Jump to content
alohaguy53

How to get rid of XP Antivirus?

Recommended Posts

The infection you have has messed up the file assoications.

I'm hoping it's just in your user account and not the administrator account.

If the admin account works, we'll have a good chance of fixing it.

Share this post


Link to post
Share on other sites

Download it while using the admin account

Download Combofix from any of the links below but rename it to Iexplorer.exe before saving it to your desktop. When you click on the link select Save, make sure you use the drop down window to change the default location from My Documents to the desktop location and save as Iexplorer.exe

* IMPORTANT !!! Save Iexplorer.exe to your Desktop

Link 1

Link 2<--Right Click and use Save As if using this link.

Double click on the Iexplorer.exe ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

it is downloaded and I am about to run it, but I get a message...16bit MS-DOS Subsystem C:Document1/Admini\desktop\lexploer1.exe The NTVDM CPU has encountered an illegal instruction. CS:0dd5 IP:0420 OP:65 2e 63 6f 6d Choose 'Close' to terminate application then...Close or Ignore. What do I do?

Share this post


Link to post
Share on other sites

Ok...there are dashes bouncing around the black box...does this mean it is working? Is it going to do this for 30 minutes?

Share this post


Link to post
Share on other sites

Yes that means it's working.

You should start seeing stages

It might take longer than 30 mins. It just depends on the infection

Share this post


Link to post
Share on other sites

It's scanning for infections like a anti-virus / malware scanner does.

It will go to stage 50 and restart your computer in Normal Mode and should produce a log for you to post.

I'm already hoem but only suppose to work until 6:30pm CDT. It's 7 now, but don't worry about that right now.

Share this post


Link to post
Share on other sites

ok...appreciate it. I am writing on my wife's laptop while mine runs the program. Her HP has a chiclet keypad and I hate the thing. Can't type worth a darn on it. So was it worth it for me to buy the full Malwarebytes program if this sort of stuff happens. And just for your info, I don't surf porn or what I would consider risky sites. I try to stay mainstream and yet this stuff still happens.

Share this post


Link to post
Share on other sites

I'll assume you also have a good anti-virus program as well, but IMO MalwareBytes is the best anti-malware program out there.

As you know the database gets updated 3-4 times daily. You can't get ahead of the bad guys because you can't block the new infections until they're found.

There are some real bad guys that will kill the pc and it won't even boot. Only thing you can do is reformat.

You just have to be visiting an infected website and you can get infected. Those are called drive-by infections.

It's always a good idea to have your important data backed up on a external device such as a stand alone external hard drive.

I have an external hard drive and 2 spare hard drives. The sapre hard drives have an image of the drive I'm using now.

I create a new image on those every couple weeks.

Share this post


Link to post
Share on other sites

Dashes still bouncing around the black box. I have everything backed up on a external hard drive. Don't really understand what you said about an image of what you are doing now though.

Share this post


Link to post
Share on other sites

Did you disable AVG?

It should be in the taskbar, bottom right by the clock.

Right click on the AVG icon and disable it

Share this post


Link to post
Share on other sites

It combofix showing any Stages or just the dotting lines?

Are the dotted lines increasing?

Share this post


Link to post
Share on other sites

it also never showed any boxes asking about the Windows Recovery Console...just started with the dashes bouncing around.

Share this post


Link to post
Share on other sites

I think it's hung up then.

Try closing it and then try creating a new user account.

Share this post


Link to post
Share on other sites

Start Task Manager

To start Task Manager, take any of the following actions:

Press CTRL+ALT+DELETE, and then click Task Manager.

End the task for combofix or any of these:

* Any process with cfexe file extensions

* FindStr.exe

* Regsvr32.exe

See if that stops it

Share this post


Link to post
Share on other sites

I just creaated an Adminstrator2 account...it says it is loading the settings now...we'll see if it actually does.

Share this post


Link to post
Share on other sites

I just creaated an Adminstrator2 account...it says it is loading the settings now...we'll see if it actually does.

You starting in Safe or Normal mode?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.