Jump to content
alohaguy53

How to get rid of XP Antivirus?

Recommended Posts

uInternet Settings,ProxyServer = http=127.0.0.1:5577

Warning: possible TDL3 rootkit infection !

Looks like we are dealing with a RootKit infection along with a redirecting proxy server.

I can continue trying to help but as a paid user can contact support.

As a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Share this post


Link to post
Share on other sites

Sure, why not if you don't mind. Also should tell you I was just on the internet...only my yahoo homepage and got another pop-up that looked like a different fals positve as I think you call them which asked if I wanted to download a registry cleaner...is that likely the rootkit?

Share this post


Link to post
Share on other sites

Yes it's fake. That's the proxy server hijacker infection

Open Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:5577 then uncheck "Use a proxy server" and check "Automatically detect settings".

Let me know if that worked

Share this post


Link to post
Share on other sites

Ok, i did that, but there was no reference to 127.0.01:5577. and I didn't see where it said use a proxy server, but I did check "automatically detect settings".

Share this post


Link to post
Share on other sites

Good.

Download Combofix from any of the links below but rename it to Iexplorer.exe before saving it to your desktop. When you click on the link select Save, make sure you use the drop down window to change the default location from My Documents to the desktop location and save as Iexplorer.exe

* IMPORTANT !!! Save Iexplorer.exe to your Desktop

Link 1

Link 2<--Right Click and use Save As if using this link.

Double click on the Iexplorer.exe ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

I downloaded it to my desktop and renamed it iexplore.exe, but when I try to run it, it opens the what program do you want to use to run this? I clicked IE and it won't run.

Share this post


Link to post
Share on other sites

How long are you going to be available? I have a family matter that needs to get taken care of over the next half hour...are you still going to be avaialble?

Share this post


Link to post
Share on other sites

I will be here for another hour.

Then I'll be back on tomorrow morning / evening.

Share this post


Link to post
Share on other sites

ok, i'm back. I started the computer in safe mode and tried to run lexplore.exe, but it is still asking me what program I want to use to run the program.

Share this post


Link to post
Share on other sites

Click Start > Control Panel > open User Accounts.

Create a new user with Administrator rights.

Restart in Normal Mode and login as the new user.

See if MalwareBytes will run under the new user

Share this post


Link to post
Share on other sites

When I click on user Accounts on the control panel I get the message..."c:windows/system32/rundll32.exe Application not found"

Share this post


Link to post
Share on other sites

BTW, when I open windows, there are two accounts listed. Kevin (that's me) and Administrator. Can I use the Administrator to do this.

Share this post


Link to post
Share on other sites

ok, I am restarting the computer in Safe Mode. I've got to tell you I am getting real frustrated. Is this going to work?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.