How do i get rid of XP Internet Security?

May 16, 2011 at 16:30:57
Specs: Windows XP
OK so i got this rather annoying Malware, and I'm trying things to get rid of it.

First, i used a USB key to put RKill and the MalwareBytes setup on my infected computer

Second, i ran RKill, which killed the virus process. I'm no longer getting bugged by infection messages and got my PC in a less lagged stance,

Third, I installed MalwareBytes, updated it and I'm currently running a full scan of EVERYTHING on my PC.

When the scan is done and i get to see the report log, how can i be sure that the virus is really gone and that there is no "remnants" of the files and that the registry wont install it back?



See More: How do i get rid of XP Internet Security?

Report •

#1
May 16, 2011 at 16:37:08
Also, I just turned off System Restore (while MB was running)

Report •

#2
May 16, 2011 at 17:53:22
OK, the MalwareBytes scan is done!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6593

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/16/2011 9:48:56 PM
mbam-log-2011-05-16 (21-48-56).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|H:\|)
Objects scanned: 369518
Time elapsed: 1 hour(s), 31 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR (Backdoor.Trojan) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Christian\Local Settings\Application Data\vhe.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Christian\Local Settings\Application Data\vhe.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Christian\Local Settings\Application Data\obj.exe" -a "C:\Program Files\Intern") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\christian\application data\Sun\Java\deployment\cache\6.0\28\21d3a2dc-152d5502 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\christian\local settings\application data\obj.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\Oreans.sys (Backdoor.Trojan) -> Quarantined and deleted successfully.
c:\documents and settings\christian\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

The Full scan checked about 300K files before being done while my AV (Microsoft Essentials) scans about 1600000 files in a full scan, Essentials didnt do a thing when the virus appeared, should i keep it?


Report •

#3
May 16, 2011 at 19:05:56
One of the malware preventative actions you can take is the following:

The exploitation of Java vulnerabilities probably surpasses every other exploitation category.

Clear your Java cache:
http://www.java.com/en/download/hel...

Make sure you download the latest version of Java Runtime Environment (JRE) Version 6 Update 25:
http://java.com/en/download/inc/win...
Save to the Desktop, but, do not install it yet.

Close any programs you may have running - especially the web browser.
Go to Start > Control Panel double-click on Programs and Features and remove all older versions of Java. (Check any item with Java Runtime Environment (JRE or J2SE) in the name.)
Click the Remove or Change/Remove button.

Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all the older Java components are removed.
Then, go back to your Desktop, and double-click on jre-6u25-…..exe to install the newest version of Java


Report •

Related Solutions

#4
May 17, 2011 at 12:33:09
OK i cleared the cache and installed the new Java, anything else that should be done?

Report •

Ask Question