I ran Avast successfully last night but when it finished, the XPSecurityCenter malware is still on my computer.
It’s a red ball on my taskbar with a white X on it.
It makes popping noises every few minutes.
It occasionally takes over your browser, when you attempt to navigate a website,
telling you that your websurfing is unsafe and to run their scan,
which is a fake scan, which advises you to send them $45 for a ‘cure’.
This virus appeared very authentic at first.
I assumed it was just Microsoft notifications.
I emailed them and got a response with a download to ‘remove’ the notices
but I had realized by that time that they were not legitimate.
Apparently it is a Russian scam.
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Also, for the rogue program:
RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.
Thank you Sir.
I tried the Rogue Remover first but it didn’t seem to have anything regarding the XPSC and it didn’t remove it.
I cleared my cache and personal files and looked at my Temp folders but I’m not sure what to delete and what not to touch there.
I disabled ‘Restore System’ yesterday, before trying the Panda scanner, which never finished scanning.
I am now going to try your step 3, which seems like it might take a full day or so,
since I tried rerunning it last night on ‘thorough’ and it was only at 32% this morning.
I’ll check back in when it finishes scanning. Thanks much. I owe you.
As far as what is in the Temp folder is concerned, you can delete anything in it that is not in use when you do this. They are temporary files and as such, are only needed when in use. These files are not likely to be needed again but if they are, they will be recreated at the time of need.
I started running Kapersky but went to bitdefender instead, since it will remove any malware.
Gonna run it now. My desktop is loaded now!
Sure is great to be rid of that nasty Russian bug.
Thanks again!
If I hear of anyone else who gets bitten by this bug, or any other,
I’ll be sure to direct them to this great place.
I wish you guys were real estate lawyers too.
If I hear of anyone else who gets bitten by this bug, or any other,
I’ll be sure to direct them to this great place.
I wish you guys were real estate lawyers too.
[/quote]
Hello I have the same problem with this horrible XPSecurityCenter… Can’t get rid of it: it blocks every page I try to open and prevents me from accessing those sites with online resolutions… PLEASE HELP ME!
Davide
Hello Charley
Yes I tried every single antivirus suggested prior to my post, but it was quite impossible to solve the problem as the virus blocked the download or I was eventually asked to buy the product that scanned my pc (Kampesky and BitDefender were blocked).
I had to take AVAST away from my pc in order to download any other antivirus but the only one that actually did not make problems so far is ESET NOD32 in the trial version… AVAST home edition did not detect any virus on my pc, just for information. Now that I am scanning the pc using ESET no problem has come up yet… I will let you know if it end up successfully.
What do you suggest to do next? Buy some antivirus from AVAST of ESET or use some Free edition?
I am not skilled enough or experienced enough to decide whether it is best to go on using free editions or buy one
thanks for your support as AVAST expert.
Davide
NOTE: ESET NOD32 just scanned my pc UNSUCCESSFULLY!! XP SEC CENTER is stil in it! It was detected when using the internet on line scan but not after installing the trial version! is this an attempt to sell some specific program???
I am very UPSET! sorry…
Apologies for the words above, now I am re-reading all the quotes and I understand viruses malware & co. are a really serious problem that cannot be fought with standard, free of charge or trial antiviruses… I see there are many operations (boot scan and so on ) and specific programs that can be bought, but please forgive my total ignorance: I am just a very normal user of a pc for the first time infected by a stupid but serious malware I can’t get rid of. Any further help appreciated.
Have you tried the above advice given by Tech & Polonus?
GOOD NEWS!
Got rid of it using the combination of ESET NOD32 that blocked the virus POPUPS in addition to SPYWARE TERMINATOR.
THANK YOU ALL GUYS I FEEL SAFER.
davide
Hello again everyone. I just had a nasty virus pop up on my screen. It’s blocking half the screen with an “Antivirus software alert” and it keeps telling me that anything I try to launch is blocked, including my email and it even blocks me from using Ctrl/Alt/Del
I came back here hoping to duplicate what you taught me last time but when I try to access my System Restore, I get the popup telling me that this .exe is infected and can’t be used.
What can I do?
Thanks for the help.
p.s.
When I “right click” on the main evil pop-up that is blocking my screen, it says it comes from here:
kaka://C:\Documents%20and%20Settings\RA%20Denney\Local%20Settings\Application%
It seems very similar to the XP Security Center virus that I posted about last year but I’m getting a popup that says; Windows Security Center.
Update: I restarted and I was able to launch System Restore before the virus activated.
I restored to April 4th and so far, everything seems to be fine!
I recomend that you install Malwarebytes Antimalware www.malwarebytes.org
The proversion with protection module will stop most of these. It is a one time fee for a liftime license
