Tech Support Forum banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
21 Posts
Discussion Starter · #1 ·
Hello, I am a computer tech at my local computer shop, where we have been seeing numerous cases of the Windows XP Security 2012 virus.

I've been doing days and days of research for a 'proper' removal method so I do not lose the DHCP and ICS services; which result in the loss of internet connectivity.

I am currently sitting with a clone of the original hard drive(had to clone and reinstall the system; client was getting antsy), but we have an exact replicate of the system that I have been booting the clone on, removing the virus and losing either the DHCP service and/or the ICS(Windows Firewall) service then having to clone back the drive to try an alternate method.

The clone i am sitting with is a clone i made after i ran OTL(stupid on my side to clone after i removed some of the virus >.<) so i do not get the xp security 2012 prompts anymore, just have the infected files BUT i do STILL have connectivity; up until i remove these infected files.

I did need to run a exe.reg input before i can fully execute any .exe files since the virus attacks the .exe extension.

Methods I've tried:
1) Combofix - results in loss of connectivity
2) Malwarebytes - after removing infections results in loss of connectivity
3) OTL - OTL is my favored method thus far, it removes the prompts for XP Security 2012 but there are still left over files/drivers infected that TDS picks up however if you remove those infections with TDS you lose connectivity
4) TDS - results in loss of connectivity(when files are removed)
5) HiJackthis - turns up nothing that the hijackthis.de analyzer can determine a 'virus'


Is there a proper removal method for this virus? If so, is there any chance you guys can give me some insight as to how to go about removing it?

We have had about 4-5 systems come into the shop that have to get a reinstall because we have no proper fix for this.

Any insight would be greatly appreciated!

THANK YOU!
 

·
Registered
Joined
·
21 Posts
Well I've received no help but I was able to create my own process for removing this virus.

I've removed this virus several times now, which have not resulted in any loss of connectivity.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
We would have been glad to assist had you posted the requested logs. It's irresponsible to toss tools at a machine without seeing a set of initial logs. If something goes wrong during the fixes, you'd have no idea of where to start looking.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top