XP Home Security is a virus disguised as an anti-virus, also known as Hostage Ware. I'm really clueless as to how I get rid of it. The anti-Virus programs I have are no help, and I cannot find the program anywhere on my computer to delete it manually. I need help with this.
-
Hi all. We have had reports of member's signatures being edited to include malicious content. You can rest assured this wasn't done by staff and we can find no indication that the forums themselves have been compromised.
However, remember to keep your passwords secure. If you use similar logins on multiple sites, people and even bots may be able to access your account.
We always recommend using unique passwords and enable two-factor authentication if possible. Make sure you are secure. -
Be sure to join the discussion on our discord at: Discord.gg/serebii
How do I delete XP Home Security off my computer?
- Thread starter MugoUrth
- Start date
ShinySandshrew
†God Follower†
Well, here's what I've found. All of this is from an article I read, so here's what to do if you're running Windows (if you're not, then it):
I hope this takes care of your problem, MugoUrth! If you have any questions, feel free to let me know!
[Directions taken from this article]
- 1 When XP Home Security gives you an alert saying your computer is at risk, open Task Manager by hitting Ctrl+Alt+Del (if necessary, select Task Manager from the menu that pops up)
- 2 If XP Home security shows up under the tab labelled, "Applications," right-click on XP Home Security and select "Go To Process"
- 3 Right-click on the process that it switches to and select "End Process." It should be a random string of characters followed by ".exe."
- 4 The article I looked at suggested that you update your anti-virus software and scan your computer next. The article suggest using Malwarebyte's Anti-Malware and SuperAntiSpyware Portable Scanner. I've used the first one and it seems decent, but I haven't heard of the second one, so I can't tell you well it works.
- 5 They list some things that the virus adds to your computer:
Malicious Files Added by XP Home Security 2011:
c:\[random].exe
c:\Program Files\XP Home Security 2011
c:\Program Files\XP Home Security 2011\HS2011.exe
c:\WINDOWS\system32\[random].exe
c:\WINDOWS\system32\winhelper86.dll
c:\WINDOWS\system32\winlogon86.exe
c:\WINDOWS\system32\winupdate86.exe
XP Home Security 2011 Registry Entries:
Vista Security 2011 Registry Entries:
HKEY_CURRENT_USER\Software\HS2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “XP Home Security 2011″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “winupdate86.exe” - 6 The next thing to do is edit the registry to remove harmful keys. They list how to that here. But be warned! You can really mess up a computer by doing this if you're not careful. Make sure to back up the registry before you make changes in case you mess things up.
- 7 Next, they say to prevent XP Home Security from running at start up. To do so, click Start then Run, then typemsconfig on the "Open" dialog box. Go to the Startup tab and uncheck something that looks like this [random characters].exe (everything before the .exe should be random characters.
- 8 Click Apply and restart your computer.
I hope this takes care of your problem, MugoUrth! If you have any questions, feel free to let me know!
[Directions taken from this article]
Maylu Sakurai
Dawn's ultimate Fan!
you could try to boot into safemode with networking and download malware bytes and spyware vanisher if the virus appears there as well which some can if u have a second computer and a blank cd get UBCD for win download it and burn it to a cd i recommend using a XP based computer or a vista or windows 7 pc but have a windows xp CD or a windows xp cd image on hand and create a UBCD windows disk boot on that and run the apps that take care of this
Antivirus 2011 and versions are pretty horrible. The longer you leave them on there, the worse they get. Depending on how long you've left it on there, one of the few options left would be strapping the hard drive to another PC. There's simply not an easy way to get this thing off the PC it's attached itself to.
I've noticed Antivirus 2011 is really running rampant in Google image search right now. If you get that pop-up that closes your browser and tells you it needs to scan system files, just close your browser through task manager. Yes means yes, no means yes and [X] means yes. Edit: SkittyOnWailord brought up ALT+F4, and that also means yes...
In that aforementioned post, MalwareBytes is a great program. It's known to get stuff the bigger AVs miss. I suggest running it after you run Avast!. Super Anti-Spyware is also pretty good. They're both in a list of AVs I have for disinfection usage.
:025ball:
If you can get to safe mode (NO networking), then do that, but if you can't, try to do it from normal boot:
Starting off with Start => Run => MSCONFIG, startup tab:
Anything with random letters just uncheck. Anything with "unknown" that you don't know the name of, might wanna uncheck. You're gonna have to stretch the command portion, but anything with rundll32.exe you might want to uncheck. Anything with "filename",Startup uncheck.
Now I'm a techie, and I'll actually follow those command filenames back to the source...(IE C:\Windows\adkjfad.exe) and try to delete it from there.
