this is a c/p of a post by DonSammy, sup mod from freedom and fta1.

c/p

C&P of warning notice posted in my forum by a member regarding lyngsat site:


While surfing the Altantic Hot Bird Freq list on Lyngsat I've been hit by a sales virus that I now have to remove. It has done this on 2 PC's in 24 hrs. It is called XP antivirus. Don't be fooled into believing or buying it.

Quote:
What these programs do:

XPAntiVirus is a rogue antivirus software that, when runs, display false results as a tactic to scare you into purchasing the software. When XPAntivirus is first installed it will create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries are harmless and have absolutely no effect on your computer. Instead, these entries are set so that XP AntiVirus can find them when scanning your computer and report them as infections. In order to remove these fake infections you need to purchase the software as the trial does not allow you to remove them.

As you can see this program is fraudware in that makes changes on your computer and then states these changes are infections as a scare tactic to have you purchase the software. It goes without saying that under no circumstances should you buy it. The program does come with a removal option in the computer's Add or Remove Programs list, but when you attempt to uninstall it, all that happens is the entry is removed from the list and program's process is terminated. Next time you reboot, XP AntiVirus will start up again.

The guide below will walk you through the steps necessary to remove this software and the fake malware entries it installed in your Windows Registry.

Symptoms in a HijackThis Log (Other than XP Antivirus, these are fake malware entries):


O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe

Add/Remove Programs control panel entry:

XP antivirus 1.0.1

c/p continued.

Quote:
Removal Instructions for XP AntiVirus:

These steps may appear to be long and daunting. They are, though, quite easy to do and consist of so many steps only because I have written them in an extremely detailed manner.

1. Print out these instructions as we will need to close every window that is open later in the fix.


2. Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. Login as a user with administrator privileges.

3. When your computer has started in safe mode, and you see the desktop, continue with the rest of the instructions.

4. Click on the Start button and then select the Run option.

5. In the Open: field type C:\Program Files\ and then press the OK button.

6. When the folder appears, if it says These files are hidden, click on the Show the contents of this folder option.

7. When the C:\Program Files\ folder opens, look through the list of folders and when you find the folder named XPAntivirus left-click on it once so it becomes highlighted.

8. Then hit the Delete button on your keyboard and when it asks if you are you want to delete the folder, click on the Yes button with your mouse.

9. When the folder is deleted, reboot your computer back to normal mode.

10. When your computer has rebooted and you are back at your desktop, download FixXPAV.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.

FixXPAV.reg Download Link

Confirm that the file FixXPAV.reg now resides on your desktop as we will need it later.

11. Go to your desktop and double click on the FixXPAV.reg file that you just downloaded. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.

12. Delete the following files and folders (Do not be concerned if a folder does not exist):

C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus\
C:\program files\XPAntivirus\ (This folder should already be gone from previous steps)

13. Next to your Start Menu button is your Quick Launch. XP AntiVirus also installs a shortcut in the Quick Launch that we want to remove. To do that, simply right-click on the XpAntiVirus icon to delete it.

14. Reboot your computer for the time in this guide.
There is another program by name of "Hyjack This" which can be found by googling it for a free download that will also remove the malware.


end c/p

good to know good post

Thanx for the Heads Up .:thmbup:

hello
thanks for the good info checked my pc and everythink is ok for now

hier is a new link http://www.satcodx.com/ it's simular to lyng sat

I was checking something on lyngsat & that XP AntiVirus pops up, but I close the window immediately, but just to be on the safe side I did check my C program and looks good

Great post, this will save allot of headaches knowing this...

I knew there was a reason i liked my Vista. LOL LOL LOL

I knew there was a reason i liked my Vista. LOL LOL LOL

You have reached a sad realization your OS sucks! Cancel or Allow!

just kidding, I use vista for almost everything, wouldn't get rid of XP cause there are still things its MUCH easier for, USB to serial for ie,

But for browsing and security, its the safest thing other than Linux or Mac!

Unless of course u turn off UAC! or Run as administrator, then Ur just a DUMMY :P

i had that same problem thanks for the info.

When your a Mac user you can ignore posts like this :D

That's why its always a good idea to make a small linux partition and run something like ubuntu for any surfing and such.
No viruses, No Spyware, No risk of infecting your windows partition.

when your a linux user u can ignore posts like this. U do know that macOS tcp/ip stack is based off MS right? Anyway sucks to hear lyngsat got hit, they seem pretty secure but hey u never know.

sure they are hit ? I have been over there and had no issues ? is it related to clicking on a AD per chance ? and not part of the main pages ?

I am not going to test it:) just make sure to protect yourself and u will be fine. Lyngsat seems secure at a glance but many major websites have been hacked in the past couple years. Maybe a mod should email or talk to one of the admins of lyngsat and see whats going on for sure, just an idea.