#1
I recently got some malware, a rogue called "XP Police Antivirus". I was able to re-enable regedit and the task manager, and deleted all of the xp police ativirus files in Program Files, but its still giving me troubles.

It will not let me access most help sites (redirects every google searched website and makes most antivirus software sites unable to be accessed), and it somehow disabled "Malwarebyte's Anti-Malware" from running.

Any help would be greatly appreciated
.
#4
Quote by Fat Lard
Could you go over this in detail? I am a total noob when it comes to this stuff


Yeah, no problem

To go into Safe Mode, restart your computer. Keep pressing the F8 key (I dunno when exactly you have to press it but its during start up). Then, it will give you a little menu, just choose safe mode.

System Restore should be somewhere in the Control Panel, under Sytem Maintenance or something like that

Hope this helps
#5
Quote by lp345
Boot in Safe Mode and do a System Restore



this or buy norton antivirus. i had trojan horses and vundos on it it cleared it up.
Quote by jjennings216
i'd go gay for hendrix 128 he's fricken hillarious.



Quote by sadistic_monkey
To me, Jonas Brothers sound identical to Dragonforce. So I'm not sure what you've just proved.
#6
Quote by lp345
Yeah, no problem

To go into Safe Mode, restart your computer. Keep pressing the F8 key (I dunno when exactly you have to press it but its during start up). Then, it will give you a little menu, just choose safe mode.

System Restore should be somewhere in the Control Panel, under Sytem Maintenance or something like that

Hope this helps


Allright, I'm trying this now.

And to hendrix, norton keeps giving me an error whenever I try to scan my computer.

brb...
.
#7
Your motherboard is no match for teh pr0nz0rz!

EDIT: When all else fails, back up all your files onto an external device and format+re-install your OS.
Amps
Mesa Dual Recto 3 Ch
Peavey 6505 Combo

Cab
ENGL E212VH Cab

Guitars
Epi Explorer
Schecter Damien 6
Squier Strat (signed by Rob Zombie!)

Pedals
ISP Decimator
Dunlop Crybaby Original
Boss CE-5 Chorus Ensenble
Boss GE-7 Equalizer
Last edited by StillSoundRG at Feb 15, 2009,
#8
I restarted my computer whilst pushing f8 like a /b/tard pushes f5, and I got no menu that let me choose safe mode. Is there another way to make your computer restart in safemode next time you restart it?
.
#9
Quote by hendrix_128
this or buy norton antivirus. i had trojan horses and vundos on it it cleared it up.

I would rather install trojans, viruses, malware, freaking King Leonidas before even considering to install Norton.
At work so many people come with problems on their computer, that are in one way or another caused by Norton.

@OP:
If you want a good AV, you should try Avira, AVG or Avast, or if you have the funds, NOD32. Avira is pretty good, but unless you buy a subscription it will bother you with ads, AVG is OK, but it's detection isn't that good, Avast is good, but it's rather heavy. Nod32 is the best one I've used myself, but you have to buy a subscription to use it.
Sworn enemy of the private investigator.
#10
Cool story bro...
Quote by guitar-godfrey
when i grow up i wanna have blackandsilver's babies!

Quote by angusfan16

Quote by Scowmoo
..
HOLY HELL.

nice discovery, sir.


--------------------------------------------------------------------------------
Last edited by coryklok : Today at 01:10 PM.
#11
Quote by Fat Lard
I restarted my computer whilst pushing f8 like a /b/tard pushes f5, and I got no menu that let me choose safe mode. Is there another way to make your computer restart in safemode next time you restart it?


Strange..

Try again, and just keep tapping it the whole time. F8 is definetley the key
#12
^ I've tried all of those and more, but the malware isn't letting me access any of the sites, or rapidshare files for downloading them in alternate links

I'm about ready to smash in my computer...


EDIT: Allright, i'll try rebooting it again...
.
#13
UPDATE


I got the computer into safe mode this time, but as soon as the desktop appeared, a popup appeared saying that "NT Authority\System authorized a shutdown" and a timer ticked down from :50 until it shut down the computer.

Its probably too bad to clear this thing myself, so im keeping off the computer (on brother's laptop atm). Any last suggestions before I decide to call Geek Squad?
.
#14
Quote by Fat Lard
UPDATE


I got the computer into safe mode this time, but as soon as the desktop appeared, a popup appeared saying that "NT Authority\System authorized a shutdown" and a timer ticked down from :50 until it shut down the computer.

Its probably too bad to clear this thing myself, so im keeping off the computer (on brother's laptop atm). Any last suggestions before I decide to call Geek Squad?


