Windows XP Security... Fake... I think...

On Friday, I got a rootkit error on my netbook. I downloaded a fix from Kapersky having found nothing here for it.

It ran fine for a day or two. This morning, I turned on my netbook and was warned (although avast seemed to be running normally) that my PC had no firewall turned on. So I clicked on the XP icon and it began to run XP Security. It scanned, supposedly and tells me that I have no less than a dozen viruses on my computer. Then it asked me to remove them? I clicked to remove them and was redirected to purchase the software.

I cannot eliminate the process and worse, without eliminating it or purchasing their software, I cannot browse!

Why didn’t Avast stop this?

And how do I get rid of it! Yes, I have a stick to use offboard files.

Any help here is useful!

If you can I suggest going to http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26 and downloading Malware bytes if not already installed and running a scan, then when complete posting log here.

It has damaged my EXE files on the netbook and I cannot launch the file. :frowning:

Suggestions?

Very easily fixable. First download rkill from Bleeping Computers. Rename the download to some random number. Then download the exe fix.

http://www.dougknox.com/xp/file_assoc.htm

http://www.bleepingcomputer.com/download/anti-virus/rkill

I can send you the exe fix also. After you do those steps you should be able to install MBAM and run a full scan. Keep in mind that no security in the world can protect you. If you turn up Avast’s settings and enable PUP (Potentially Unwanted Program) you will be better off. Lets worry about that last. Let me know if this works.

full removal guide here, read it all before you start

How to remove XP Security Tool 2010, XP Defender Pro, and Vista Security Tool 2010 (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

XP Security Tool 2010, XP Defender Pro, Vista Security Tool 2010, and Vista Defender Pro are all new rogues that are exactly the same program. They are just shown with different names and interfaces depending on the version of Windows that it is run on. This guide run under quite a few different names, which I have listed below based upon the version of Windows: