1. Welcome to Tacoma World!

    You are currently viewing as a guest! To get full-access, you need to register for a FREE account.

    As a registered member, you’ll be able to:
    • Participate in all Tacoma discussion topics
    • Communicate privately with other Tacoma owners from around the world
    • Post your own photos in our Members Gallery
    • Access all special features of the site

Need PC help!! Virus

Discussion in 'Technology' started by TACOMA TRD, Dec 14, 2011.

  1. Dec 14, 2011 at 11:42 PM
    #1
    TACOMA TRD

    TACOMA TRD [OP] Well-Known Member

    Joined:
    Apr 9, 2010
    Member:
    #34897
    Messages:
    2,207
    Gender:
    Male
    First Name:
    Tom
    PA
    Vehicle:
    2011 MGM SPORT DC 4x4
    Alpine HU, Apline 6.5 3 way Speakers, Access Cover.
    Looking for some help on remving a Virus on my PC. My son needed to load Itunes 10.5 on our PC the other day, my symantec virus protection was preventing it from installing. I shut down my Virus protection so we can load the itunes.

    Flash forward 2 days I was downloading some music and picked up a Virus !!! I never turned the virus protection back on. :mad: The Virus I got is called XP ANTIVIRUS 2012. It keeps telling me that I have to pay 69.95 for my computer to be virus free. I know this is the actual Virus and the whole thing is a scam

    I dont know how to remove, it wont let me on internet, it wont let me restore to a earlier date..... everything i click on it just pops up purchase ANTIVIRUS for 69.95.

    Anyone know how to remove?

    I have a Dell XPS desktop running windows XP....
     
  2. Dec 14, 2011 at 11:44 PM
    #2
    JimBeam

    JimBeam BECAUSE INTERNETS!! Moderator

    Joined:
    Apr 14, 2008
    Member:
    #5966
    Messages:
    41,921
    Gender:
    Male
    First Name:
    JB
    Vehicle:
    2014 DCSB TRD 4x4
    From what I understand, you need to first find a "bogus" reg code to enter to trick the program into thinking you paid for it

    From there I'd assume you can get it
     
  3. Dec 14, 2011 at 11:57 PM
    #3
    TnRedNeck721

    TnRedNeck721 GO VOLS!

    Joined:
    Mar 10, 2011
    Member:
    #52731
    Messages:
    19,142
    Gender:
    Male
    First Name:
    Zach
    TN
    Vehicle:
    07 TRD off road 4WD
    No mud flaps, plasti dipped emblems, and rear bumper, Weather tech digital fit, Bed mat from tractor supply. Pioneer 4400BH head unit. B.A.M.F bed rail tie downs. AVS vent visors.
    get a Mac. lol sorry i have no idea what to do. i’ll leave now.



    good luck tho!
     
  4. Dec 15, 2011 at 12:00 AM
    #4
    markmatters

    markmatters Viejon

    Joined:
    Nov 4, 2011
    Member:
    #66436
    Messages:
    1,318
    Gender:
    Male
    First Name:
    Mark
    Yuma, AZ
    Vehicle:
    2007 PreRunner
    factory reset...
     
