We got hit by a tricky virus yesterday calling itself “XP Internet Security 2010,” and by the reaction we’ve had on Facebook, it sounds like lots of other people have been hit by it.
It also infects other version of Windows, under different names including XP Defender Pro, Vista Security Tool 2010, and Vista Defender Pro.
It presented itself as something helpful – and looked like an official Microsoft programme.
While we were browsing the Web, it loaded itself without asking and appeared to scan the hard drive, telling us that we had 11 or so viruses on our machine and offered to clean them up. Don’t!
As we normally run the very competent anti-virus programme Avast (which normally picks up and deals with all viruses), our suspicions were raised. Why were all of these viruses here, if Avast normally picked them up?
They weren’t. These 11 viruses didn’t exist.
Extortion
XP Internet Security 2010 is designed to extort money from you – ransomware, if you like. The viruses it says that it identifies are fake and the whole programme is designed to get your credit card details away from you, in an attempt to make your machine run properly.
It is a right royal pain and will keep on popping up messages telling you your machine is undefended, under attack, etc. It’s relentless and seriously bad.
In many cases it will also stop you using your Web browser to look for help too – particularly if you use Internet Explorer.
Getting rid of it
It’s pretty hard to get rid of too. Finding the right solution and cleaning the machine of it took us about three hours, so here’s a summary of what we found.
Don’t click!
If you see the programme popup, don’t click on it. That will only make matters worse. If you have, it’s not the end of the world, but it’s more difficult to get rid of.
First thing is to stop it running. Pressing Ctrl-Alt-Del gives you the option look at the Task Manager.
Clicking on the Processes tab shows you what is running on your computer. Clicking on the Image Name column heading puts them into alphabetic order. Look for av.exe or ave.exe. Click on them, then End Process – this kills the programme running.
We had four or five versions of the same programme running first time and had to kill all of them.
Be aware that this programme will try and restart itself, often when you try and load different programmes, like Web browsers, so keep an eye on the Task Manager.
Next search on the Web for Malwarebytes’ Anti-Malware and download it.
When it’s on your machine – rename the file to a random selection of characters (eg ksudgfkluksg) before you try and run it. The virus will look for mbam and stop the programme running, as it knows it will be able to remove itself – sneaky.
Set Malwarebytes’ Anti-Malware to run, looking over your machine for virus infections. Once identified, it’s pretty easy to have them removed.
Free, but it’s right to pay
You can use their programme for nothing (other packages will charge up front), but as with anything that given free – it’s best to pay for it, by way of thanks.
This guidance is given freely, showing how we solved it. Feel free to follow the instructions, but do it at your own risk. We can’t be held responsible for any problems caused.