Jump to content
longgone

Antivirus WinXP 2008

Recommended Posts

longgone

Somehow the software program "Antivirus XP2008" showed up on my XP partition and for the life of me or anyone else I cannot get it off ... I have tried the control panel "change/remove" route several times .. it tells me the .exe has experienced an error and cannot comply with the request .. and I end up with the standard send a report to Microsoft ... I do but I still can't get rid of the software program ... the most annoying factor is the "balloon window" that keeps popping up about once a minute telling me there are "1592 infected files" on my machine when my normal installed virus software does not show any ... how do I get rid of this pain in the - - - -

Share this post


Link to post
Share on other sites
longgone

b2cm...........clicked on the link while I was in XP ... I get a "page load error" warning ,, after several tries I get the point ... strangely I get this exact same response when I try to turn on the "XP" automatic updates feature ... .. so I am of the impression that this "antivirus xkp2008" is behind both of these errors .. but since I can't get the link to work in XP .. can I d/l this software in Linux , burn it to disk and go back to XP and run it from the disk or is that not doable ... only other thing I can think of is to use the XP install disk and see if I can do a repair that way ...

Share this post


Link to post
Share on other sites
mac

longgone, try running HijackThis and posting the resulting file here. Temerc is a regular who posts all the time on the Security&Networking forum here. They helped me eradicate a scumware program that had infected my daughter's PC that I couldn't eliminate.

Edited by mac

Share this post


Link to post
Share on other sites
b2cm

You can do it manually. Use a live CD and delete the program folder. And the following files:

Note, Some of these files and folders may be random:C:\WINDOWS\qegbdmwf.dllC:\WINDOWS\pntqkflv.dllc:\Program Files\rhcnkrj0etfgc:\Program Files\rhcnkrj0etfg\database.datc:\Program Files\rhcnkrj0etfg\license.txtc:\Program Files\rhcnkrj0etfg\MFC71.dllc:\Program Files\rhcnkrj0etfg\MFC71ENU.DLLc:\Program Files\rhcnkrj0etfg\msvcp71.dllc:\Program Files\rhcnkrj0etfg\msvcr71.dllc:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exec:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.localc:\Program Files\rhcnkrj0etfg\rhcnkrj0etfgSkin.dllc:\Program Files\rhcnkrj0etfg\Uninstall.exec:\WINDOWS\system32\pphcjkrj0etfg.exec:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnkc:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnkc:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnkc:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnkc:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnkc:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnkc:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk%UserProfile%\Application Data\rhcnkrj0etfg%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Packages
Boot into Windows, run regedit and remove the following entries:
Note, Some of these Registry keys and values may be random:HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfgHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnkrj0etfgHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "rhcnkrj0etfg"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "AntivirXP08"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"

Share this post


Link to post
Share on other sites
goretsky

Hello,The Vista|XP Antivirus 2008|2009 malware is updated several times a day by its authors to avoid detection by anti-virus software. If your existing anti-virus did not catch it, then you might want to contact their technical support department to (1) get help with manually removing it; and (2) get copies of the malware to them, so they can add it to their malware signature database.Regards,Aryeh Goretsky

Share this post


Link to post
Share on other sites
longgone

Well .... not sure if it is gone or not ... the info you posted did not seem to accomplish anything.. or if it did I did not understand it ... but at the moment the icon for this virus is no longer on the taskbar ,, it is not in the list of programs under the contol panel .. but it still appears under the all programs menu .. but I cannot get it to remove itself .. I still get the notice that says it cannot be unistalled .. but as of the moment I cannot see any effects of it .. The only problem remaing is that for some reason I cannot turn on the automatic updates feature .. so for now what I am asking is how do I check to see if the virus is fully removed and how do I get the automatic updates turned back on ..

Share this post


Link to post
Share on other sites
Tarq57

To reinstall windows update service, try running the following: rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 132 C:\WINDOWS\inf\au.inf(Click "start", "run", copy that command into it, press "enter" or OK. You may be prompted for the installation disk.)To clean the vestiges of this rogue, download, install, update and run MBAM. This has been reported as very effective with this family of vermin. It may ask for a restart to finish the clean up. Click yes to any prompts, restart as commanded.

