XPSecurityCenter

[surfpick]

I ran Avast successfully last night but when it finished, the XPSecurityCenter malware is still on my computer.

It's a red ball on my taskbar with a white X on it.
It makes popping noises every few minutes.
It occasionally takes over your browser, when you attempt to navigate a website,
telling you that your websurfing is unsafe and to run their scan,
which is a fake scan, which advises you to send them $45 for a 'cure'.

This virus appeared very authentic at first.
I assumed it was just Microsoft notifications.
I emailed them and got a response with a download to 'remove' the notices
but I had realized by that time that they were not legitimate.
Apparently it is a Russian scam.

How do I get rid of this thing?

[Lisandro]

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

Also, for the rogue program:
RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.

Check http://www.malwarebytes.org/rogueremover.php

[surfpick]

Thank you Sir.
I tried the Rogue Remover first but it didn't seem to have anything regarding the XPSC and it didn't remove it.
I cleared my cache and personal files and looked at my Temp folders but I'm not sure what to delete and what not to touch there.
I disabled 'Restore System' yesterday, before trying the Panda scanner, which never finished scanning.

I am now going to try your step 3, which seems like it might take a full day or so,
since I tried rerunning it last night on 'thorough' and it was only at 32% this morning.
I'll check back in when it finishes scanning. Thanks much. I owe you.

[CharleyO]

***

Welcome to the forums, surfpick.   

As far as what is in the Temp folder is concerned, you can delete anything in it that is not in use when you do this. They are temporary files and as such, are only needed when in use. These files are not likely to be needed again but if they are, they will be recreated at the time of need.


***

[polonus]

Hi here is a link for manual removal: http://www.tongjimba.com/antivirus/howtoremove/howtoremove_290.html

polonus

[surfpick]

***

Welcome to the forums, surfpick.   
As far as what is in the Temp folder is concerned, you can delete anything in it that is not in use when you do this.

Thank you. It seems to have worked without having deleted the Temp.



***

Hi here is a link for manual removal: http://www.tongjimba.com/antivirus/howtoremove/howtoremove_290.html


Thank you. That looks a little beyond me but fortunately, all seems to be well now.


polonus

I suggest:

1. Disable System Restore and reenable it after step 3.
check

2. Clean your temporary files.
skip

3. Schedule a boot time scanning with avast with archive scanning turned on.
check ( XPSecurityCenter icon gone )

4. Use SUPERantispyware to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
check

5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit
check

6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
check (log follows post)

7. Immunize your system with SpywareBlaster
check

8. Check if you have insecure applications with Secunia Software Inspector.
check (updated and ran it again but it's not registering the changes yet)

aswar.log

avast! Antirootkit, version 0.9.6
Scan started: Monday, June 23, 2008 5:05:55 PM

Scan finished: Monday, June 23, 2008 5:22:21 PM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

Thanks a lot Tech, for making it simple, yet thorough.


Do any of you happen to play guitar?

[Lisandro]

One last thing rests... on-line scanning... choose one:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

[surfpick]

One last thing rests... on-line scanning... choose one:
Kaspersky (very good detection rates)
BitDefender (free removal of the malware)

I started running Kapersky but went to bitdefender instead, since it will remove any malware.
Gonna run it now. My desktop is loaded now!
Sure is great to be rid of that nasty Russian bug.
Thanks again!

[Lisandro]

Sure is great to be rid of that nasty Russian bug.
Thanks again!

You're welcome. Feel free to come back any time you need help or just to change experiences

[CharleyO]

***

It is always good when someone comes back to let us know the problem has been solved.   

Please come back often, learn more, and maybe help others.


***

[surfpick]

***
It is always good when someone comes back to let us know the problem has been solved.   
Please come back often, learn more, and maybe help others.
***

Sure is great to be rid of that nasty Russian bug.
Thanks again!

You're welcome. Feel free to come back any time you need help or just to change experiences

If I hear of anyone else who gets bitten by this bug, or any other,
I'll be sure to direct them to this great place.
I wish you guys were real estate lawyers too.

[davide1971]

If I hear of anyone else who gets bitten by this bug, or any other,
I'll be sure to direct them to this great place.
I wish you guys were real estate lawyers too.
[/quote]


Hello I have the same problem with this horrible XPSecurityCenter... Can't get rid of it: it blocks every page I try to open and prevents me from accessing those sites with online resolutions... PLEASE HELP ME!
Davide

[CharleyO]

***

Welcome to the forums, davide1971.   

Have you tried the above advice given by Tech & Polonus?


***

[davide1971]

Hello Charley
Yes I tried every single antivirus suggested prior to my post, but it was quite impossible to solve the problem as the virus blocked the download or I was eventually asked to buy the product that scanned my pc (Kampesky and BitDefender were blocked).
I had to take AVAST away from my pc in order to download any other antivirus but the only one that actually did not make problems so far is ESET NOD32 in the trial version... AVAST home edition did not detect any virus on my pc, just for information. Now that I am scanning the pc using ESET no problem has come up yet... I will let you know if it end up successfully.
What do you suggest to do next? Buy some antivirus from AVAST of ESET or use some Free edition?
I am not skilled enough or experienced enough to decide whether it is best to go on using free editions or buy one
thanks for your support as AVAST expert.
Davide

NOTE: ESET NOD32 just scanned my pc UNSUCCESSFULLY!! XP SEC CENTER is stil in it! It was detected when using the internet on line scan but not after installing the trial version! is this an attempt to sell some specific program???
I am very UPSET! sorry....

Apologies for the words above, now I am re-reading all the quotes and I understand viruses malware & co. are a really serious problem that cannot be fought with standard, free of charge or trial antiviruses... I see there are many operations (boot scan and so on ) and specific programs that can be bought, but please forgive my total ignorance: I am just a very normal user of a pc for the first time infected by a stupid but serious malware I can't get rid of. Any further help appreciated. :-)

[davide1971]

***

Welcome to the forums, davide1971.   

Have you tried the above advice given by Tech & Polonus?


***

GOOD NEWS!
Got rid of it using the combination of ESET NOD32 that blocked the virus POPUPS in addition to SPYWARE TERMINATOR.
THANK YOU ALL GUYS I FEEL SAFER.
davide