Antivirus

  • Thread starter Thread starter Dan Dilly
  • Start date Start date
D

Dan Dilly

Hi a file has appeared on my PC "XPantivirus\xpa2008.exe" do you know what it
is and where it came from? Is it a genuine microsoft file? should I run it or
not?

Dan Dilly
 
Dan Dilly said:
Hi a file has appeared on my PC "XPantivirus\xpa2008.exe" do you know what it
is and where it came from? Is it a genuine microsoft file? should I run it or
not?
Click to expand...

Download and run HijackThis;
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=hijackthis)
Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)
Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.
*Note, //registration// *is* required prior to posting a log.
- Not listed in any particular order -
(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)
(http://www.lavasoftsupport.com/index.php?showforum=36)
(http://forum.piriform.com/index.php?showforum=12)

Post back the URL where you posted your log, *not* the entire log.

Randy
 
Hello Dan,

If you find a suspicious file on your system and your antivirus software
hasn't raised an alarm, you can get a second opinion at two free sites:
http://virustotal.com, where you can upload a suspect file and run a
comprehensive scan using 23 separates antivirus products; or Jotti which scan
files slighty more quickly because it uses only 15 different antivirus
engines.

Go to

http://virusscan.jotti.org/

http://scanner.virus.org/
-
http://www.virustotal.com/en/indexf.html
-
<http://onlinescan.avast.com/>

MMPC Microsoft Malware Protection Center
<https://www.microsoft.com/security/portal/submit.aspx>


If this scanner says 'OK', it does not necessarily mean the file is clean.
There could be a whole new virus on the loose. NEVER EVER rely on one single
product only, not even this service, even though it utilizes several
products.


I hope this post is helpful, but we would highly appreciate it if you could
rate the pºst, and post back the solution that works for you so we can keep
the community informed and saves somebody else the hours of trawling through
the web trying to find a solutiºn.
- -- --

BELIEF
A man must not swallow more beliefs than he can digest. -----Havelock Ellis
 
This is NOT a microsoft file.

I would definitely investigate further and avoid running it.
 
XPAntivirus is what you call a "Fraudware". This is what I read on the
internet. Once you install, it is hard to remove. I just went in and
deleted the XP Antivirus directory. Then it stopped bothering me everytime I
turned on the computer. I am sure there are couple of entries in the
registry, so far haven't had any problems.
 
This is a virus that activates a key logger and steals all you usernames and
passwords. type "key logger" on wowinsider.com. It is installed simply by
running you curser over an ad banner. The fact that Microsoft has this kind
of vulnerability is unforgivable.

To Microsoft I expect answers yesterday. Millions of people are getting
victimized daily by this key logging weakness. There is no excuse for this
and we will be holding you responsible as it executes through IE without
clicking.(according to all acounts.
 
How about a citation? Give some details?

Indeed there have been vulnerabilities which can act exactly as you've
specified, but when they have been publicly known or actively exploited,
Microsoft has patched them. A good deal of third-party software--flash,
java, adobe reader, quicktime--can also have similar vulnerabilties.

So--let's see exactly what vulnerability you are talking about here, before
we blame Microsoft for not patching it?
 
So, I tried to delete the folder it was in but it kept saying it was 'in use
by other user or program' so I couldn't send it to the recycle bin..how can I
get rid of it?
 
This critter has a number of variants over time. Here's a place to start:

How To Remove Xpantivirus (removal Instructions):
http://www.bleepingcomputer.com/forums/topic111715.html

(Courtesy of Robear Dyer, MS MVP)

If this does not do the job for you, I'd urge you to post a message in a
forum associated with the above site--as they will have current information
on the newer variants.
 
Since you are replying directly to Dan's post, it is difficult to know whose
post you are complaining about.

In any case--do you have a problem we can solve, or are you simply here to
offer critiques?
 
Back
Top