Virus: XP Security 2011

[Jan Van]

So my eee-pc started yapping last night, some new program found it's way into my systray. XP Security 2011 is it's name, and it keeps telling me I have a stealth intruder. Well stealth it ain't... Keeps nagging me.
Ran the Windows Live online scan, which found a few threats buy XP Security 2011 was still there after reboot. There are quite a few sites saying they have a removal tool but I don't know if I can trust those... Does anybody know of a reputable site that has a good removal tool?  :-[

P.S. I'm using Avast free but that obviously didn't catch it. When I full scan it can't find anything, or it has been corrupted...

[steve]

I hope this helps

malwarebytes can be used for free and has worked for friends of mine that have had that problem.
I personally use a sandbox program (sandboxie) . I also use disk imaging software so I can redo my system in less time than you could make a cup of tea if I encounter any problems.
This is my partial list of my Rules of Computing  (similar to Harry Brownes rules of investing)

Rules of computing
. Do not trust any program
. Use a Sandbox program
. Don’t open email attachments; even if it’s from someone you know. If you do get something from someone you know, make
sure that they really sent it to you. Email attachments are the number one way viruses and trojan horses get into your email.
You might also want to turn off HTML email in Outlook and other programs. HTML emails are just as dangerous as rogue web
sites, and can spread infections just by previewing them. (unless sandboxed)
. Don’t click links in email. That link could lead you to a phishing site, or the link may lead you to install malicious software.
Copy and paste links into your browser, or type them in by hand instead. Another reason to disable HTML email - the HTML
hides the real destination of that seemingly innocuous link. (unless sandboxed)
. Use an antivirus program . A basic free program like AVG works
. Use a firewall. The best firewall is a hardware router - the kind you use to share an internet connection. I also recommend
turning on your operating system’s firewall - even if you have a router - but I don’t recommend third-party software firewalls or
any complete internet security suites. They cause more problems than they solve.
. Don’t download files from places you aren’t absolutely sure are safe. Stick with the well known sites. Teeneagers who use file
sharing software like BitTorrent, Azureus, Kazaa, Morpheus, Grokster, and Limewire, often unwittingly download spyware and
trojans. If you must, quarantine all downloads in your sandbox then scan them a few days later with an updated anti-virus. Or
with online scanners http://virusscan.jotti.org/en or http://www.virustotal.com/
When using a public computer, it is important to safeguard personal information. For this reason, never leave a public computer
until you have made sure to log out of whatever website that you visited. Just closing the browser window does not suffice,
as the website can still retain the login information. Also, to further ensure privacy, never enter credit card or other financial
information into a public computer. As a last safety rule, be sure to clear your browsing history right before you leave the public
computer
. Do not forget the physical If you have a laptop and keep sensitive information on it what would you do if it were stolen
. You could encrypt you data or drives with http://www.truecrypt.org/ and for the paranoid you could do this on all your computers
. If you have a wireless network at home learn to secure it
. Nothing can protect you from yourself most problems arise from a users mistake, get educated
Follow common sense this partial list should get you off to a good start

[LNGTERMER]

jmourik, my PC also got the same virus and was wondering about options and solutions. I use Mcafee for my Firewall and malware  detection but does not even detect this. Steve thanks for the info.

[Storm]

I would recommend running Microsoft Security Essentials, if you must run a Windows PC.  It is a free Antivirus software from Microsoft (free to anyone running a genuine -not pirated- copy of Windows) and works as well or better than the ones that charge (ahem... McAfee, Norton, etc).

Also, if you have Windows Vista or 7 use the built in Windows Defender anti-spyware and keep it up to date.  It is also free.

One of the most insidious things lately are antivirus software that is actually a Virus, which it sounds like you got.  You go to a website and get a pop-up message that looks official, like a Windows error, warning you that you have a virus.  Then, if you click to remove it, or scan, it actually infects you, then they try to charge you money to remove it.  It's basically extortion-ware.

I highly recommend using an alternative browser such as Google Chrome, Mozilla Firefox, or Apple Safari.  These browsers are less likely to be infected than Internet Explorer because they are not as widely used.

[Jan Van]

Thanks guys...