Edited by Tarq57

Share this post


Link to post
Share on other sites
Tushman
Well .... not sure if it is gone or not ... the info you posted did not seem to accomplish anything.. or if it did I did not understand it ... but at the moment the icon for this virus is no longer on the taskbar ,, it is not in the list of programs under the contol panel .. but it still appears under the all programs menu .. but I cannot get it to remove itself .. I still get the notice that says it cannot be unistalled .. but as of the moment I cannot see any effects of it .. The only problem remaing is that for some reason I cannot turn on the automatic updates feature .. so for now what I am asking is how do I check to see if the virus is fully removed and how do I get the automatic updates turned back on ..
The best method of finding out if ALL of the viruses/spyware are gone is to boot into a dos-like mode and run command line scans with antivirus tools like kaspersky, F-prot, etc. I say "dos-like" commands because it's not true dos; but it does accomplish the same thing whereby the AV scanners can do its job outside of the windows OS environment. If such a tool is not at your disposal, and I don't expect that you would since MOST people do not have such tools handy, the next best thing is to remove the hard drive and hook it up to another system and scan the entire HDD with a good AV scanner such as NOD32 or Kaspersky.If this is not an option for you, the 3rd best option is to boot into safe mode and scan for viruses that way where the malware has had a chance to inject it's dll file into the operating system. Still not a very good option compared to the above 2 outlined for you.The very fact that the Windows auto update mechanism refuses to turn on is enough evidence that the virus has done its damage and there's a good likelihood there's other malware present within the system. If you don't want to format the hard drive clean and start over, you could try to salvage the existing installation by running the following at the run command line:"sfc /scannow". It will expect you to insert the XP installation CD at some point however, so if you don't have it in your possession, don't bother running the scan. Edited by Tushman

Share this post


Link to post
Share on other sites
Temmu

what he said.boot from bart's pe, hence no chance of infection loading into memory.unless you created the pe disk on that pc recently... ooops!

Share this post


Link to post
Share on other sites
b2cm
but it still appears under the all programs menu .. but I cannot get it to remove itself .. I still get the notice that says it cannot be unistalled ..
If you deleted the program folder, you cannot uninstall it because the installed files are no longer on your hard drive. The menu items or shortcuts can be removed using a cleanup tool like CCCleaner.
The only problem remaing is that for some reason I cannot turn on the automatic updates feature .. so for now what I am asking is how do I check to see if the virus is fully removed and how do I get the automatic updates turned back on ..
To check whether malware remains, use a good antivirus program to scan the partition offline. Easiest way to do it is as Tushman suggested: "the next best thing is to remove the hard drive and hook it up to another system and scan the entire HDD with a good AV scanner such as NOD32 or Kaspersky."I suggest using the trial version of G Data Internet Security http://www.gdata.de/support/GB/list/82/Download and install it on your other computer. Connect the infected hard drive and get it scanned. Also see if it has an emergency CD that runs a version of the antivirus program on a live linux. You can do an offline scan with that CD if you get another malware issue.G Data Antivirus uses 2 scan engines (Kaspersky and Bit Defender or Avast) and is very thorough. It has the highest detection rate among all antivirus software out there. Edited by b2cm

Share this post


Link to post
Share on other sites
Tushman
G Data Antivirus uses 2 scan engines (Kaspersky and Bit Defender or Avast) and is very thorough. It has the highest detection rate among all antivirus software out there.
I'm not familiar with G-Data and I don't give too much credence to AV software makers touting they have the best detection rates. Everyone claims that title. I will say however based on my field experience, Kaspersky and NOD32 seem to have the highest detection rates. I always emphasize to my customers that there is no one magic bullet - not one single AV package (not even Kaspersky) is so comprehensive and great that it will catch everything. Too much BS and marketing hype. Especially when you consider all the spyware variants released on the internet today. I don't have any reason to downplay G-data as I have never used it, but if it's based on the Kaspersky engine, then my only skepticism or question would be how often they release their updates and how comprehensive their database is. Edited by Tushman

Share this post


Link to post
Share on other sites
zlim
http://www.avast.com/eng/avast-virus-cleaner.htmlis a free virus cleaner tool from Avast. I believe you run it from a CD and it cleans without windows loading.There are several tools like this but unfortunately, I can't find the article where the information and links were posted. :thumbsup:

Share this post


Link to post
Share on other sites
longgone

One more item .. before I even attempt to try this .... during the POST/BOOT process ,, inbetween the splash screen and the log-in screen .. I get the notice ..checking file system on F: /the type of the file system is RAWAUTOCK is not abail for Raw driveswindows has finished checking the diskthis is the first time I have ever encountered this particular entry ... is it something I should be concerned about .. or just treat it as an informational entry ???

