Expert: Lorry - 10/22/2008

Question
QUESTION: How can I get rid of the malware or spyware called xp_antispyware that self installed itself on my work computer?
This may have been installed when I was out of the office
and a "tech" person worked on my computer.  I think he must have shut down the XP Firewall and AVG antivirus and not turned them back on.  When I returned from vacation I
found that my computer always starts with the XP Firewall
turned off, and I have to manually turn it on.  Also, now
the AVG Antivirus does not load at start up.  It is no longer showing in the task bar either.  I use the AVG free version.  I have run Ad-Aware and Spybot Search and Destroy,
and the antivirus but still cannot get rid of the xp_antispyware.  This xp_antispyware program keeps saying my computer is infected and shows a red circle with white x
in the task bar.  I saw on the internet that this is a bogus
program that tries to get users to download their program.

ANSWER: Hi Burt,

Am fairly certain you are talking about AntispywareProXP, if yes, the following site has removal instructions:

http://www.symantec.com/security_response/writeup.jsp?docid=2008-091212-1053-99&

To verify, using Internet Explorer, go to:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Click the GO button, then under Virus Detection, click Start. You might be told that you need to download and install ActiveX Controls for the scan to work, answer Yes.

Write down exactly anything it finds, then go to: http://www.symantec.com/search/  and do a search for what was found. Symantec usually has a removal tool and/or directions for removing manually. Make sure that you follow the instructions for removal, step by step, especially the part regarding disabling System Restore.

Also, using the removal instructions above, use the free scan instead of the AVG.

Hope this helps!
Lorry

---------- FOLLOW-UP ----------

QUESTION: The program folder for this spyware/malware was listed
as "xp_antispyware 2008."  No mention of PRO.  I deleted
the folder yesterday, but the program is still popping up
all day long in the system tray. The program had an uninstall program, but it did not work.  I could not run the symantec
scan you mentioned, the activex files could not load.

ANSWER: Hi Burt,

Did you see the tan bar under the Address bar, click that to allow ActiveX to be downloaded and then continue free scan.

Otherwise, you could download a 15 day trialware of Norton AntiVirus 2009 from:

http://shop.symantecstore.com/servlet/ControllerServlet?Action=ContentTheme&Loca

Hope this helps!
Lorry

---------- FOLLOW-UP ----------

QUESTION: Somehow the ActiveX couldn't be downloaded for the
Norton scan.
But I was able to get rid of that spyware/malware program
by uninstalling AVG Antivirus (free), and then reinstalling
it and running it.  AVG found about 122 malware and spyware
including that xp_antispyware program which it healed and removed.  Apparently that xp_antispyware program had corrupted the AVG Antivirus, so reinstalling it worked.
Thanks for your advice.


Answer
Hi Burt,

Usually before removing a virus it is a good idea to disable system restore first, remove the threat, reboot and then enable system restore. By doing that, the threat doesn't stay on the hard drive/Windows.

Glad you got it removed!

Have a great evening!
Lorry