My computer contracted the XP anti-virus virus a few days ago. Which was immensely frustrating. Neither Mcafee, Avira, or Avast would pick it up, and I was too much of a chicken to delete the program files and remove it manually. However, I did plug in a registry code I found online, and it left me alone. Shortly after, Avast found a virus and fixed it. But now my computer won't let me open any programs, or anything on my control panel. Which is worrying. Any ideas what happened/what to do?

Any help would be greatly appreciated. :)

Recommended Answers

All 9 Replies

Doing a registry edit certainly didn't remove this infection and anti-virus programs are NOT going to remove this, it is a Trojan. They are not usually configured to do so.

What was the name of this "virus" found by Avast?

Try these steps, you will need a Clean computer in order to download this file, put it on either a flash drive or a CD and then take it to the infected computer.

http://download.bleepingcomputer.com/reg/FixNCR.reg

Once that file is downloaded and saved on the flash drive or the cd, insert that into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.

After that do the following:
Download rkill to the desktop of the infected computer.
http://www.bleepingcomputer.com/download/anti-virus/rkill
When at the download page, scroll down and click on the click on the link labeled eXplorer.exe download link . When you are prompted where to save it, please save it on your desktop.
Double-click on the eXplorer.exe icon in order to automatically attempt to stop any processes associated with XP Anti-Virus 2011.
When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by XP Anti-Virus 2011
If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate XP Anti-Virus 2011
So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the steps. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead.

http://www.bleepingcomputer.com/download/anti-virus/rkill

Do not reboot your computer after running RKill as the malware programs will start again.

Next follow these instructions:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version if one is available. There are always new updates to the definitions.
* Once the program has loaded, select Perform full scan, then choose the drive(s) then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected if malware is found.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily.The log can be retrieved by opening up MBAM and clicking on the Logs Tab at the top of the program .

Reboot the computer
>>>VERY IMPORTANT.

Post back here with the MBA-M log.

My computer contracted the XP anti-virus virus a few days ago. Which was immensely frustrating. Neither Mcafee, Avira, or Avast would pick it up, and I was too much of a chicken to delete the program files and remove it manually. However, I did plug in a registry code I found online, and it left me alone. Shortly after, Avast found a virus and fixed it. But now my computer won't let me open any programs, or anything on my control panel. Which is worrying. Any ideas what happened/what to do?

Any help would be greatly appreciated. :)

I have removed a similar named threat several times and in each case the damage was primarily limited to the user profile. The issue with the file association is the fix is to edit the user hive which is a problem if .exe is un-associated. A simple fix is to create a new test profile to test the theory, if so, rename your existing profile, create a new one using the same name, and manually import the files, paying very careful attention to not import any remnants of the original threat, then delete the original profile.

Good luck

I have removed a similar named threat several times and in each case the damage was primarily limited to the user profile. The issue with the file association is the fix is to edit the user hive which is a problem if .exe is un-associated. A simple fix is to create a new test profile to test the theory, if so, rename your existing profile, create a new one using the same name, and manually import the files, paying very careful attention to not import any remnants of the original threat, then delete the original profile.

Good luck

This does not remove the infection, it just puts a bandaid on the immediate problem.

Click to Expand / Collapse Quote originally posted by VonPitter ...
I have removed a similar named threat several times and in each case the damage was primarily limited to the user profile. The issue with the file association is the fix is to edit the user hive which is a problem if .exe is un-associated. A simple fix is to create a new test profile to test the theory, if so, rename your existing profile, create a new one using the same name, and manually import the files, paying very careful attention to not import any remnants of the original threat, then delete the original profile.

Good luck This does not remove the infection, it just puts a bandaid on the immediate problem.

I am not sure how you pointing out the obvious adds any value to this thread. If you take the time to re-read the post snoble asked the following:

Avast found a virus and fixed it...Any ideas what happened/what to do?

So the post isn't about removing the threat it's about fixing his PC. Determining if the problem is user profile isolated is an easy and fast fix.

Guys like you are more interested in appearing capable than actually helping.


Guys like you are more interested in appearing capable than actually helping.

And if you want to pull your head out of your butt, Avast finding A virus, is different from removing XP AntiVirus.
And as for your remark about my capability, I'll let my record here and elsewhere speak for itself.
If you continue to post personal comments, your post will be reported.

And if you want to pull your head out of your butt, Avast finding A virus, is different from removing XP AntiVirus.
And as for your remark about my capability, I'll let my record here and elsewhere speak for itself.
If you continue to post personal comments, your post will be reported.

I thought this thread was supposed to be dedicated to helping out another member, but unfortunately it would appear that you're too interested in trying to prove yourself correct. Just because you don’t see the value in my recommendation doesn’t mean there isn’t value in it. As for reporting me well you go ahead and do whatever you need to do, quite frankly I find your aggressive manner and lewd comments much more offensive.

I did not say your post had no value. Read it again.

I partially agree with Vonpitter. Its also seems to me that ego driven, I'm right first feeling, comments dominate this forum. I've just recently received a private message for not following the rules and scanning logs before offering my advice, yet my advice was sound.

And Then I see the same thing being done by the messenger that I was warned for.

Its also seems to me that ego driven, I'm right first feeling, comments dominate this forum.

If someone is wrong, they need to be told. After all, it's not your computer that can suffer the possible consequences.
If you have nothing of value to add for the OP, please refrain from posting.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.