I just infected my micro, when, inadvertently opened a file that was XP SECURITY 2011 virus. I did try to run Avast, but, after some time, it appears to freeze. I could identify the virus ( DBF.EXE ), but I am not sure if it self installed in other places.
How is the safe method to kill it?
In time, I can not run any *.exe. How can I restore this ability?
Hi there - It just so happens we have a nifty tool to play with - do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run roguekiller again
[]Quit all running programs
[]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 1 and validate
[]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
THEN
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
Easier then that. Download rkill but rename it prior to downloading. Rename it to some random name. Then download MalwareBytes AntiMalware. Run rkill and when its done install MalwareBytes,update and run a full scan.
Yes, Rkill killed the XP SECURITY 2011 virus. At least, appears to. I renamed it as teste.com and I could run it under Windows XP infected. With name rkill.com, I couldn’t.
I did the full scan with Malwarebytes, as you advised, and hundreds of malwares were detected and killed also. Most were from the same source. But, one, named grpconv.exe was found the system32 folder.
After this process, my Windows didn’t open any *.exe program, complaining that didn’t know how to open rundll32.exe. After googling a little, I found a program “exefix_xp.com” that fixed this issue instantly.
Looks like that now all is ok.
Thank you very much and to Essexboy also, for your kind support.
Your welcome. Its a good idea to keep rkill and the MalwareBytes install on a usb drive. That way there if you need them ever again your all set. You can rename rkill to something like “abc123.exe”.
Although this is solved I would like to add additional information. I had a computer infected with this so bad all exe files and Internet Explorer were both down.
Now there IS a way too run your .exe files, Run them as administer if trying to open the regularly doesn’t work.
I’m just sharing this information for anyone who may search for help regarding this infection. (Google brought me here upon searching for xp security 2011 removal)
A friend of mine just came over for help on this very issue. I can’t even get his laptop to read my usb with a malware removal tool. And I’m leery of it connecting thru my own home network. What to do?
[*]Download OTLPEStd.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop. Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
I forgot to mention that I got to run rkill several times in administrator safe mode but when I got back to the regular user the infection was still there. MBAM worked a bit (just detected a handful of malware) . Didnt get a chance to try rogue killer though.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Most of today’s malware writers know what MBAM is. So its best to uninstall it and then download a new version but rename the installer to a random name like xzy123.exe or what ever you want. You did not use rkill the way it was meant to be used. Malware is dormant in safe mode so using rkill is worthless. Rkill is used to terminate malicious processes in real time so you can run a scan or delete the malware. rkill will also produce a log telling you were the malware is hidden. Also keep in mind that rkill lately has had daily changes so you need to download the latest version. Hitman Pro is also another great free on demand scanner. Also that file MBAM detected was in your system restore folder. Make a new system restore point and delete your old ones. Run disk cleaner to do this.
Yes use Hitman pro - it will kill everything including the system One I am currently trying to recover
Had the google redirect virus on wifes computer, it's an ASUS laptop running Windows 7 64bit. Did a little research and someone recommended Hitman Pro to remove it. After using Hitman and restarting the computer it will not boot. I've read through here a bit and others seem to have had some similar issues and I've tried a limited amount of things. I attempted using an old restore point, but it wouldn't apply correctly. I tried the "automatic repair" option from the advanced boot menu and from my recovery CD, and it says unable to determine why system won't boot and it can't fix it. Right now I have made the OTLPE boot CD and am running that on the computer to back up files. I also ran the custom scan
[]Quit all running programs
[]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 2 and validate
[]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
Well my friend has decided to send the laptop back to his “friend” who bought it for him. >:( Thanks for all the help. If it were my own computer I’d persist. But FWIW here are the last 2 scan reports . They appear clean? I suspect there is something else wrong with his system,a corrupted OS? So please close this thread . MAny thanks again.
I suspect that the problem was within that user account and until it is run the registry hive is inert and none of my tools look at inert hives (apart from OTLPE)
Thank u so MUCH 4 your advice, it worked really well and im so happy because i was going to pay a computer repair man $60 to fix it…luckily my friend sent me the link to this forum.
hello i’m not that computer literate. i have this xp security bug. i’ve followed deiselmans instructions. i downloaded rkill and renamed it before the download. when i go to run it i get a window saying it cannot open the file. i read that i should just keep on trying to open and run it. i’ve been trying for 5 minutes straight and it is still not running. any other ideas or am i doing something wrong? thanks