Fake Windows Security Alerts virus

[strep3241]

My uncle just got infected with a virus that looks like the Windows Security Center. I did a scan with Malwarebytes and it did not find anything. Also scanned with Trend Micro and it did not find anything.

I did some google searches and some places said to look for registry entries and actual files and I could not find any thing they had listed.

How do I find out if this is still infected and how do I get rid of it?

He is running Windows XP.

 

[welshhotty2010]

yeh ive had the same problem n i had to format the drive n reinstall. what xp is it? xp pro or home edition? if uve read a book called windows xp annoyances for dummies itll tell u where to look n how to tighten ur security better.

Bye fellow Geeks

 

[alkemyst]

Search google for the name of the antivirus...I can't remember it off the top of my head, but there are plenty of writeups. Bleepingcomputer had one as well I believe.

This virus usually implants a file in your temp files that runs.

RKill.exe and then launching regedit to go to local machine/current user's, windows run key and delete anything odd...as well as under the startup directory under all profiles.

 

[Unheard]

Did you do the scans in safemode?

Also read through this. It's worked for all the infected PC's I have come across.
http://forums.majorgeeks.com/showthread.php?t=35407

 

[chemwiz]

Dr. Web Cure-it works well, too. It'll get rid of the rootkit for you.

 

[Unheard]

We had one @ work yesterday on one of the employees PC, changed the background to:

"WARNING
YOUR'RE IN DANGER!
YOUR COMPUTER IS INFECTED WITH SPYWARE!

ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK.
WHEN YOU VISIT SITES, SEND E-MAILS... ALL YOUR ACTIONS ARE
LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS.
YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES

FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
Every sit you or somebody or even something, like spyware, opened in your browsers,
with all images, and all downloaded and maybe later removed movies or mp3 songs -
ARE STILL THERE and could break your life!

SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!"

 

[E411]

Google the exact name of the software or the exact messages you are getting and do it "in quotes". Then, write down or print out the directions and run them in "safe mode".

Seriously. Exact quote and do it in safe mode. No shortcuts.