I had something similar once

To stop the countdown, try turning the clock back on your computer a couple of hours. That should move the timer back as well
#15
Quote by Fat Lard
I recently got some malware, a rogue called "XP Police Antivirus". I was able to re-enable regedit and the task manager, and deleted all of the xp police ativirus files in Program Files, but its still giving me troubles.

It will not let me access most help sites (redirects every google searched website and makes most antivirus software sites unable to be accessed), and it somehow disabled "Malwarebyte's Anti-Malware" from running.

Any help would be greatly appreciated


Make sure he doesn't stun lock you!!
#16
Quote by lp345
I had something similar once

To stop the countdown, try turning the clock back on your computer a couple of hours. That should move the timer back as well



Allright, I'll try this out tomorrow when I have more time (gotta get hw finished)


Thanks alot for the help lp, you're a life-saver
.
#17
I'd suggest (if you have it) use the factory reset disk, or your OS disk, and just reformat and reinstall.

If you have any important files you'd like to keep, back them up.

If you have either of those disks, you should just be able to boot the computer with the disk in.

If things are set right, it should boot from the CD.

If not, then you'll have to mash delete key (i think) to get into the CMOS settings, look for the boot order, and set the cd-rom drive to the first boot device.
#18
Quote by Fat Lard
Allright, I'll try this out tomorrow when I have more time (gotta get hw finished)


Thanks alot for the help lp, you're a life-saver


No problem dude
#19
A word of advice, be careful if you decide to back some files up onto a flash drive before restoring.

I had a similiar xp antivirus virus (Which i got rid of with the anti-malware program you mentioned) and it put itself on my flash drive, and then my dad used the flash drive and it infected his computer too.
Guitars:
-Schecter C-1 Plus
-MIM Tele
Amp:
-Vox AD50VT
Pedals:
-Dunlop Crybaby
-Boss MD-2 Mega Distortion
-Ibanez CF7 Chorus/Flanger

Hopefully more to come.
#20
Manual XP Police Antivirus Removal Instructions:

Stop XP Police Antivirus Processes:
(Learn how to do this)
XPPolice.exe

Find and Delete these XP Police Antivirus Files:
(Learn how to do this)
XPPolice.exe
c:\Program Files\XPPoliceAntivirus
c:\Program Files\XPPoliceAntivirus\AVCoreFn.dll
c:\Program Files\XPPoliceAntivirus\bdconf.cfg
c:\Program Files\XPPoliceAntivirus\Core.dll
c:\Program Files\XPPoliceAntivirus\setup.dat
c:\Program Files\XPPoliceAntivirus\xppolice.exe
c:\Program Files\XPPoliceAntivirus\Plugins
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_dll.cvd
c:\Program Files\XPPoliceAntivirus\sounds
c:\Program Files\XPPoliceAntivirus\sounds\alert.wav
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_emu.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.rvd
c:\Program Files\XPPoliceAntivirus\Plugins\cookie.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\cran.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\cran.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\emalware.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\gvmscripts.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\hpe.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\java.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_w95.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_x95.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_xf.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mobmalware.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\na.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\nelf.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\regarch.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\regscan.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\rup.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\sdx.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\sdx.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\unpack.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\unpack.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\vb0.dat
c:\Program Files\XPPoliceAntivirus\Plugins\vb1.dat
c:\Program Files\XPPoliceAntivirus\Plugins\vb2.dat
c:\Program Files\XPPoliceAntivirus\Plugins\ve.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\ve.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\vedata.cvd
c:\Program Files\XPPoliceAntivirus\sounds\click.wav
c:\Program Files\XPPoliceAntivirus\sounds\fire.wav
%UserProfile%\Desktop\XP Police Antivirus.LNK
%UserProfile%\Start Menu\XP Police Antivirus.LNK

Remove XP Police Antivirus Registry Values:
(Learn how to do this)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run ieupdate

http://www.xp-vista.com/spyware-removal/xp-police-antivirus

I copy pasted this so yeah, the "learn how to do this" were links. Also, no quote because it was ruining it.

Also I'm not sure about this but anyway http://removal-tool.com/xp-police-antivirus/
Last edited by kevC4 at Feb 15, 2009,
#21
savvy..
.... . / .-- .... --- / -- .- -.- . ... / .- / -... . .- ... - / --- ..- - / --- ..-. / .... .. -- ... . .-.. ..-. / --. . - ... / .-. .. -.. / --- ..-. / - .... . / .--. .- .. -. / --- ..-. / -... . .. -. --. / .- / -- .- -. .-.-.-