Yeah, I use Chrome. Firewall is on (not after the infection though). Explorer seems to be infected too. Windows Defender says it can't find anything, Avast scan says it can't find anything...
When I get home I'll give malwarebytes a shot and keep my fingers crossed!
Wish I could Chrome OS on it :-)

[LNGTERMER]

steve, thanks, I just used malwarebytes to clean up my PC and it worked. Thanks that was a great help. I think I wasted my money on the firewall S/W I purchased, it would not even detect the intruding malware.

[Jan Van]

Steve, thanks from me too :-) Looks like Malwarebytes worked! I had to rename the installer file because originally it did not want to start, but after that it took off!
Would a program like Malwarebytes be a substitute for Avast or AVG? Or an addendum? I'm wondering if I should purchase it to replace the Avast free version I'm currently using, because that one didn't help me here...

Thanks again!

[steve]

Steve, thanks from me too :-) Looks like Malwarebytes worked! I had to rename the installer file because originally it did not want to start, but after that it took off!
Would a program like Malwarebytes be a substitute for Avast or AVG? Or an addendum? I'm wondering if I should purchase it to replace the Avast free version I'm currently using, because that one didn't help me here...

Thanks again!

I personally would not buy malwarebytes as a replacement, the free version should be ok, That being said everyones needs are different and everyone has different levels of computer skill. I think everyone needs a computer recovery strategy. Look into disk imaging programs like http://www.acronis.com/homecomputing/pr ... trueimage/
  My recommendation based on the hardware that is out today and what comes with the program is the Acronis true image program, the reasons are it is user friendly and the boot or recovery disk that it makes has more options. It will allow you to back up a partition or create an image when you boot with the recovery disk.  The Acronis software has many backup options and could be a one stop solution it also has a try and decide feature which is really a sandbox and seems to be making more advances and heading in the right direction.
Some commercial software for cloning and imaging
http://www.acronis.com/homecomputing/pr ... trueimage/    
http://www.symantec.com/norton/ghost
Some free options:
http://www.macrium.com/ReflectFree.asp
http://www.clonezilla.org/
http://www.dubaron.com/diskima  

I use and recommend the sandboxie program for friends and people I help with computer issues, the sandbox prevents anything from getting in. http://www.sandboxie.com/

I am a certified computer and network tech among many other things although I am retired and try not to work

[MediumTex]

Steve,

Thanks for the expert advice.

Are you familiar with Maxa Cookie Manager?

It looks like a good program.

[steve]

Steve,

Thanks for the expert advice.

Are you familiar with Maxa Cookie Manager?

It looks like a good program.

I am not familiar with the Maxa cookie manager program. I manage cookies to some extent with a program called Crap Cleaner that also has some other cleaning utilities. It is free and can be downloaded from http://www.piriform.com/ccleaner/download  If you choose to use this program when you install it uncheck the install toolbar option, In the options section I include the path to delete the flash cookies that are in my sandbox
C:\Sandbox\Steve\DefaultBox\user\current\Application Data\Macromedia\Flash Player\#SharedObjects\
and I select what cookies I want to keep. Another free program to clean the flash cookies is
http://www.flashcookiecleaner.com/  I used to do all of this manually including making batch files to delete the index.dat files on startup that windows would not let you delete, but I found crap cleaner years ago and it has been one of my must have utilities.

[l82start]

Steve (or anyone else with experience) what would you say the best free virus software is? i am about to switch over from a payed virus protection when the trial period runs out.

[steve]

Steve (or anyone else with experience) what would you say the best free virus software is? i am about to switch over from a payed virus protection when the trial period runs out.

