Jump to content

XP Internet Security Not Completely removed?

Baldy51
 Share

Recommended Posts

Baldy51

Baldy51

Posted
Posted

Hi,

I somehow became infected with XP Internet Security. After finding instructions online I was able to block it with rkill.com enough for Malwarebytes to run, and it found and removed the infection, with a number of options required to delete on restart. On restart I ran another quick scan only to find there were still 68 infected files. It is not coming up with any popups though and firewall, av access seems to have been restored. Can anyone help me make sure this is fully removed without wiping the system?! Attached are my first log to clarify what the initial problem was and my most recent log after Malwarebytes and a Virus Scan (CA Antivirus) have run but items are still being found.

Cheers

Rory

mbam_log_2010_03_06__21_15_33_.txt

mbam_log_2010_03_09__21_15_30_.txt

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

It's actually your CA causing misdetections in Malwarebytes because it locks certain folders etc.. This also affects other scanners, for example, if you would run a rootkitscanner, it will display a lot of folders being "hidden" while they are not hidden at all.

I think it's the CA HIPs feature causing this. Since CA doesn't run in Windows safe mode, I'm sure, if you would scan with Malwarebytes, that it won't find these extra detections anymore.

Mind to test this out?

Link to post
Share on other sites
Baldy51

Baldy51

Posted
  • Author
Posted
Hi,

It's actually your CA causing misdetections in Malwarebytes because it locks certain folders etc.. This also affects other scanners, for example, if you would run a rootkitscanner, it will display a lot of folders being "hidden" while they are not hidden at all.

I think it's the CA HIPs feature causing this. Since CA doesn't run in Windows safe mode, I'm sure, if you would scan with Malwarebytes, that it won't find these extra detections anymore.

Mind to test this out?

Hello

I ran Malwarebytes in safe mode (you are correct CA does not run there), and it came up empty as you suggested! (logfile attached)

While I can only assume this means the machine is actually clean, is there any way to stop CA causing these misdetections by Malwarebytes (other than getting rid of it!)

mbam_log_2010_03_10__13_52_47_.txt

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted
is there any way to stop CA causing these misdetections by Malwarebytes
Unfortunately I don't know the CA configurations, but I guess that, if you disable CA (maybe there's a disable all option when you rightclick the CA icon in system tray or something similar) and then perform a scan with malwarebytes it won't have any misreads either. However, I cannot guarantee this, because I know that some CA components keep active even though you disabled the protection/scan.

Anyway, If that works, then just disable the CA during a malwarebytes scan (you'll also notice that the mbam scan will be faster if you CA is disabled) and enable again when mbam has finished the scan.

If it's still causing misdetections, then, if you want to scan with malwarebytes, you can scan with it from Windows safe mode.

Link to post
Share on other sites
Baldy51

Baldy51

Posted
  • Author
Posted
Unfortunately I don't know the CA configurations, but I guess that, if you disable CA (maybe there's a disable all option when you rightclick the CA icon in system tray or something similar) and then perform a scan with malwarebytes it won't have any misreads either. However, I cannot guarantee this, because I know that some CA components keep active even though you disabled the protection/scan.

Anyway, If that works, then just disable the CA during a malwarebytes scan (you'll also notice that the mbam scan will be faster if you CA is disabled) and enable again when mbam has finished the scan.

If it's still causing misdetections, then, if you want to scan with malwarebytes, you can scan with it from Windows safe mode.

Thank you very much for all your help!

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept