Skip to content


Reply
Stone Emissary
arath
Posts: 10
Registered: ‎01-10-2010
Accepted Solution

XP Guardian 2010

Has anyone else had this problem? 

 

Also, I am providing a hijack text file to see if anything needs to be taken off :/

Please use plain text.
Trend Micro Employee
2Ez4Cy
Posts: 26
Registered: ‎02-11-2010

Re: XP Guardian 2010

Hi arath,

 

Upon checking the HJT log file, I noticed that there's a malicious file that's running on the machine:  C:\Documents and Settings\Vicky\Local Settings\Application Data\av.exe

 

You can manually stop this process via the Task Manager then manually delete the file.  You can also run a scan using Housecall or any Trend Micro product and it should be caught as TROJ_NOSECUR.MCS.


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Stone Emissary
arath
Posts: 10
Registered: ‎01-10-2010

Re: XP Guardian 2010

I did the Task Manager and I think I manually deleted the trojan, but I am still having trouble with the XP Guardian.  However, it is now called XP Antivirus Pro.  It changed sometime ago.

Please use plain text.
Trend Micro Employee
2Ez4Cy
Posts: 26
Registered: ‎02-11-2010

Re: XP Guardian 2010

Hello arath,

 

Try running a scan using Housecall and check if the FakeAV infection will be fixed.  If not, attach a new copy of the HJT log here so that we can check it again.


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Stone Emissary
iliketechy
Posts: 13
Registered: ‎02-18-2010

Re: XP Guardian 2010

arath, have you read removal instructions at bleepingcomputer.com? If not, then i think you should.

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

 

And slightly different removal instructions in this blog post: how to remove XP Guardian

 

I hope this will help you. Good luck!

Please use plain text.
Trend Micro Employee
JamzYaneza
Posts: 104
Registered: ‎08-12-2009

Re: XP Guardian 2010

This batch of FAKEAV uses the same binary but changes the presented GUI, its one more way for the bad guys to confuse cleanup. Try the instructions here, then post your new HijackThis results.


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.