Need help resolving possible XP malware issue

[cbrookhart]

Yesterday evening, I was using Internet Explorer (8) to look at MySpace. My computer has typically been slow when accessing that site. I was trying to scroll to the top of the page, but Internet Explorer was taking a long time to process that scroll command. I'm not sure if I either closed the browser window or if it crashed, but all the sudden "XP Security Tools" launched on it's own and started scanning the harddrive. By the time it was done, it found 36 issues which included worms and trojans.

In terms of firewall software, in the past, I had Norton Personal Firewall (along with Norton Anit-Virus). Those products were the older versions, and eventually support for them ran out. At some point, the Windows Firewall application decided to turn itself off and then became disabled. Attempts to open the Windows Firewall resulted in XP Security Tools opening. It seems that I have to pay to remove these infections. What I am concerned about is that XP Security Tools may be giving me false information in order to make me pay for a subscription. I don't see how between accessing MySpace, Facebook, and other known sites, that my computer could have picked up all this stuff that Security Tools is identifying.

I managed to update Spybot Search and Destroy and ran the scanner. A few issues were identified and I fixed those issues. My computer is now at the point where I can't launch InternetExplorer without getting a warning from XP Security Tools. I left my computer on overnight and kept hearing "popping sounds" like applications in the system tray opening and closing or XP notification bubbles showing on the desktop. I've since turned the computer off and have left it off.

So, what is this XP Security Tools -- is that part of the Windows Updates that have included Windows Malicious Software Removal Tool? There doesn't seem to be a way to turn off the security tools because all the settings are greyed out.

[Snowl]

no, its a virus.

scan it with avg to get rid of those viruses.

[speedstr3789]

actually, use malwarebytes

[Jon @ JPG]

Use Combofix from bleepingcomputer. Run this then run Malwarebytes. Download ATF cleaner and let it run. It will act like it is not responding but it is working, so wait. Just let it run and it will clean out your temp files. Download ccleaner and then let that run. be careful as it can remove thing that you dont want to remove. Delete all of your restore points as it is a big place for your virus to hide as it is protected. Post back and let me know how that goes.

[Buzz99]

use Microsoft security essentials. If I remember, comboFix does not work on X64.

[Joel]

  On 19/03/2010 at 10:48, Buzz99 said:

use Microsoft security essentials. If I remember, comboFix does not work on X64.

Who mentioned any x64 OS?

[Buzz99]

  On 19/03/2010 at 10:50, Joel said:

Who mentioned any x64 OS?

just FYI, don't panic ! LOL

[Phenom II]

XP Security Tools - is the virus, do not pay for anything.

Follow these instructions for removal. Then run Malwarebytes Anti-Malware, and if you have Avast Anti-Virus installed, Run a "Boot Scan" after.

-----------

For XP

1. Boot in safe mode (F8 at POST screen)

2. Click start > Run > type msconfig and press enter > click the

startup Tab and untick everything apart from the Anti-Virus > Press ok and

close that, but don't restart yet

3. Click start > Computer > Tools > Folder options > View Tab > Show

hidden files and folders

4. Click C:\ > Documents and Settings > "Account users name" > Local Settings >

Temp > and select all (Ctrl + A) and delete all (Shift and Del) (Do this for

each account holder folder (Account users name)

5. Click start > C:\>Windows > Temp > Select all > Delete

6. Click start > C:\>Windows > Prefetch > Select all > Delete

7. (Internet Explorer 7 + 8) Open IE > Click Tools > Options >

Advanced Tab > Reset and Check the "Delete personal settings" tick box

8. Click start > Run, type in regedit, press enter, navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

and delete all entries in the right pane apart from the Anti-Virus, Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE" and to "HKEY_CURRENT_USER\Software"

look down the list for the XP security Tools and delete any entries, close regedit, Reboot

For Vista and 7

1. Boot in safe mode (F8 at POST screen)

2. Click start > Run > type msconfig and press enter > click the

startup Tab and untick everything apart from the Anti-Virus > Press ok and

close that, but don't restart yet

3. Click start > Computer > Organise > Folder and Search Options >

View Tab > Show hidden files and folders (For Vista it may be the same menu

as XP, I don't have a Vista machine to check)

4. Click C:\ > Users > "Account users name" > AppData > Local > Temp >

and select all (Ctrl + A) and delete all (Shift and Del) (Do this for each

account holder folder (Account users name)

5. Click start > C:\>Windows > Temp > Select all > Delete

6. Click start > C:\>Windows > Prefetch > Select all > Delete

7. (Internet Explorer 7 + 8) Open IE > Click Tools > Options >

Advanced Tab > Reset and Check the "Delete personal settings" tick box

8. Click start > Run, type in regedit, press enter, navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

and delete all entries in the right pane apart from the Anti-Virus, Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE" and to "HKEY_CURRENT_USER\Software"

look down the list for the XP security Tools and delete any entries, close regedit, Reboot

[ilev]

XP Security Tools is not a real anti-virus but a fake ransom application :

Remove Fake Antivirus : http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html (portable)

Windows ?Antivirus? to Avoid at All Costs : http://news.softpedia.com/news/114-Windows-Antivirus-to-Avoid-at-All-Costs-130245.shtml

Microsoft has put together a list containing no less than 114 AV rogues which are detected by the company?s antivirus products, including Microsoft Security Essentials, Forefront Client Security, etc. It is important to note that the list contains only the official label provided by the software giant. Each of the items featured below come in a variety of packages and under a plethora of brands, which actually makes the number of fake antivirus in the wild much larger

[soldier1st]

xp security tools is malware, use malwarebytes and superantispyware to remove it.

[zyfse]

Hi! You are using IE 8, first please go to the advance tab of internet options, then to do the reset for IE 8, meanwhile, download a freeware "spyhunter" to scan you computer.

[soldier1st]

no do not download spyhunter it is malware i know i have tested it.

[cbrookhart]

Phenom II: I followed the steps you listed, and I think "XP Security Tools" is gone. I didn't see it listed in in the registry under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

or "HKEY_LOCAL_MACHINE\SOFTWARE" and to "HKEY_CURRENT_USER\Software"