XP Cleaner virus

[Mel]

Hello,

I googled for information on something and one of the sites I went to made
my computer suddenly come up with a warning that my privacy had been
violated, possibly had a virus etc.

I have since learned that this is itself a virus. I did not d/l it but just
clicked the X, it however started to try to d/l. I think it was caught in
the Zone Alarm I run but I want to be sure.

I searched how to find if I had a problem but cannot find any of the exe
files and any HKEY that have "XP Cleaner" in them.

Someone told me to restore to an earlier date which I did.

When the restore was going through it asked me something like.." allow
system restore every time computer starts" or something like that, and would
not allow me to continue the restore unless I agreed.

So firstly "can someone please tell me if I did the correct thing?"

However on searching later on how to make sure I did not have this virus on
one site the instruction started with 1. Temporarily disable System Restore
(windows Me/XP)

so secondly "Why would this be the advice?"

I have done a full virus scan but it came up as "no virus."

Thank you for any help.

 

[David H. Lipman]

From: "Mel" <[email protected]>

| Hello,

| I googled for information on something and one of the sites I went to made
| my computer suddenly come up with a warning that my privacy had been
| violated, possibly had a virus etc.

| I have since learned that this is itself a virus. I did not d/l it but just
| clicked the X, it however started to try to d/l. I think it was caught in
| the Zone Alarm I run but I want to be sure.

| I searched how to find if I had a problem but cannot find any of the exe
| files and any HKEY that have "XP Cleaner" in them.

| Someone told me to restore to an earlier date which I did.

| When the restore was going through it asked me something like.." allow
| system restore every time computer starts" or something like that, and would
| not allow me to continue the restore unless I agreed.

| So firstly "can someone please tell me if I did the correct thing?"

| However on searching later on how to make sure I did not have this virus on
| one site the instruction started with 1. Temporarily disable System Restore
| (windows Me/XP)

| so secondly "Why would this be the advice?"

| I have done a full virus scan but it came up as "no virus."

| Thank you for any help.



Actually if you Googled this you would have found it to be non-viral malware in that it is
malware but not a "virus".



1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[Twayne]

Hello,

I googled for information on something and one of the sites I went to
made my computer suddenly come up with a warning that my privacy had
been violated, possibly had a virus etc.

I have since learned that this is itself a virus. I did not d/l it
but just clicked the X, it however started to try to d/l. I think it
was caught in the Zone Alarm I run but I want to be sure.

I searched how to find if I had a problem but cannot find any of the
exe files and any HKEY that have "XP Cleaner" in them.

Someone told me to restore to an earlier date which I did.

When the restore was going through it asked me something like.." allow
system restore every time computer starts" or something like that,
and would not allow me to continue the restore unless I agreed.

So firstly "can someone please tell me if I did the correct thing?"

However on searching later on how to make sure I did not have this
virus on one site the instruction started with 1. Temporarily disable
System Restore (windows Me/XP)

so secondly "Why would this be the advice?"

I have done a full virus scan but it came up as "no virus."

Thank you for any help.

You've done all the right things. It wouldn't hurt to do the HiJackThis
advice I see offered in another thread; it's good protection check.

The reason to disable System Restore is because the virus or whatever it
is could also be stored there. By deleting it, you get rid of it if it
is stored there. Then of course turn System Restore back on as soon as
you've done a Restart with it turned off. All your restore points will
be gone and you start over with them, but that's better than doing a
restore and getting the virus back.

It sounds like you didn't do that, plus you mentioned you did a REstore:
Therefore, it can't hurt anything and could help to go thru the HiJack
This routine. David's advice is right on. And let me reiterate: Post
it ONLY to a recommended site; NOT HERE! Then be patient and await a
response on that location.

HTH

Twayne