Need help removing malware

[Shannon H.]

My laptop has been infected with the malware "Windows Antivirus Pro". I have
Windows XP Home Edition. The system restore is gone and an error message pops
up saying it has been shut down due to group policy. I have two users and one
of the screeens shows the icon for Windows Antivirus Pro but I cannot access
the add or remove programs from either user. The user with the icon I can
really not do anything from, but the other user I can still do some things it
is just slow. I attempted to remove the program by downloading Malwarebytes'
Anti-Malware but cannot get it to begin scanning. I appreciate any help!

 

[Bennett Marco]

My laptop has been infected with the malware "Windows Antivirus Pro". I have
Windows XP Home Edition. The system restore is gone and an error message pops
up saying it has been shut down due to group policy. I have two users and one
of the screeens shows the icon for Windows Antivirus Pro but I cannot access
the add or remove programs from either user. The user with the icon I can
really not do anything from, but the other user I can still do some things it
is just slow. I attempted to remove the program by downloading Malwarebytes'
Anti-Malware but cannot get it to begin scanning. I appreciate any help!

Have you tried running it in Safe Mode?

 

[Shannon H.]

I have tried running both the software and system restore from safe mode and
I cannot do either one.

 

[Bennett Marco]

I have tried running both the software and system restore from safe mode and
I cannot do either one.

I think you're screwed.

 

[nass]

My laptop has been infected with the malware "Windows Antivirus Pro". I have
Windows XP Home Edition. The system restore is gone and an error message pops
up saying it has been shut down due to group policy. I have two users and one
of the screeens shows the icon for Windows Antivirus Pro but I cannot access
the add or remove programs from either user. The user with the icon I can
really not do anything from, but the other user I can still do some things it
is just slow. I attempted to remove the program by downloading Malwarebytes'
Anti-Malware but cannot get it to begin scanning. I appreciate any help!

How to remove WinAntivirus Pro (Removal Instructions)
http://www.bleepingcomputer.com/virus-removal/winantiviruspro

Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting or you can send it to me on my email
provided at the bottom:
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

Can you please send me a copy at (e-mail address removed),
remove the obvious to email me.
HTH,
nass

 

[Patrick Keenan]

My laptop has been infected with the malware "Windows Antivirus Pro". I
have
Windows XP Home Edition. The system restore is gone and an error message
pops
up saying it has been shut down due to group policy. I have two users and
one
of the screeens shows the icon for Windows Antivirus Pro but I cannot
access
the add or remove programs from either user. The user with the icon I can
really not do anything from, but the other user I can still do some things
it
is just slow. I attempted to remove the program by downloading
Malwarebytes'
Anti-Malware but cannot get it to begin scanning. I appreciate any help!

First, disconnect the system from all networks.
Second, log on an the Administrator level account.
Third, disable the launchers via MSCONFIG.
Fourth, install and run CCLEANER (www.ccleaner.com) and let it clear the
complete contents of the temp and temporary internet files folders.

Fifth, log on in Safe Mode to the Administrator account, locate the Windows
Antivirus Pro folder and rename it. Put an X at the start, or something.
When you restart, you should get some error messages. They are fine.

Now, you should be able to run MalwareBytes.

HTH
-pk

 

[Buffalo]

My laptop has been infected with the malware "Windows Antivirus Pro".
I have Windows XP Home Edition. The system restore is gone and an
error message pops up saying it has been shut down due to group
policy. I have two users and one of the screeens shows the icon for
Windows Antivirus Pro but I cannot access the add or remove programs
from either user. The user with the icon I can really not do anything
from, but the other user I can still do some things it is just slow.
I attempted to remove the program by downloading Malwarebytes'
Anti-Malware but cannot get it to begin scanning. I appreciate any
help!

Try renaming the mbam.exe to something else like gotyou.exe or fyou.exe and
then try to run it.
Buffalo

 

[Barry Schwarz]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://www.ms-mvp.org/

This is not the MVP site despite its fake logos.

The correct MVP site is http://www.mvps.org/.

 

[Tim Meddick]

Use the Remove-it software by the real truth, it will remove that malware
from your system. Choose yes for all options when prompted. Download it here
http://www.ms-mvp.org/

 

[Leonard Grey]

Patrick Butts - masquerading as Tim Meddick this week?

Patrick Butts, no matter who else he claims to be, is a well-known
charlatan in these newsgroups, who tries to get newbies to install
software he copies from legitimate sources and then modifies to harm
your computer. Don't fall for it.

 

[Leythos]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here

PCBUTTS1, you've exposed yourself as the PIRATE/THIEF we all have said
you are.

The file you claim to have known about, claim to have submitted to anti-
virus sites, the file named "obatssrsghde.exe" was a marker inserted
into Stuarts batch file you stole from him, it was a KEY that proves
you're a thief:

For those that don't know, Stuart inserted the obatssrsghde.exe marker
into his batch file to prove, to the community, that PCBUTTS1 / The Real
Truth MVP is actually a lying thief, and PCBUTTS admitted in his own
post that he created the marker and claimed to know what it was - even
claimed to have submitted the malware to anti-virus vendors, but the
joke was on him, Stuart told everyone in the community about it BEFORE
it appeared in PCBUTTS1 download.... There is no actual file named
obatssrsghde.exe in the malware community, it was a ruse.

The key is in the spelling (shifted one character):

obatssrsghde.exe
pcbuttsthief

If you change (add) 1 character to each letter you will see that
"obatssrsghde" is actually the marker "pcbuttsthief" - proving that
PCBUTTS1 is a thief.

Are there other markers - YES, does PCBUTTS1 know about them - no,
they've been there for a long time, but this is the most obvious one.

Face it Chris/PCBUTTS1/TRT, you've exposed yourself in public.