Share this post


Link to post
Share on other sites
Tushman
One more item .. before I even attempt to try this .... during the POST/BOOT process ,, inbetween the splash screen and the log-in screen .. I get the notice ..checking file system on F: /the type of the file system is RAWAUTOCK is not abail for Raw driveswindows has finished checking the diskthis is the first time I have ever encountered this particular entry ... is it something I should be concerned about .. or just treat it as an informational entry ???
Well what is on your F:\ drive or partition? Do you have a single hard drive partitioned off into different drive letters? That message that you're getting sounds like the MFT could be hosed. Either that there's no file system present on that partition. Can you get access to the C: drive where XP is installed? If not, then boot up with the XP CD, and boot into the recovery console. At the command prompt, type "chkdsk c:" w/out the quotes. Edited by Tushman

Share this post


Link to post
Share on other sites
longgone

As best as I can explain it .... their are twin hard drives @ 500GB each .. on HDA I have on hda1 the XP install .. hda5 is MD2008.1 and swap is on hda6 nothing else is on that drive .. on HDB the only thing it has is on hdb1 FreeBSD ... from everything I have been taught hda should be the "C" drive and hdb "D" ... with my DVD ROM as "E" and my DVD R/RW as "F"...

Share this post


Link to post
Share on other sites
b2cm
I'm not familiar with G-Data and I don't give too much credence to AV software makers touting they have the best detection rates. Everyone claims that title.
What G Data says about its products.
G DATA develops anti-virus software since 1987. At CeBIT 2002 we inaugurally introduced the DoubleScan®-Technologie, where two virus scan engines have been combined for higher security. Within 24 months AntiVirenKit was rewarded with 33 awards and recommendations from the computer press.
A review of its AVK 2005:
G DATA AntiVirusKit 2005 (AVK) provides a double layer of protection, bundling both the Kaspersky and BitDefender antivirus engines under a single, easy-to-use console. The use of these engines offers an important advantage to AVK. In response time testing conducted by AV-Test.org during 45 outbreaks in 2004, both Kaspersky and BitDefender provided commercial updates faster than any of their competitors. And fast response times aren’t the only benefit these two stellar engines bring to the table. AVK was the only product out of 35 tested by AV-Test.org in 2004 to achieve 100% detection of both the basic WildList viruses and the more comprehensive collection of zoo viruses.
About.Com Review of G Data AntiVirus Kit 2005A review of its current product:
Verdict: A simple package that combines two detection engines for maximum efficacy. German security specialist G Data has been producing antivirus software for over 20 years, but there's nothing retro about AntiVirus 2008. Open it up and you see a basic user interface giving direct access to the main functions (starting and scheduling scans and updates), as well as a few information panels. Click on Options and you can set some default behaviours and toggle options like heuristics. As with Spyware Doctor (see below left), the emphasis is on practicality.G Data AntiVirus' secret weapon is its DoubleScan technology, which uses two independent detection engines to scan suspect files. They're referred to simply as 'Engine A' and 'Engine B', with Engine A described as the more effective but slightly more resource-heavy of the two.
PC Pro Product Review of G Data AntiVirus 2008and how it fares against the others:
Microsoft's OneCare takes last place in anti-virus evaluationThe top dog in the tests was G Data Security's AntiVirusKitMarch 1, 2007 (Computerworld) -- Microsoft's Windows Live OneCare came in dead last out of a group of 17 anti-virus programs tested against hundreds of thousands of worms, viruses, Trojan horses and other malware, an Austrian anti-virus researcher reported yesterday. The AV Comparatives Web site, which is maintained by Andreas Cleminti from Innsbruck, Austria, posts quarterly results of tests that pit the top anti-virus products against a dynamic list of nearly half a million individual pieces of malware. Top dog, according to Cleminti's tests, was G Data Security's AntiVirusKit (AVK), which nailed 99.5% of the malicious code. Not far behind were AEC's TrustPort AV WS, at 99.4%, Avira's AntiVir PE Premium, at 98.9%, MicroWorld's eScan Anti-Virus, at 97.9%, F-Secure's Anti-Virus, at 97.9%, and Kaspersky Labs' AV, which stopped 97.9% of the malware. Better known products such as Symantec's Norton Anti-Virus and McAfee's VirusScan posted results of 96.8% and 91.6%, respectively. Holding the bottom spot was Microsoft's Windows Live OneCare, the consumer security suite that the Redmond, Wash. developer launched last year. OneCare took care of just 82.4% of the malware.
Computerworld security article

