any anti-spyware tool, make sure you fix bad Windows Registry values by downloading ExeRepair.reg file (XP Internet Security 2010)

Use Malwarebytes Antimalware program instead of Spyware Doctor, which can be downloaded from http://www.malwarebytes.org/mbam-download.php
- Install program by double clicking mbam-setup.exe setup file.
- Stick to the guidelines when installing the program.
- Make sure you update the program with latest entries.
- Start computer scan by launcing the program and pressing "Scan" button.
- After the scan has been completed, click "Show Results", then "Remove Selected".
- Computer restart might be necessary.

 

[Zorba]

Manual virus removal is not what unexperienced computer user would want to do. There are good removal tools created that ease the process of virus removal.

Before installing any anti-spyware tool, make sure you fix bad Windows Registry values by downloading ExeRepair.reg file (XP Internet Security 2010)

Use Malwarebytes Antimalware program instead of Spyware Doctor, which can be downloaded from http://www.malwarebytes.org/mbam-download.php
- Install program by double clicking mbam-setup.exe setup file.
- Stick to the guidelines when installing the program.
- Make sure you update the program with latest entries.
- Start computer scan by launcing the program and pressing "Scan" button.
- After the scan has been completed, click "Show Results", then "Remove Selected".
- Computer restart might be necessary.

Yeah, I got this virus yesterday and I had to run the register fix to get any executable to run. I deleted the av.exe files manually then I let Malwarebytes and Avira clean up the rest. I then ran the virus removal script from the sticky and it said I was completely clean. It was very annoying though.

 

[KamiXkaze]

Thanks for the information

kXk