  5. Dec 15, 2011 at 12:09 AM
    #5
    Norton

    Norton Well-Known Member

    Joined:
    Mar 10, 2011
    Member:
    #52729
    Messages:
    2,742
    Gender:
    Male
    First Name:
    Steve
    Monument, CO
    Vehicle:
    2013 Access Cab 4x4 V6 6MT, TRD OR & Tow Packages
    ARE Z-Series Topper, OME 885 Coils, Dakar Leafs, NitroCharger Sports; TRD Quickshifter; TRD Exhaust; aFe POWER Magnum FLOW Pro DRY S Air Filter; Goodridge SS Brake Lines; Cooper Discoverer A/T3s on FJ SE Anthracite Rims; N-Fab 6-Step Nerf Bars; MetalMiller TRD Skid; jsi's Locker Anytime & ramonortiz55's Always on Power Outlet Relay Mods; crashnburn80's Ultimate Headlight & Fog Light Upgrades (RallyLights Harnesses, Osram 85/80W H4 & Flösser 90W H11 Bulbs); ND4's Fog Light Anytime Mod; Interior & Reverse LEDs; AudioControl LC2i LOC, JL Audio XD200/2v2 Amp, Focal PS165V1 Spkrs, Sound Ordnance B-8PTD Sub, Hushmat & Foam Insulation; Ltd Auto-Dim/Compass/Temp/Backup Camera/Homelink mirror; 4Runner 4X4 & FJ Fog Light Switches; Husky Floor Liners; UltraGauge EM; Redline Tuning QuickLIFT Elite; Mobtown Offroad Locking Bed Storage Doors; Toyota Bed Mat; Toyota Bed Extender; Pop & Lock Power Tailgate Lock; SolarGard Tint; CravenSpeed Stubby Antenna; Amsoil Lubricants; Adam's Detailing Supplies
    According to one site I found, "XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer’s system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally. Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer’s protection!

    XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012. Also, you can use this code 3425-814615-3990 to register the rogue program. Once activated, it won't block web browsers and anti-spyware software."

    Several sites describe manual removal processes, but they're lengthy, somewhat complicated, and involve editing the Registry. Most say PC Tools Spyware Doctor can remove XP Antivirus. Once you use the code above, you should be able to download and install Spyware Doctor. Good luck!
     
  6. Dec 15, 2011 at 12:13 AM
    #6
    400lbGorilla

    400lbGorilla ^Son of a hamster, I smell of elderberries.

    Joined:
    Jun 27, 2009
    Member:
    #18973
    Messages:
    192
    Gender:
    Male
    First Name:
    T-LAM
    Ocean City, MD
    Vehicle:
    BSP 4X4 BASE
    Roof Rack, TRD exhaust, Hood Shield, Side Steps, 5% Tints, Tow Package, Bed Extender, Billies at 2.5, Toytec TSB AAL, Avid Offroad Bar, Cruise Control, Removed Sway, Hella 700s, 6000k HIDs, diff breather mod. DTRL, BHLM,Sockmonkyed.
    XP Antivirus 2012 can be removed manually by following the steps below.
    1. With all programs closed, click the Start Menu and go to the Control Panel.
    2. Locate the Add/Remove Programs icon and double click it.
    3. Locate XP Antivirus 2012 in the list of programs. If you find it, select it and remove it. If you cannot find XP Antivirus 2012, you can continue to step 5.
    4. Restart your computer.
    5. Close all open programs and windows on your desktop.
    6. Open your registry editor (regedit) program by going to Start Menu, type in regedit, and click OK.
    7. Find all of the following registry entries and delete them. If you do not know how to do this, then you can read how to edit the registry in Windows.
      HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
      HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
      HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
      HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
      HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
      HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
      HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
      HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
      HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
      HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
      HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
      HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
      HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
      HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
      HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
      HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
      HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
      HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
      HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
      HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
      HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
      HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
      HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
      HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
      HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    8. You may need to return to this removal process for removing XP Antivirus 2012. You can do this easily by bookmarking or adding a favorite to this page by clicking here. If you are using the FireFox web browser you can press the keys Ctrl and D simultaneously to bookmark this page.
      Image 1. Bookmark PCHubs removal process
      [​IMG]
    9. Delete all of the following files that are associated with XP Antivirus 2012 from your computer.
      %AllUsersProfile%\random.exe
      %AppData%\Local\.exe
      %AppData%\Local\random.exe
      %AppData%\Roaming\Microsoft\Windows\Templates\random.exe
      %Temp%\random.exe
      %UserProfile%Local SettingsApplication DataopRSK

      If you need a better understanding on how to search for these files then you can read how to find and search for files and folders here.
      If you have issues deleting any of the previously listed files that are associated with XP Antivirus 2012, you can try rebooting your computer into safe mode. Booting into safe mode may allow certain malicious files to be deleted. If you are wondering how to boot into safe mode, you can read our process for starting a computer in safe mode here.
      Image 2. Select "Safe Mode with Networking"
      [​IMG]
    10. After locating and deleting the previous files you must remove all directories associated with XP Antivirus 2012 by going to the C:\ProgramFiles\XP Antivirus 2012 folder, select it, and delete it. In some cases you may not be able to find this directory. You can still continue to the next step.
    11. Restart your computer. You do not need to boot into safe mode at this point. You should have removed XP Antivirus 2012 completely from your computer. If you find that XP Antivirus 2012 is still on your computer, you can repeat the steps again or go to the automatic XP Antivirus 2012 removal process.
     
  7. Dec 15, 2011 at 12:18 AM
    #7
    pyroskier

    pyroskier Well-Known Member

    Joined:
    Mar 24, 2011
    Member:
    #53622
    Messages:
    1,005
    Gender:
    Male
    First Name:
    Jacob
    Laramie, WY
    Vehicle:
    2004 Ext Cab TRD 3.4
    ^ What he said. Had this happen to my sis a few years ago and this did the trick. Viruses these days eat down into your registry files, PITA to get out. I know it looks complicated, but it works. Don't take your computer to Geek Squad or anything, they won't know how to remove it.
     
  8. Dec 15, 2011 at 12:20 AM
    #8
    Manwithoutaplan

    Manwithoutaplan the full Monty

    Joined:
    Jan 30, 2008
    Member:
    #4500
    Messages:
    49,524
    Gender:
    Male
    ID
    Vehicle:
    07 Tacoma Speedway Blue Trd 4x4
    -Nitro 4.56 gears - Arb Front and Rear lockers. -Rear Swing out bumper Curiosity of ( Dept .94) https://www.facebook.com/Dept94 -Tinted, -ProComp 6 inch lift with Icon Coil overs and Bilstein's 7100Resi -315/70/17 - 17x8 in Pro Comp Matte black rims 4.5 bs -East Coast Gear Supply Sliders -ALL Pro EXP LEaf pack -Camburg UCA's -CAB mount CHOP
    Get malwarebytes and load up in safe mode with networking/
     
  9. Dec 15, 2011 at 12:24 AM
    #9
    TACOMA TRD

    TACOMA TRD [OP] Well-Known Member

    Joined:
    Apr 9, 2010
    Member:
    #34897
    Messages:
    2,207
    Gender:
    Male
    First Name:
    Tom
    PA
    Vehicle:
    2011 MGM SPORT DC 4x4
    Alpine HU, Apline 6.5 3 way Speakers, Access Cover.
    I tried looking in the programs....it wasnt listed.
     
  10. Dec 15, 2011 at 12:26 AM
    #10
    TACOMA TRD

    TACOMA TRD [OP] Well-Known Member

    Joined:
    Apr 9, 2010
    Member:
    #34897
    Messages:
    2,207
    Gender:
    Male
    First Name:
    Tom
    PA
    Vehicle:
    2011 MGM SPORT DC 4x4
    Alpine HU, Apline 6.5 3 way Speakers, Access Cover.
    nevermind....continue to step 5....DUH... Thanks...I will try it when i get off work at 9am.
     
  11. Dec 15, 2011 at 12:31 AM
    #11
    400lbGorilla

    400lbGorilla ^Son of a hamster, I smell of elderberries.

    Joined:
    Jun 27, 2009
    Member:
    #18973
    Messages:
    192
    Gender:
    Male
    First Name:
    T-LAM
    Ocean City, MD
    Vehicle:
    BSP 4X4 BASE
    Roof Rack, TRD exhaust, Hood Shield, Side Steps, 5% Tints, Tow Package, Bed Extender, Billies at 2.5, Toytec TSB AAL, Avid Offroad Bar, Cruise Control, Removed Sway, Hella 700s, 6000k HIDs, diff breather mod. DTRL, BHLM,Sockmonkyed.
    Word, if that doesn't work I would try "Norton's" answer. I've used Spyware Doctor in the past; it works well.
     
