XP Guardian Malware got me...

claptonman

New Member
Well, I've seen this happen on other computers. The fake anti-malware pops up and asks you to buy it. I, of course, don't. But the malware disables most programs so I couldn't run my Malwarebytes to get rid of it. I then find this website:

http://www.myantispyware.com/2010/0...-security-2010-xp-guardian-antivirus-xp-2010/

I follow the instructions and write the code in notepad and open it. It still doesn't let me open anything. So then I restart in safe mode.

First of all, when I get into the screen to choose safe mode, my USB ports are dead; my mouse isn't on and my keyboard doesn't work. I get my friend's keyboard that doesn't use USB and choose Safe Mode. Many lines of codes pop up and it just sits there, then the computer restarts itself. I try running it in normal mode, and it restarts itself before getting to the log in page. I tried every other safemode option and nothing works. Now, whenever I turn on the computer or restart it using the buttons on the computer, it always goes into the safe mode page and I cannot get into my computer.

Any help here?
 

canivari

New Member
Well, I've seen this happen on other computers. The fake anti-malware pops up and asks you to buy it. I, of course, don't. But the malware disables most programs so I couldn't run my Malwarebytes to get rid of it. I then find this website:

http://www.myantispyware.com/2010/0...-security-2010-xp-guardian-antivirus-xp-2010/

I follow the instructions and write the code in notepad and open it. It still doesn't let me open anything. So then I restart in safe mode.

First of all, when I get into the screen to choose safe mode, my USB ports are dead; my mouse isn't on and my keyboard doesn't work. I get my friend's keyboard that doesn't use USB and choose Safe Mode. Many lines of codes pop up and it just sits there, then the computer restarts itself. I try running it in normal mode, and it restarts itself before getting to the log in page. I tried every other safemode option and nothing works. Now, whenever I turn on the computer or restart it using the buttons on the computer, it always goes into the safe mode page and I cannot get into my computer.

Any help here?

Take the HDD out,run a full scan with a good (and updated) Internet Security Program.
After that try to boot the machine again,if you are able to do that then download SemiFraud Removal toolkit that includes ComboFix,SmitfraudFix and smitRem and run them all.
Hope that helps
 

claptonman

New Member
Take the HDD out,run a full scan with a good (and updated) Internet Security Program.
After that try to boot the machine again,if you are able to do that then download SemiFraud Removal toolkit that includes ComboFix,SmitfraudFix and smitRem and run them all.
Hope that helps

So take the harddrive out and turn on the computer, you mean? Sorry, not that technical with computers.
 

Motoxrdude

Active Member
No he means take out the hard drive, plug it into another computer as a secondary drive and than run virus scans on it.
 

johnb35

Administrator
Staff member
You might be able to run combofix on it. Rename the file when you download it to something like kittyfix.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 

canivari

New Member
So take the harddrive out and turn on the computer, you mean? Sorry, not that technical with computers.

Right,
Take the HDD out,run a full scan with a good (and updated) Internet Security Program in another computer..
After that put the hdd back on and try to boot the machine again,if you are able to do that then download SemiFraud Removal toolkit that includes ComboFix,SmitfraudFix and smitRem and run them all.
Hope that helps
 

claptonman

New Member
Ok, thanks, I will try this. What would be a good way to transport the HDD? I don't have any of those bags that protect from electrical hazards. Any household container suggestions?
 

johnb35

Administrator
Staff member
How far are you going with it? Got any bubble wrap? Have you tried the suggestion in my last post about running Rkill?
 

claptonman

New Member
There's a campus computer help desk across the street, so not that far. And no, I can't get into my account at all, can't log on anything.
 

claptonman

New Member
Okay good. What could be causing it not to log in? Would it be the malware or did the malware somehow get into the registry and screw something up?
 

claptonman

New Member
Ok, I am logged in my computer and the malware is gone, but whenever I try to run a program, this pops up:

"This file does not have a program associated with it for performing this action. create an association in the folder options control panel"

What does this mean?
 

johnb35

Administrator
Staff member
I doubt your are totally clean. Do you know what was used to clean the infection you had?
 

johnb35

Administrator
Staff member
Please post a hijackthis log so we can be sure you are clean.

Hello, please download and post a log with HiJackThis.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Top