Changing things and applying the settings in MSCONFIG requires a restart - restart either to safe mode with networking or normal boot.
If you can get to the Internet (if the virus hasn't already changed the proxy for your browsers yet...), then download Avast! antivirus. This AV is very useful in the way that it has "boot-time" scanning. Scans before getting into Windows so viruses don't have the chance to start yet.
If you can't get to the Internet, I'd suggest putting it on a CD (as to not risk the security of a flash drive) from another computer to install it.
If you download then it won't let you install/run it in either mode...uh...it's probably about time to go have someone strap the hard drive into another computer and try to disinfect it that way. (Connect hard drive, schedule boot scan for connected hard drive letter, restart, run several more virus scans on it - fairly easy MOST OF THE TIME, but last resort.)
Here's directions for performing a boot-time scan through Avast!. I personally don't use this AV so I'm not sure if this is out of date...but if it is, it shouldn't have changed much.
http://www.schmahl.net/avastbootscan.php
You also have to manually take care of infected files when Avast! finds them. This is a guide that generally explains that here.
http://help.artaro.eu/index.php/gen...rams/avast-free-antivirus-boot-time-scan.html
I would try running another scan of Avast! after that, then MalwareBytes and possibly even another AV after this like AVG. Multiple AVs searching does more good than you'd think, though it takes hours and hours.
As for registry files, they're very iffy. I really wouldn't suggest an average-level user to mess with them as you can turn things sour very quickly. This includes those programs that clean the registry; they're known for messing things up too.
Anyway, I hope you can get it fixed (if you haven't already lol, it's been three days).
I've noticed Antivirus 2011 is really running rampant in Google image search right now. If you get that pop-up that closes your browser and tells you it needs to scan system files, just close your browser through task manager. Yes means yes, no means yes and [X] means yes. Edit: SkittyOnWailord brought up ALT+F4, and that also means yes...
In that aforementioned post, MalwareBytes is a great program. It's known to get stuff the bigger AVs miss. I suggest running it after you run Avast!. Super Anti-Spyware is also pretty good. They're both in a list of AVs I have for disinfection usage.
:025ball:
If you can get to safe mode (NO networking), then do that, but if you can't, try to do it from normal boot:
Starting off with Start => Run => MSCONFIG, startup tab:
Anything with random letters just uncheck. Anything with "unknown" that you don't know the name of, might wanna uncheck. You're gonna have to stretch the command portion, but anything with rundll32.exe you might want to uncheck. Anything with "filename",Startup uncheck.
Now I'm a techie, and I'll actually follow those command filenames back to the source...(IE C:\Windows\adkjfad.exe) and try to delete it from there.
Changing things and applying the settings in MSCONFIG requires a restart - restart either to safe mode with networking or normal boot.
If you can get to the Internet (if the virus hasn't already changed the proxy for your browsers yet...), then download Avast! antivirus. This AV is very useful in the way that it has "boot-time" scanning. Scans before getting into Windows so viruses don't have the chance to start yet.
If you can't get to the Internet, I'd suggest putting it on a CD (as to not risk the security of a flash drive) from another computer to install it.
If you download then it won't let you install/run it in either mode...uh...it's probably about time to go have someone strap the hard drive into another computer and try to disinfect it that way. (Connect hard drive, schedule boot scan for connected hard drive letter, restart, run several more virus scans on it - fairly easy MOST OF THE TIME, but last resort.)
Here's directions for performing a boot-time scan through Avast!. I personally don't use this AV so I'm not sure if this is out of date...but if it is, it shouldn't have changed much.
http://www.schmahl.net/avastbootscan.php
You also have to manually take care of infected files when Avast! finds them. This is a guide that generally explains that here.
http://help.artaro.eu/index.php/gen...rams/avast-free-antivirus-boot-time-scan.html
I would try running another scan of Avast! after that, then MalwareBytes and possibly even another AV after this like AVG. Multiple AVs searching does more good than you'd think, though it takes hours and hours.
As for registry files, they're very iffy. I really wouldn't suggest an average-level user to mess with them as you can turn things sour very quickly. This includes those programs that clean the registry; they're known for messing things up too.
Anyway, I hope you can get it fixed (if you haven't already lol, it's been three days).
Last edited:
CrobatOwns
Back from the dead!
Is there important data?
If not, the easiest thing to do is reformat and install XP. Or buy 7^^
Else, boot in safe mode and find all the files you can and delete it, and try SAS and MBAM again updated, since the databases were prolly out of date due to the malware blocking them.