  12. Dec 15, 2011 at 12:35 AM
    #12
    TACOMA TRD

    TACOMA TRD [OP] Well-Known Member

    Joined:
    Apr 9, 2010
    Member:
    #34897
    Messages:
    2,207
    Gender:
    Male
    First Name:
    Tom
    PA
    Vehicle:
    2011 MGM SPORT DC 4x4
    Alpine HU, Apline 6.5 3 way Speakers, Access Cover.
    Thanks...maybe i will try Nortons and the easier methods first. I was afraid to register with a fake code to cause more damage, but it cant get worse than what it is now. It wont do shit.

    I also read that this virus will self destruct in 6 days. not sure if it will or not. I might be able to score a good copy of malyrebytes off the webs from my sons PC. the load it via jump drive.
     
  13. Dec 15, 2011 at 2:48 AM
    #13
    TACOMA TRD

    TACOMA TRD [OP] Well-Known Member

    Joined:
    Apr 9, 2010
    Member:
    #34897
    Messages:
    2,207
    Gender:
    Male
    First Name:
    Tom
    PA
    Vehicle:
    2011 MGM SPORT DC 4x4
    Alpine HU, Apline 6.5 3 way Speakers, Access Cover.
    It was a music download from demonoid...
     
  14. Dec 15, 2011 at 6:22 AM
    #14
    thecoldone06

    thecoldone06 Well-Known Member

    Joined:
    Sep 20, 2007
    Member:
    #2750
    Messages:
    241
    Gender:
    Male
    x2. Malwarebytes, http://download.cnet.com/Malwarebyt...4572.html?part=dl-10804572&subj=dl&tag=button, will take care of the fake antivirus programs. You can't install the program in safe mode though. You will need to install it in normal mode. After the install, when you open the program, a box will pop up asking if you want to go to the pro version, just decline. You can do the scan in normal mode as well, you don't have to go into safe mode.
     
  15. Dec 15, 2011 at 8:07 AM
    #15
    TACOMA TRD

    TACOMA TRD [OP] Well-Known Member

    Joined:
    Apr 9, 2010
    Member:
    #34897
    Messages:
    2,207
    Gender:
    Male
    First Name:
    Tom
    PA
    Vehicle:
    2011 MGM SPORT DC 4x4
    Alpine HU, Apline 6.5 3 way Speakers, Access Cover.
    Malwarebytes...I downloaded on my sons computer and then put on Jump drive. It wouldnt let me open it. Im going to try registering with Nortons code.
     
  16. Dec 15, 2011 at 8:54 AM
    #16
    TacomaPrime

    TacomaPrime Cybertronian Tacoma

    Joined:
    May 20, 2011
    Member:
    #56955
    Messages:
    1,656
    Gender:
    Male
    First Name:
    Greg
    Illinois
    Vehicle:
    05 Prerunner SR5 TRD off road
    This.
     
  17. Dec 15, 2011 at 9:14 AM
    #17
    dexterdog

    dexterdog My pee parts itch

    Joined:
    Jul 12, 2009
    Member:
    #19571
    Messages:
    4,276
    Gender:
    Male
    Oly WA
    Vehicle:
    2012 F150
    Boot in safe mode before running Malwarebytes. Sometimes you need to rename it or it won't run.
     
  18. Dec 15, 2011 at 9:22 AM
    #18
    kryten

    kryten Well-Known Member

    Joined:
    Jun 23, 2009
    Member:
    #18813
    Messages:
    1,474
    Gender:
    Male
    Canada
    Vehicle:
    07 TRD Sport 6MT
    X3 - Malwarebytes in Safe mode with networking.

    Restart your system, keep pressing F8 before you see the windows logo come up. From the menu select "Safe Mode with netoworking", login with administrator account and install Malwarebytes. Update the software and do a scan.
     
  19. Dec 15, 2011 at 9:28 AM
    #19
    thecoldone06

    thecoldone06 Well-Known Member

    Joined:
    Sep 20, 2007
    Member:
    #2750
    Messages:
    241
    Gender:
    Male
    You can try renaming the setup file. Safe mode won't let you install programs. Windows Installer service isn't started and it won't let you start it. You can also google 'rkill'. It is a script developed that stops the virus so you have time to install and run MB. it comes in an exe and several other forms in case it doesn't let you run the exec version.
     
To Top