Share this post


Link to post
Share on other sites
redmaledeer

b2cm - I'm surprised that someone as experienced as you seems to think that there is one best antivirus. It varies with the types of virus used as a test, it varies with the type of surfing a particular user does, and it varies with the user's sophistication or willingness to tweak an antivirus program. A newbie or someone unwilling to work at tweaking a program may do best with a set-and-forget program -- even if that program has lower scores on antivirus tests. For an idea of the complexity of evaluating antivirus programs, see Scot's series on the subject: http://www.scotsnewsletter.com/83.htm#avv That said, it's an interesting idea to combine two detection engines -- tho only if their strengths complement each other. And, in a way, many users partly do this already by using one antivirus program for realtime protection, but also scanning with others.

Share this post


Link to post
Share on other sites
Tushman
b2cm - I'm surprised that someone as experienced as you seems to think that there is one best antivirus. It varies with the types of virus used as a test, it varies with the type of surfing a particular user does, and it varies with the user's sophistication or willingness to tweak an antivirus program. A newbie or someone unwilling to work at tweaking a program may do best with a set-and-forget program -- even if that program has lower scores on antivirus tests. For an idea of the complexity of evaluating antivirus programs, see Scot's series on the subject: http://www.scotsnewsletter.com/83.htm#avv That said, it's an interesting idea to combine two detection engines -- tho only if their strengths complement each other. And, in a way, many users partly do this already by using one antivirus program for realtime protection, but also scanning with others.
Very well said redmaledeer.

Share this post


Link to post
Share on other sites
b2cm

Dale wanted to make sure there wasn't malware on his computer. I said that can be done with an offline scan with an antivirus known for detection ability. I suggested AntiVirus Kit which includes a scanner on a Linux live CD. I added that AVK has the best detection rate among popular antivirus programs, and said so in terms of comparative, empirical studies. I mentioned a number, one of which is AV Comparatives that uses a test set of half a million malware (big enough for me). As far as those tests are concerned, AVK has the 'best' detection rate. I do know that in the world beyond the test labs, detection ability is just one of the many, many factors that people use to determine what antivirus solution is 'best' for their needs. In this sense, the word 'best' is subjective, relative and beside the point.

Edited by b2cm

Share this post


Link to post
Share on other sites
longgone

Well ... I'm back .... tried to run the cmd that was posted in reply #8 to no avail .. did a copy n paste with it ... and the results are "installation failed" is there some means where I can put the XP install disk in the CD Rom .. boot it up and try to fix this with the "repair installation" option ..

Share this post


Link to post
Share on other sites
Tarq57

Stabbing in the dark, here, a bit, but Dial a Fix has a pretty good reputation. Most of the info is available on the linked page, plus a link to the download itself. (about 1/3 Mb) Quite a few tools, including Windows Update tools.I don't know about using the XP disk to repair the problem.

Share this post


Link to post
Share on other sites
alphaomega

If by chance you still have not been able to clean this pest off:See if any of the information at this link helps.How to remove Antivirus XP 2008Good Luck...Cheers

Share this post


Link to post
Share on other sites
longgone

To the best of my knowledge ... it is gone ... but I only say that because I no longer get all the pop-up windows that I usded to have with it ... so in that respect I am good BUTI still have the same readout that I mentioned in post #14 .. I have not yet attempted to feat of fixing it .. I have been working on my other machine and it's XP install .. which to say the least is very confusing to me at the moment6

Share this post


Link to post
Share on other sites
Temmu

what's up with the install that is confusing? post and we'll help.

