This first bit of info is the latter part of a misplaced post.


"C:\Program Files\XPPoliceAntivirus\xppolice.exe" ------------ XPPoliceAntivirus ----------- fakes being a real, actually removable program



Hey Godders. I wanna thank you again for helping me the last time as random virus hit me.

As for the weird xp police virus that i have, like i said it doesnt show up on hjt logs. It did once, i removed it, i didnt hear anything become uninstalled, meaning my computer didnt "make noise" that would lead me to say, its "working" to remove the virus and its registry. So now hjt doesnt recognize it, i dont have full administrator anymore, and i know its still operating, consuming serveral hundred thousand kb/s when it sends out large packets of my goddamn info.

I WILL LEAVE THE LOG HERE TO PROVE TO YOU THAT ITS EMPTY. ONCE AGAIN DONT EVEN BOTHER TO READ THIS LOG ITS COMPLETELY CLEAN, HJT DOESNT DETECT THE VIRUS.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

------------------------------------------- ORIGINAL POST --------------------------


Today while looking for a stupid new "pop" song by lady gaga that is very catchy, i found a virus. I typed in lady gaga and clicked on the first youtube link (which is now taken down) that lead me to "just dance". Well apparently it was a virus, and on my toolbar this popped up: XP Police Antivirus. Completely unofficial fake antivirus that lags my computer and limits my capabilities as an administrator. I can find a few of the files under search (and i sent those files strait to the trash), but my antiviruses don't find anything, my hijackthis found something originally and i tried to remove it, but I KNOW hjt didn't actually uninstall anything b/c i never heard my computer "start up" and begin uninstalling programs.

Well, now its become worse. I can hear it installing programs and making itself more permanent. So logged on solely to post this message. Ill turn it on later and hopefully deal with this b4 the program consumes all facets of my computer.

Worst of all, i cant manually "turn it off" b/c it has removed my task manager capabilities, which i do not know how to reactivate. If anyone knows an antivirus that can cripple this virus, or a way for me to reactivate my task manager so i can turn off the viral programs and begin removing manually... please im all ears.

First and foremost, i'll need to be able to shut this off using task manager so i can begin deleting file after file using file assassin. PLEASE HELP.


----------------------------------------------------

Hi,

Your post is really confusing..

Hijackthis has never detected viruses. HIjackThis only enumerates startup entries.
But.. I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

No, no more new topics for Mobb, please. Mobb, you already have too many going at once. People have answered you and you haven't responded to them .

You have one topic only that you can reply to this one please here:
http://www.lavasoftsupport.com/index.php?showtopic=22687

Sorry Miekiemoes, but this user keeps ignoring responses and start a new topic. This is a waste of everyone's time. He needs to stay with the one topic I have left open for him