Malware "XP Internet Security 20102"

  tapyeno 19:37 28 Jun 2011

I had the malware: “XP Internet Security 2012” on my computer. It disabled my firewall till I corrected it with AVG. I was unable to remove it and it lept telling me I had dangerous Trojans on my PC. I looked it uo and foiund it was a virus irself! I found when I tried to open Spybot pop ups would come saying Spybot was a dangerous virus. The same message came when I tried to load the “Microsoft Malicious Removal Tool” I tried using System Restore to see if that would help, but again the same message came up saying that was a harmful virus.

All of a sudden my AVG kicked in and a message came up saying that I had malicious malware on my computer and did I want to quarantine it. The message had the AVG Logo on it so I trusted it, and it removed it. I am no longer getting pop-ups or messages from “XP Internet Security 2012.” However, now I have a new problem! When I try to open programmes such as i-tunes, internet explorer, spybot and even hearts then I am now getting a box appearing asking me what I want to open the programme with. I am unable to open them from the Start Menu or from the Desktop! I tried ‘System Restore’ and got the same message.

I managed to open Internet Explorer by going to Owner/ Favourites and then clicking on an icon there and Internet Explorer came on. I presume that this “XP Internet Security 2012” has done some damage to my PC!

Any suggestions?

  rawprawn 19:39 28 Jun 2011
  tapyeno 20:23 28 Jun 2011

The PC running very peculiarly. Would the virus have been removed by AVG or would it still be lurking in the background? (I am using another one here!)

  birdface 21:32 28 Jun 2011

Try this just to see if it helps.

To remove false security programs

  1. Turn off computer ,then turn on and start tapping F8
  2. When the Advanced startup options appear Select Safe mode With Networking
  3. Open internet explorer goto ,download Hitman pro "32-bit or 64-bit depending on your Os"
  4. Run Hitman pro ,let this scan the computer
  5. Activate Free Licence
  6. Reboot Pc

Infection Removed..!

  Taff™ 04:29 29 Jun 2011

Rawprawn's link is the one I used this week to remove this from a client computer. The instructions are on Bleeping Computer website Removal Instructions and the method that works is headed:

"Automated Removal Instructions for Win 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 using Malwarebytes' Anti-Malware:"

  tapyeno 07:26 29 Jun 2011

Pop-ops have now stopped since AVG apparently quarintined "XP Internet Security 2012" I have also scanned with Hitman Pro as recommended above.

PC acting strangely though. I am unable to open programmes from Start Menu or from Desktop. Keep getting the box "Open With" To open Internet Explorer am having to go to my 'favoutites' folder and open it from there!

Have tried System Restore, but am getting the message "rstrui.exe is not a valid win 32 application."

Do I need to go through the process of removing the Malware again or is it another problem I need to address which was probably caused by the Malware?

Wouls appreciate some advice.

Thank you

  Taff™ 07:42 29 Jun 2011

On the bleeping computer site the instructions included running FixNCR.reg which should restore the functionality to executable files. Did you read that and follow the full Bleeping Computer Instructions? Im afraid that AVG quarantining and running HitmanPro doesnt fully cure it.

  tapyeno 20:41 29 Jun 2011

Thanks to all for their help. Used Removal Instructions on Bleeping Computer website and my PC is fine again!


  Taff™ 21:05 29 Jun 2011

Great stuff! Can we have some ticks for resolved on the post as well?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?