Share this post


Link to post
Share on other sites
longgone

Okay...here is the confusing part .. the puter has two hard drives .. I used the partitioning area of XP to delete all the partitions on both hard drives but I had already done a disk wipe using UBCD on the A drive ... just for the heck of it I partitioned the two Hd's partition exactly identicial ... did some other partitions also but for the moment they are just there ... before the formatting process I selected the first partition on the B drive for the XP install .. this is just to see if by chance it would take it ... then the formatting step started and it selected the first partition on the A drive .. logic says that it was not formatting the B drive .. A drive is formatted and then the window comes up again asking which type I want either the NTFS or the FAT32 .. again I selected NTFS and then next now up pops the B drive partition and it6 formats the first partition on it and continues the install ... but is it on HDA1 or HDB1 have no idea how to check on that .. but onward .. after the install is done and I start to put in some software .. this puter freezes the screen ... several times .. and after several restarts I get what I want installed ,, installed but every once in awhile the screen just freezes up .. so those are my confusing issues ...my best guess is that I need to go to Nvidia web site and d/l the driver for the video card in this machine since I do not have it ... but that is just a guess any input on this is sure to help .... especially where the XP install did end up at

Share this post


Link to post
Share on other sites
Tushman
Okay...here is the confusing part .. the puter has two hard drives .. I used the partitioning area of XP to delete all the partitions on both hard drives but I had already done a disk wipe using UBCD on the A drive ... just for the heck of it I partitioned the two Hd's partition exactly identicial ... did some other partitions also but for the moment they are just there ... before the formatting process I selected the first partition on the B drive for the XP install .. this is just to see if by chance it would take it ... then the formatting step started and it selected the first partition on the A drive .. logic says that it was not formatting the B drive .. A drive is formatted and then the window comes up again asking which type I want either the NTFS or the FAT32 .. again I selected NTFS and then next now up pops the B drive partition and it6 formats the first partition on it and continues the install ... but is it on HDA1 or HDB1 have no idea how to check on that .. but onward .. after the install is done and I start to put in some software .. this puter freezes the screen ... several times .. and after several restarts I get what I want installed ,, installed but every once in awhile the screen just freezes up .. so those are my confusing issues ...my best guess is that I need to go to Nvidia web site and d/l the driver for the video card in this machine since I do not have it ... but that is just a guess any input on this is sure to help .... especially where the XP install did end up at
Dale,There was no need for you to format both hard drives using the XP setup partitioning process. All you had to do was install XP onto 1 HDD and after you get the OS up and running, formatting the 2nd HDD is a simple process (using the disk management console utility).
before the formatting process I selected the first partition on the B drive for the XP install
How are you going about identifying HDD A versus HDD B? by the serial number? the capacity?...or the brand name?Open up the disk management console by typing in "dismgmt.msc" into the run command line w/out the quotes. It will display all the drives connected to the system and you should be able to figure out which drive XP is installed on by the total capacity of the drive versus free space left.And yes you will most certainly need the drivers for your Nvidia graphics card. Use the drop down menu to select your card. Nvidia Drivers download page. While you're at it, I would advise you to check in the device manager for any other missing drivers. "devmgmt.msc" is the run command line you need to open it. Edited by Tushman

Share this post


Link to post
Share on other sites
b2cm
where the XP install did end up at
Windows is installed on hdb1. That partition is the 'boot partition', where the operating system files are located. The boot files (boot sector, ntldr, ntdetect, etc) are, however, located in hda1 (the so-called 'system partition'). That will explain why Windows Setup first formatted hda1 and then hdb1.

Share this post


Link to post
Share on other sites
goretsky

HelloPerhaps running the Disk Management snapin (filename: DISKMGMT.MSC) once Microsoft Windows XP is booted will give a better visualization of how the hard disk drives are partitioned into disk volumes, and how those disk volumes are formatted.Regards,Aryeh Goretsky

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...