If that doesn't work, get an ubuntu disk from a friend, boot from it and open Firefox, and upload all your important files using the live disk to Adrive or something
Gl
If not, the easiest thing to do is reformat and install XP. Or buy 7^^
Else, boot in safe mode and find all the files you can and delete it, and try SAS and MBAM again updated, since the databases were prolly out of date due to the malware blocking them.
If that doesn't work, get an ubuntu disk from a friend, boot from it and open Firefox, and upload all your important files using the live disk to Adrive or something
Gl
Microsoft Security Essentials uses a little building in the taskbar.
The red shield with white X was still used by XP to alert you that the Windows Firewall, Automatic Updating or antivirus checker was turned off... It whines that one/all of those aren't active through a balloon notification, but usually only does it once.
Because of that, I wouldn't say it would ALWAYS be home security/antivirus, but those mainly use that icon for their program for obvious reasons. If it's antivirus, it likes popping up a balloon notification from that icon whining about ### of viruses/infections on your computer all the time.
I've just begun experiencing the same problem. My laptop seems to be very vulnerable to trojan infections, this being the second in less than two weeks. McAfee is proving to be perfectly useless.
If I'm going to download Avast, should I remove McAfee first? I have Malwarebytes already, I'm just not sure which programs constitute a second actual antivirus protection software - and you're not supposed to have more than one at a time, I know.
Incidentally, the XP trojan has somehow disabled Malwarebytes, and even stops its usage in safemode (with networking). McAfee, of course, doesn't do a thing. And I can get onto internet explorer - even to my home page - but every single navigation after that is halted and redirected to a security warning by the XP trojan. The account I'm on now has no privileges like downloading or saving (indeed the only reason I can use it is because it's got some glitch that completely refreshes it to factory settings each time it's accessed), so if anybody knows a failsafe way for me to download and run Avast, or to reenable Malwarebytes, I'd appreciate their mentioning it here.
(Sorry to hijack your help thread, MugoUrth! =P)
If I'm going to download Avast, should I remove McAfee first? I have Malwarebytes already, I'm just not sure which programs constitute a second actual antivirus protection software - and you're not supposed to have more than one at a time, I know.
Incidentally, the XP trojan has somehow disabled Malwarebytes, and even stops its usage in safemode (with networking). McAfee, of course, doesn't do a thing. And I can get onto internet explorer - even to my home page - but every single navigation after that is halted and redirected to a security warning by the XP trojan. The account I'm on now has no privileges like downloading or saving (indeed the only reason I can use it is because it's got some glitch that completely refreshes it to factory settings each time it's accessed), so if anybody knows a failsafe way for me to download and run Avast, or to reenable Malwarebytes, I'd appreciate their mentioning it here.
(Sorry to hijack your help thread, MugoUrth! =P)
ShinySandshrew
†God Follower†
Let me crack open my textbook on computer repair and see what I can find...
Here's what I suggest: if you can, try using a friend's computer to download a program called RKill. It can stop malware from running. I would suggest copying it to a CD and installing it. (Unless you're using a netbook, then copy it to a flash drive. But as a precautionary measure, disable the autorun feature for flash drives.)
I would suggest booting into Safe mode (without networking) and then running RKill. RKill doesn't need to be installed, so you don't have to worry about it not installing. If you can't get RKill to run, try right-clicking on the RKill and selecting "Run as Administrator."
One thing I want to warn you about when using RKill: it only stops currently running processes. Don't restart your computer right after using RKill because that could just make the problem come back. Do a virus/malware scan right after using RKill. If you can't get Malwarebytes to run after running RKill, you could try uninstalling and re-installing Malwarebytes. This is kinda tricky (not to mention dangerous), but once you boot into Safe Mode, you can edit the Registry to try and get rid of some things associated with the virus. But before you do, back up the Registry! You can find out how to do that here. (In addition to the methods listed in the link, you can make a copy of the Windows folder, System32.)
With XP, click Start>Run>type in regedit.exe and hit Enter. For Vista/7 type regedit into the Start Search box. You can delete individual keys or entries that are associated with the virus. I believe I posted a list of some registry keys that might be associated with XP Home Security. But this is something you should do only if you know what to look for. If you go deleting stuff will-nilly, you could seriously mess up your computer.
As CrobatOwns said, if you don't have important data on your computer, you can format the hard drive and reinstall your operating system. If you do have important data on the computer, it would be best to copy it off first. (But do a malware scan on the media you transferred it to when you try to access it with another computer.)
I hope this helps you out, Profesco! If you have any questions or problems, let me know!
