I've been attacked by the dreaded XP Antivirus 2009

Hi,
Thank you all at MajorGeeks for welcoming me and offering help to all of us technically-less-than-stellar folk out here.

I have been reading your forums for similar issues and trying to follow your advice, but to no avail. The other day while watching anime video my computer automoatically restarted itself and I got the annoying red circle with white X stating "Windows has detected spyware...click here to download the latest tools..." I didn't click on it. Tried to delete it but couldn't find the offending file. Also, it has disabled my Norton's Antivirus.

The next day, the computer restarted itself again and XP Antivirus 2009 loaded itself. I was able to delete it from msconfig and registry and get rid of it. Still have the annoying red circle s/ white x pop up. I discovered the culprit: file named "brastk.exe" but can't delete it. Here's what I tried:

Went to safe mode, checked msconfig and regedit for offending files. Unchecked brastk.exe and another file with string of numbers and letters (can't remember, but started with rch and there was a j0e in there, associated with the xp antivirus) from the startup menu, went to registry and deleted xp antivirus - couldn't find the brastk.exe there. Deleted my internet temp files and cookies. Did system restore to before I got the malware. Still had red circle popup and Nortons still won't work. Downloaded spybot s&d. It has been stopping the bratsk.exe file from reloading itself on my registry, but can't get it to open and do a full scan. Downloaded SuperAntivirus but also can't get it to open. (Tried in safe mode and regular mode).

Now I have an icon on my desktop for XP Antivirus 2009 that won't delete. I again found the brastk.exe in C:\Windows\System32 and tried to delete it, but it wouldn't let me.

Appreciate any help!!! Thanks, izzerbean

 

http://www.majorgeeks.com/images/grenade.gifWelcome to MajorGeeks.com!http://www.majorgeeks.com/images/grenade.gif

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Thank you! Thank you! Thank you, bjgarrick! My computer is finally clean and working better than ever. I followed the "Run me Read me" guide - and the Windows XP Cleaning proc - SuperAntispyware and Spybot S&D installed but would not run, as the malware was blocking them, I think. Then I installed and ran Malwarebytes and it got rid of everything. I have toggled system restore, and so far, no return of the dreaded red circle/white x.

I am attaching the log from the malwarebytes scan (as a word file as I couldn't figure out how to attach the actual log...)

Thanks again for your support and guidance!

 

I would recommend finishing the steps from the cleaning procedure and attaching the other requested logs. Just because you're not having noticeable issues doesn't mean you are clean. It's up to you but I recommend it.

 

Hi,

It has taken me some time to block out time to finish the cleaning procedure. On your advice, I finished the steps. I am attaching the logs from MGTools. (Will have to do this in a couple of posts as it will only let me attach 3 at a time....). Please advise if I have to take further action. The computer is still running fine and no re-emergence of the Antivirus 2009!!!

I have another question - In order to run the new tools I ended up uninstalling Norton's, which I had renewed last May. The product I have is Norton Antivirus 2004 - we just keep updating it. Is it worth it to re-install?

Thanks again for all your help!

 

Here are the remaining logs from MG Tools:

 

And still more logs (I think there must be a way to get them in one file, but I couldn't figure it out....)

 

No! I would recommend Avast! AntiVirus or AVG AntiVirus over Norton anyday. The primary reason is they are both free and use a lot less resources than Norton.

I will provide you links and information in my final instructions.

 

Yes, there is a better way. When you download and run MGTools.exe, it's creates a ZIP file, this is what we request be attached.

Download a fresh copy of MGTools.exe and run it once more and attach the logs it produces.

See, Using MGtools for more information.