It's been a long night!

I was surfing the web, came across a webpage that had the XP-Antivirus (Virus).

If you havn't had this virus yet, trust me it's one you don't want!

It's a ransom virus, it keeps hammering the heck out of your PC until you buy software to remove the virus (Scam).

Well I got some good news, after hours of scouring my PC, I found out how to get rid of the SOB!, without any other software.

I'll post more of how I saved my sanity, tomorrow, I gotta get some sleep, I'm not looking forward to the alarm at 5:00 AM. :(

Anyone else that has had the virus, please post...



.

Sometimes I have manually killed off a virus, worm or trojan. My general procedure is try an antivirus software first of all. But suppose that does not work.

Well, then empty all temporary internet files as some bad stuff seems to want to lurk there.

Check the Startup folder to see if there is anything suspect in there that will run when windows starts up. Delete that. You may need to change your explorer view to reveal hidden files, and to show file extensions to really see everything on the drive. I do this always by default, because I don't want windows to dumb down my computer for me.

Clean out the temp folder under your username/local settings. Clean all of them if there is more than one user on the machine. There may be the odd file in there that windows is using and may not be deletable, but that is typical. You can probably look those up to see what they are.

Run task manager and read the list of processes. Compare this to a similar uninfected computer. You can use the uninfected machine to browse the internet looking up the names of some of the processes that you may not be familiar with. You don't want to kill off any essentials. Try to kill the offending processes in task manager. Keep watching to see if they come back in and start up again.

A virus scan may detect some infected files, but they may not be deletable if in use by the virus. Write down the names of these files.

Reboot in safe mode and open the registry and search for these infected file references in the registry. Delete them and also check to see if the files are where they are reported to be and delete them.

Try to reboot normally. Immediately open task manager and check the list of processes to see if the bad one(s) come back.

That's the hard way :) Maybe I'm lucky, but I've never hosed a windows registry yet by editing it, but I'm careful about what I do in there. If you've got a virus, there is no use setting a restore point before you edit the registry, but perhaps it would be worth a last ditch effort to restore to an earlier time when you think your computer was clean.

Or unplug everything, take the cpu down to your local computer whiz, pay the invoice when they give it back to you clean.

That's the easy way (for us technically incompetent Luddites).

I had this one recently, I used Malwarebytes' Anti-Malware and also Smitfraud fix, this got rid of the problem, I don't have any links but they should be easy enough to find.

I got the links by trolling PC forums, using my uninfected linux PC which also happens to run my router :D

Russell.

I got this one on both my daughter's and my computer. On my daughter's, I ended up using the restore function that Compaq had on it. On mine.....oh my what a frustrating couple of weeks. It disabled my anti-virus (couldn't get any updates), It disabled internet explorer and outlook express. I thought I would try to upgrade ie and outlook express to the latest version, but after doing that my desktop would come up with a blank screen. Luckily, I could go to my daughter's machine and copy over the important files that I needed through the network. I tried the Windows restore function, what a joke. Didn't work worth a crap. I got so pissed off at Microsoft that I put Linux Ubuntu on for a couple of weeks. That was until I couldn't get any on my cad or cam programs to work, so XP went back on (I really hated doing that).

jgro

SWITCHER! You TEASE!! Where's the 'How-TO"?

"Well I got some good news, after hours of scouring my PC, I found out how to get rid of the SOB!, without any other software. "I'll post more of how I saved my sanity, tomorrow, I gotta get some sleep, I'm not looking forward to the alarm at 5:00 AM. "

Suppose you're at work - so waiting to hear HOW you Killed that B@ST@RD!
:cheers: Jim

Here is the link for the program you need.

http://www.malwarebytes.org/mbam.php

Good computing
Bob

I got so pissed off at Microsoft that I put Linux Ubuntu on for a couple of weeks. That was until I couldn't get any on my cad or cam programs to work, so XP went back on (I really hated doing that).

jgro

I know what you mean, I tried to get DeskCNC to work on my router linux box using WINE with no luck, apparently V Carve will work but I don't have a copy of that to try (not yet, saving for it :))



SWITCHER! You TEASE!! Where's the 'How-TO"?

Suppose you're at work - so waiting to hear HOW you Killed that B@ST@RD!
:cheers: Jim

Maybe the virus came back and is now holding him hostage in his house so he cannot let the world know how to eradicate it...

Or maybe he is just busy :D

Russell.

Yes the virus came back (nuts) .

Anyway I think I got rid of it this time (fingers crossed).

1) Went to "C:\Program Files" on my PC, sorted everything by date, I did this because I knew I hadn't installed anything on my PC that specific day (same day I got the virus).

2) Look for & delete any file names that include j0e

Examples:

A) blphcv76j0e76a.scr

B) lphcv76j0e76a.exe

C) phcv76j0e76a.bmp

3) Got on the net, & downloaded mbam (http://www.malwarebytes.org/mbam.php) like blackbeard52 suggested, that cleaned up everything. I did the basic scan, then the whole PC scan, each time reboot the PC, cleared all my browser history.

The only way I could get mbam to download from the net was from another PC, put the install file on a thumb drive, then install mbam onto the virus PC.

On the virus PC I couldn't download anything from the net at all (IE & Firefox).



Here is the tip of the day, If you really value your PC, download mbam NOW! Don't wait until you get the XPantivirus (virus), on my PC it was blocking any & all downloads, it disabled Windows Update, it wouldn't let my browsers load the Windows Update site at all (I tried to add the Windows Update site to my trusted sites list, didn't work). I wanted to see If I could delete my browser then reinstall (didn't work).

I also did a lot of registry edits, the virus changed settings on 1/2 my PC (Ughhh...).

After all this mess, so far everything is running good.


.

Switcher

I have removed a lot of this virus from users computers. there are several versions of the same virus. Malwarebytes mbam is the tool to do it....it should not reinfect but if it does just run it again... of course update it before the scan so it will detect and remove new stuff.... Good luck and glad it worked. Cant have our DXF guru down after all!!!


Bob

blackbeard52,

Thanks for the help. :)

Maybe now, I can get a few more DXF files posted. ;)


.