Maylu Sakurai
Dawn's ultimate Fan!
once you get it off i recommend you get avast microsoft software isnt getting the variants and avast would instantly block the download and what ever you do start using firefox most viruses come through security holes in internet explorer
LalsErekeerve
Banned
Iron Invader Film Out
Mirrors 2 film with good quality Hanna Download where to download the Gacy House movie Download Salt Movie In Hd About The 51 online Golkonda High School Official Trailer Full The Real Robin Hood Film Downloads where can i download the Rare Exports trailer Death Race 2 Movie Hd Download 88 Minutes movie summary Jack and the Beanstalk Movie Rating Download Hellweek Film In Hd Quality free downloads Who Is Clark Rockefeller? Where To Buy The The Last Airbender Movie watching Shut Up and Kiss Me online watch the Our Family Wedding film Alpha and Omega movie 2010 Download Divx Battle of Los Angeles Movie place Urumi Where To Buy The Red Riding Hood Movie Hellweek The Film High Quality Dinocroc vs. Supergator The Full Film To Watch Download Airline Disaster Movie 2010 The Soul Surfer Download Full Movie Full The Pool Boys Film Good Quality watch Circle of Pain the movie in hd Predators direct download Hi-def The Japanese Wife Movie Legal Waiting for Forever Movie Download where to watch the full Groupie movie The No One Killed Jessica Full Movie Online Meet Joe Black film synopsis Website To Watch Street Kings: Motor City The Movie Full Movie The Twilight Saga: Eclipse Valentine's Day Movie Download Blogspot Download Whole Sacrifice Movie Largo Winch (Tome 2) film in english to download Where Can I Buy The Way Back Movie I Want To Watch The Full Movie Of Arthur online Hall Pass movie clips download How To Watch The Rig Movie Download The Thomas & Friends: Misty Island Rescue Thomas & Friends: Misty Island Rescue movie download good quality Watch The Full Movie Of Kvinden der dromte om en mand online Watch All Good Things Movie Hd Download For Dil Toh Baccha Hai Ji The Movie Jianyu Download Full Movie
Mirrors 2 film with good quality Hanna Download where to download the Gacy House movie Download Salt Movie In Hd About The 51 online Golkonda High School Official Trailer Full The Real Robin Hood Film Downloads where can i download the Rare Exports trailer Death Race 2 Movie Hd Download 88 Minutes movie summary Jack and the Beanstalk Movie Rating Download Hellweek Film In Hd Quality free downloads Who Is Clark Rockefeller? Where To Buy The The Last Airbender Movie watching Shut Up and Kiss Me online watch the Our Family Wedding film Alpha and Omega movie 2010 Download Divx Battle of Los Angeles Movie place Urumi Where To Buy The Red Riding Hood Movie Hellweek The Film High Quality Dinocroc vs. Supergator The Full Film To Watch Download Airline Disaster Movie 2010 The Soul Surfer Download Full Movie Full The Pool Boys Film Good Quality watch Circle of Pain the movie in hd Predators direct download Hi-def The Japanese Wife Movie Legal Waiting for Forever Movie Download where to watch the full Groupie movie The No One Killed Jessica Full Movie Online Meet Joe Black film synopsis Website To Watch Street Kings: Motor City The Movie Full Movie The Twilight Saga: Eclipse Valentine's Day Movie Download Blogspot Download Whole Sacrifice Movie Largo Winch (Tome 2) film in english to download Where Can I Buy The Way Back Movie I Want To Watch The Full Movie Of Arthur online Hall Pass movie clips download How To Watch The Rig Movie Download The Thomas & Friends: Misty Island Rescue Thomas & Friends: Misty Island Rescue movie download good quality Watch The Full Movie Of Kvinden der dromte om en mand online Watch All Good Things Movie Hd Download For Dil Toh Baccha Hai Ji The Movie Jianyu Download Full Movie
Hmm. I was in the account again today - safemode version - and it was having difficulty opening such basic programs as Add/Remove Programs. The error message it gave mentioned problems with things that had "rundll32.exe" in their names. =/
Wow! I had no idea you were a budding tech wizard, ShinySandshrew. This is great, thanks. =D
I'm not sure about trying to edit my registry. The virus appears to have weedled itself into very basic and/or important things. And I honestly wouldn't know what I was doing, meh.
Maybe you know: how do I format the hard drive and reinstall the OS? Or, would reverting the laptop back to its out-of-the-box condition (I can't think of what you call that) get rid of the virus? I don't know, since it seem to have taken root quite strongly. =s
Last edited:
Maylu Sakurai
Dawn's ultimate Fan!
there should be recovery drive called Recovery (D
in my computer if there is then you can use it to run a destructiive restore but to access restore mode depends on your OEMShinySandshrew
†God Follower†
Ooh. Not good. When such basic programs as that start messing up, you're in trouble.