I really can't say what is the best, Things change just when you really like something they come up with some update or upgrade that has something annoying. I think AVG is ok but not sure if it is really the best. The program I like the most is Clam antivirus  http://www.clamav.net/lang/en/about/win32/  however Clam does not have real time scanning, you manually have to scan your files, I like this because It is small and non intrusiive as far as software goes and it does not use computer resources. I would recommend Clam if you are an advanced computer user and know what and when to scan. I am not a typical computer user, I have a different philosophy that goes against allot of what is said for example: I do not believe in updating windows like most computer security people will tell you to do
This is from a private newsletter that I wrote a while back
Why update Windows?
The operating system of your computer is fundamentally made up of many lines of programming code. In the case of Windows Vista, for example, there are about fifty million lines of code. When typing these 50,000,000 lines, errors are inevitably made. These errors are abused by malicious people, who try to make money exploiting the vulnerabilities created by the mistakes in the software. They want to use your computer to send spam; they try to steal your passwords in order to take over your identity and order expensive items with your information. Very unpleasant, but something can be done. We can make the computer less vulnerable to these attacks by ensuring that as few errors as possible exist in the software. In order to repair these errors, the software makers regularly put updates on the market. These updates must be installed on your computer so that parts of the code can be replaced with better and safer codes. On the surface this makes sense however looking at it another way these malicious people who are exploiting the vulnerabilities in your operating system or programs must first gain access to them. They can not exploit what they can not get at. This is where I start my line of defense. Often times one update fixes one error and adds others. A better way is not to let anything enter the system. Or I like the way the program Sandboxie works. Sandboxie lets everything in, but to a secure area called a sandbox where it can just be flushed out. http://www.sandboxie.com/ Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. There are other programs that create a sandbox on you computer but this works as good as any. My feeling is if the Microsoft really cared about keeping a computer secure your Windows computer would have this ability. They train uses to keep up with the latest updates and the newest software. They want you to chase after what they call the latest and greatest., For all they care you could just throw out your computer that works fine just to buy a new one, funny thing after you install all of windows updates your computer will probably be so slow you will need a new one and of course what things that you have invested in and work fine, like maybe a TV tuner or a printer may no longer work or be supported.

[foglifter]

My 2 cents:

- create 2 accounts: admin (full permissions) and user (limited). Win 7 allows you to work under a limited user and still be able to install application if needed - you'll be required to enter your admin username and password in a pop -up window.
- I may sound paranoid, but I wouldn't use Chrome - I don't need more exposure to the Big Brother named Google.
- Firefox has an excellent add-on called NoScript which allows you to select what scripts you want to run

[Storm]

The best free antivirus, in my opinion, is Microsoft Security Essentials.  It's free to all legitimate users of Windows (google for it and download it from Microsoft directly), and it doesn't have any popup nag screens, and updates signatures automatically, so you should never be out of date.

In the past I've used AVG, Avira, and ClamAV.  They work, however AVG slows down your computer a lot and has many false positives, Avira pops up a nag screen every time your computer boots asking you for money, and ClamAV doesn't have a real time scanner.

[l82start]

 thanks for all the great advice, i did a little looking around on the internet and AVG seems to be getting best professional review's, so i went with AVG as my main anti virus and hit man pro as a fast light weight program to run a double check.. so far its not slowing my system down but if it starts to i may rethink things.
 i also looked into sandboxie and i love the idea, i have installed it to play around with, it is easy to use and not giving me any glitches, its a very cool way to approach protecting a computer...
 between these programs and running no script and add blocker in my browser i am undoubtedly well in to the realm of overkill now..

[steve]

 thanks for all the great advice, i did a little looking around on the internet and AVG seems to be getting best professional review's, so i went with AVG as my main anti virus and hit man pro as a fast light weight program to run a double check.. so far its not slowing my system down but if it starts to i may rethink things.
 i also looked into sandboxie and i love the idea, i have installed it to play around with, it is easy to use and not giving me any glitches, its a very cool way to approach protecting a computer...
 between these programs and running no script and add blocker in my browser i am undoubtedly well in to the realm of overkill now..

I would say you need one more thing for protection and that is some sort of GHOST program (General Hardware-Oriented System Transfer (GHOST) Some commercial software for cloning and imaging http://www.acronis.com/homecomputing/pr ... trueimage/
http://www.symantec.com/norton/ghost the acronis program has its own version of a sandbox program included

[l82start]

i have an external drive ready and waiting for me to get around to making my back ups, i don't have a quality ghost program to use yet, do you know how CloneZilla and some of the other free programs compare to the two you have named? 

[steve]

I am such an old time ghost user back from the DOS days, I have used it hundreds of times and am more familiar with it than any of the other programs, In fact I still use it from my own custom made boot disks without it even being installed on my computer.
I really cant say how they (the free programs) are compared to ghost. But Im sure they are good once you get used to them.

These are some free cloning and imaging programs and you have nothing to lose by trying the free program and see if you like any.
http://dubaron.com/diskimage/
http://www.macrium.com/ReflectFree.asp
http://www.clonezilla.org/