XP Antivirus 2008 - Phishing bug

[PlasticAnnArbor]

I know you have ALL heard it before but
The easiest way for a virus writer to get the code installed and turn your system into a zombied box is having the person SITTING IN A CHAIR LOOKING AT THE SCREEN RIGHT NOW do it .

[kinghelfer]

I know you have ALL heard it before but
The easiest way for a virus writer to get the code installed and turn your system into a zombied box is having the person SITTING IN A CHAIR LOOKING AT THE SCREEN RIGHT NOW do it .

...great idea!! and that helps me how...?¿?

[PlasticAnnArbor]

it dose not .Reinstall windows from a known good back-up
you might want to look here for instructions
http://www.xp-vista.com/spyware-removal/xp-antivirus-2008-removal-instructions-xp-antivirus-2008
also install "spy-bot search and destroy"
http://www.safer-networking.org/en/index.html
and ad-aware
http://lavasoft.com/
and if Norton/McAfee/AVG cant find it try the windows version of ClamAV http://w32.clamav.net/

I use the Linux ClamAV to scan my windows xp hard drive and it finds things that Norton and McAfee miss.

[boingo]

"Rogue remover free" got rid of most of it, but I also did scans with other programs too. I don't remember which site I downloaded Rogue Remover from, so you may have to be careful about that.
I upgraded my antivirus to BitDefender after doing the rest of the scans and removal stuff. It hasn't found any viruses, spyware or any other nasties since.

The only noticeable problem I still have is Window's inability to display thumbnails in folders. Even deleting the "Thumbs.db" file in the folder doesn't fix things.

[PlasticAnnArbor]

for all thumbnails or just .jpg
and have a look at
<doing this from memory and google>
regedit
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer]
for the thumbnail entry
there should be something like this
"ThumbnailSize"=dword:00000096
also look in HKEY_CLASSES_ROOT for .jpg,.png,.bmp,...and see if there is a corresponding ShellEx in the file
or form explorer the view tab and look at file types

[boingo]

Thanks.
It's actually showing the same image as we get for icons, but larger when I have the folder set to display thumbnails, instead of a preview image.
ie. It shows the standard picture of a little painting, but in a larger size.

[PlasticAnnArbor]

av software will not remove all the registry entry's made by the virus .
you may need to remove some by hand

HKEY_USERS\Software\XP antivirus
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run smrhc7nsj0e57c
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c uninstallstring
HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c

[boingo]

Cheers. I'm wary about stuffing up things even worse, so I may not play around with things like that until I'm certain I know what I'm doing. I learned the hard way about stuffing up a computer around ten years ago when I tweaked the BIOS of an old Windows 95 machine.

[kinghelfer]

"Rogue remover free" got rid of most of it, but I also did scans with other programs too. I don't remember which site I downloaded Rogue Remover from, so you may have to be careful about that.
I upgraded my antivirus to BitDefender after doing the rest of the scans and removal stuff. It hasn't found any viruses, spyware or any other nasties since.

The only noticeable problem I still have is Window's inability to display thumbnails in folders. Even deleting the "Thumbs.db" file in the folder doesn't fix things.

...i think i tried rogue remover last night and it froze up on me, i,ll try it again if i can get the machine to start!!

[PlasticAnnArbor]

the System registry is nothing to be scared of .However you DO NEED TO BE VERY CAREFUL WITH IT. there are some entry's that if remover or changed can brick windows . But not the ones i posted they are from code installed by the virus .

[kinghelfer]

...cant get the computer to finish its start up without it freezing , have tried the F8 button but dont get the startup in safe mode option, have been reading up on this and will try to do system recovery with date change if i ever get it to the point where i can acces it......

[boingo]

:P ...cant get the computer to finish its start up without it freezing , have tried the F8 button but dont get the startup in safe mode option, have been reading up on this and will try to do system recovery with date change if i ever get it to the point where i can acces it......

I had the same problem with it not booting up and also didn't get the option to start up in safe mode. I think I ended up having to force the option by pressing the reset button while Windows was still running, rather than shutting it down. After several trial and error goes I eventually did get into safe mode.
The scamware is a nasty piece of work because it disables some features. I expect safe mode may be one of those. I did get there eventually though.

I think I went in and, along with using system restore, I deleted the exe files to stop the nasty program starting up. (I've put the address of those files in the first couple of posts on page one.)

[PlasticAnnArbor]

if you have a factory recovery disk boot into that .the repair option will reset the WINDOWS ONLY code back to the original factory version
and then should be able to boot . this WILL NOT remove/delete anything else on the computer .

If you have a windows XP sp2 or sp3 install disk , you can do the same it is the "repair option " .
This will also add back into the system registry things removed by the virus .
Like the thumbnails and the screen saver tab

[boingo]

if you have a factory recovery disk boot into that .the repair option will reset the WINDOWS ONLY code back to the original factory version
and then should be able to boot . this WILL NOT remove/delete anything else on the computer .

If you have a windows XP sp2 or sp3 install disk , you can do the same it is the "repair option " .
This will also add back into the system registry things removed by the virus .
Like the thumbnails and the screen saver tab

Oh ta. I forgot about that. I actually did do that which is what brought back the screen saver tab.

I'm not sure the thumbnails thing is entirely because of the virus/scamware because I've had similar problems for a long while. Despite the check box for remembering each individual folders view settings to be saved on exit, Windows still shows most folders with icons instead of a list.
I'm just procrastinating from doing another full install because it takes many hours to set up a clean install. Things like Paint Shop Pro5 don't have a way to save the user settings such as toolbar shortcuts.

[kinghelfer]

:P ...cant get the computer to finish its start up without it freezing , have tried the F8 button but dont get the startup in safe mode option, have been reading up on this and will try to do system recovery with date change if i ever get it to the point where i can acces it......

I had the same problem with it not booting up and also didn't get the option to start up in safe mode. I think I ended up having to force the option by pressing the reset button while Windows was still running, rather than shutting it down. After several trial and error goes I eventually did get into safe mode.
The scamware is a nasty piece of work because it disables some features. I expect safe mode may be one of those. I did get there eventually though.

I think I went in and, along with using system restore, I deleted the exe files to stop the nasty program starting up. (I've put the address of those files in the first couple of posts on page one.)

..as i,m using W2000 i dont think i have those features, i am trying to download anti malware stuff, rogue remover didnt even find it!! i,m trying malwarebytes at the mo but it keeps stopping......