Your welcome! I'm learning this kind of stuff at college right now.
Understandable. The registry is a dangerous place. BTW, if any wants to know how to make your computer display (not change the actual speed) a different processor speed, send me a PM.
I do, indeed know. Depending on your laptop, there may be something that displays near the bottom of the screen at some point during boot. It may read something like, "Press F12 to enter System Recovery." If so, press that and read the on-screen instructions to re-install your OS. A crucial thing to remember when re-installing the OS to get rid of an infection: always format the hard drive! If you don't, the virus could still be hanging around.
Here are the steps to re-install your OS from a disc, and wipe the hard drive:
Step 1: Obtain a Windows disc. Your computer may have come with one, or you may have to make one yourself. (If your computer didn't come with a disc, let me know Profesco and I'll post the steps for what to do.)
Step 2: We need to be able to boot from the computer's disc drive. During your computer's boot process, you should see a message telling you to hit some key combination to access something called BIOS or boot sequence. The keys may be something like F2 or something weird like ctrl+F3. Once you enter hit those keys, wait for the BIOS to load. (If your computer says (advanced setup, you may have to select an option to take you to the BIOS. Every computer is different. =/) Look for something like "primary boot device" or "boot order." There should be an option for CD/DVD drive. Select that option (or move it to the top, depending on your computer. Now would be a good time to put your Windows disc into the disc drive. Exit the BIOS, saving changes. Your computer will restart.
Step 3: As the computer boots, you will see a message saying press any key to boot from the disc drive. Press any key that you feel like. (Just don't go searching for the "Any" key. That's a joke my teacher likes to use.) After you wait for the installation process to start up (it takes a while), it will ask if you want to install Windows, or repair it. Select the option to install.
Step 4: The computer bring up a screen asking where you want to install Windows. If you're using XP, hit the D button on each partition listed to remove it. If you're using Vista, click on a partition, and select advanced options, then select format. After you've removed all partitions, select the blank space as the place to install the OS. The computer should now give you an option to format the partition you're installing the OS on. Select the option to do a quick format and to format it as NTFS.
Step 5: Now comes the hardest part: waiting. Your computer will do some work while you sit there and wait for it. Respond to the on-screen options as they appear. Also, if the installation process ask if you want to set up an Internet connection, don't do that yet. Once the desktop appears, you're done...sorta...
Step 6: The first thing to do is to install an anti-malware tool. Make sure you do this before you setup an Internet connection, else you run the risk of getting infected. After you've installed the anti-malware program and setup an Internet connection, you should update the anti-malware program. Next, check for updates. After you've done that, you're good to go!
Step 2: We need to be able to boot from the computer's disc drive. During your computer's boot process, you should see a message telling you to hit some key combination to access something called BIOS or boot sequence. The keys may be something like F2 or something weird like ctrl+F3. Once you enter hit those keys, wait for the BIOS to load. (If your computer says (advanced setup, you may have to select an option to take you to the BIOS. Every computer is different. =/) Look for something like "primary boot device" or "boot order." There should be an option for CD/DVD drive. Select that option (or move it to the top, depending on your computer. Now would be a good time to put your Windows disc into the disc drive. Exit the BIOS, saving changes. Your computer will restart.
Step 3: As the computer boots, you will see a message saying press any key to boot from the disc drive. Press any key that you feel like. (Just don't go searching for the "Any" key. That's a joke my teacher likes to use.) After you wait for the installation process to start up (it takes a while), it will ask if you want to install Windows, or repair it. Select the option to install.
Step 4: The computer bring up a screen asking where you want to install Windows. If you're using XP, hit the D button on each partition listed to remove it. If you're using Vista, click on a partition, and select advanced options, then select format. After you've removed all partitions, select the blank space as the place to install the OS. The computer should now give you an option to format the partition you're installing the OS on. Select the option to do a quick format and to format it as NTFS.
Step 5: Now comes the hardest part: waiting. Your computer will do some work while you sit there and wait for it. Respond to the on-screen options as they appear. Also, if the installation process ask if you want to set up an Internet connection, don't do that yet. Once the desktop appears, you're done...sorta...
Step 6: The first thing to do is to install an anti-malware tool. Make sure you do this before you setup an Internet connection, else you run the risk of getting infected. After you've installed the anti-malware program and setup an Internet connection, you should update the anti-malware program. Next, check for updates. After you've done that, you're good to go!
Also, if you're using a laptop, make sure to plug it in. We don't want the battery to run out in the middle of the installation.
If you need more help or need something explained, feel free to ask me!
Last edited: