Viruses and malware

Revision as of 13:46, 12 November 2008 by Petar Mitrevski (talk | contribs)

First question: Is it actually malware?

Rogue program: Antivirus XP 2008!

Watch out for Antivirus XP 2008! This program is wanted for repeated criminal activity - it is not a valid cleaning program - it pretends to be cleaning your system, provides no actual protection, and attempts to scam you into purchasing a full version of it to get its "cleaning feature" (which also provides no real protection). I've heard of instances where people were indeed tricked into buying the program's "full version" for $100. The program has even been known to spread malware through your system, and I am tentatively blaming it for hijacking Firefox's security settings from the inside.

If you see this program on anyone's computer, it consists an eventual security risk and should be removed immediately.

Antivirus XP 2008 is the only name I know it by, but you all are invited to list alternate names and similar malware programs here.


Malware Pack is great as long as it's up-to-date but I find it much more thorough to clean things manually.

  • Back up files & data.
  • Install SAV, update, and do a full scan. Just because nothing is found, doesn't mean that nothing is there.
  • Install Spybot, do a full scan.
  • Install & run HijackThis, save a log file, check the log file against HijackThis.de . If you have the time & courage, look over the entries manually. If you think a filename might be suspicious, google it and look at the number of results returned (in the thousands or the millions?) and website titles for any indication of whether the file is OK.
  • In Windows Explorer, check C:\WINDOWS and C:\WINDOWS\system32 for suspicious files: 1) In Details view, sort files by date modified. Look around the month that the problems started appearing. Generally, only DLL and EXE files are dangerous. 2) Show the Comments and Company Info columns. Malware often has no details entered in here (although they could easily do so). 3) Scan filenames for gibberish or "unprofessional" names. Much malware can be spotted by an obvious filename.
  • Check for rootkits: Sysinternals Rootkit Revealer

That's the max # steps I normally do. If you have more, just add / modify them in. --Hunt, Christopher 09:24, 11 July 2008 (EDT)

More detailed steps for removing malware are available here Generic Instructions for Removing Malicious Software

Powered by MediaWiki