M
MichaelBN
First of all, this is what I have.
OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6001 Service Pack 1 Build 6001
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name MANDTBN
System Manufacturer Gateway
System Model GT5622
System Type X86-based PC
Processor Intel(R) Pentium(R) Dual CPU
E2160 1.80GHz, 1800 Mhz, 2 Core(s), 2
Logical Processor (s)
BIOS Version/Date American Megatrends Inc. 080013, 8/31/2007
SMBIOS Version 2.3
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.0.6001.18000"
User Name MANDTBN\minusthemusic
Time Zone Pacific Daylight Time
Installed Physical Memory (RAM) 3.00 GB
Total Physical Memory 2.99 GB
Available Physical Memory 1.83 GB
Total Virtual Memory 6.19 GB
Available Virtual Memory 5.10 GB
Page File Space 3.28 GB
Page File C:\pagefile.sys
Last night I was struck by the Trojan:Win/32/Fake XPA virus. To quote the
Microsoft Malware Protection Center, “Trojan:Win32/FakeXPA is a family of
programs that claims to scan for malware and displays fake warnings of
“malicious programs and virusesâ€. They then inform the user that they need to
pay money to register the software in order to remove these non-existent
threats.†Judging from how much there is about this on the internet, I’m
certain you’ve heard of it.
I shut the computer down last night with the intention of working on it this
morning (3/21/09).
When I restarted the computer this morning, the virus was there front and
center, very obnoxious.
I decided to run a Windows Defender scan, but, before I was able to begin
the scan, Defender told me that I had the virus. What didn’t it tell me last
night?
I clicked “Fix It†and Defender did so.
However, it is now in Defender’s “History†window. On the top of the window
is the following:
“Name Alert Level Action Take Date
Status
Trojan:Win/32/Fake XPA High Quarantine 3/21/2009 8:58 A
Succeededâ€
Beneath that is:
“Category:
Trojan
Description:
This program is dangerous and executes commands from an attacker.
Advice:
Remove this software immediately.
Resources:
process:
pid:4464
View more information about this item onlineâ€
The “View more information about this item online†is a link. Nothing
happens when I right click on the link. So I left clicked on the link and
was brought to the web page which explains the virus.
The way it directs me to get rid of the virus is to go to the “Quarantined
Items†window, highlight the virus and click on “Removeâ€.
Unfortunately, when I go to the “Quarantined Items†window, the virus is not
there.
By all indications, it appears that Defender did, indeed, remove the virus.
However, as the web site warned, it put two files in the “Start Menuâ€
“Programs†list, but, when I went to the “Programs Files†via the C drive, it
wasn’t there. I right clicked on the files in the “Start Menu†“Program
list†and deleted the two files.
Why is it still in the “History†window, where it tells me to remove it as
soon as possible, but not in the “Quarantined Items†window, where there is
ability to remove it?
I also did a Registry Cleaning to remove anything that it may have placed in
the registry.
Bottom line, I’d like to know if this virus was really, totally removed from
my computer.
Thanks in advance.
MichaelBN
OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6001 Service Pack 1 Build 6001
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name MANDTBN
System Manufacturer Gateway
System Model GT5622
System Type X86-based PC
Processor Intel(R) Pentium(R) Dual CPU
E2160 1.80GHz, 1800 Mhz, 2 Core(s), 2
Logical Processor (s)
BIOS Version/Date American Megatrends Inc. 080013, 8/31/2007
SMBIOS Version 2.3
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.0.6001.18000"
User Name MANDTBN\minusthemusic
Time Zone Pacific Daylight Time
Installed Physical Memory (RAM) 3.00 GB
Total Physical Memory 2.99 GB
Available Physical Memory 1.83 GB
Total Virtual Memory 6.19 GB
Available Virtual Memory 5.10 GB
Page File Space 3.28 GB
Page File C:\pagefile.sys
Last night I was struck by the Trojan:Win/32/Fake XPA virus. To quote the
Microsoft Malware Protection Center, “Trojan:Win32/FakeXPA is a family of
programs that claims to scan for malware and displays fake warnings of
“malicious programs and virusesâ€. They then inform the user that they need to
pay money to register the software in order to remove these non-existent
threats.†Judging from how much there is about this on the internet, I’m
certain you’ve heard of it.
I shut the computer down last night with the intention of working on it this
morning (3/21/09).
When I restarted the computer this morning, the virus was there front and
center, very obnoxious.
I decided to run a Windows Defender scan, but, before I was able to begin
the scan, Defender told me that I had the virus. What didn’t it tell me last
night?
I clicked “Fix It†and Defender did so.
However, it is now in Defender’s “History†window. On the top of the window
is the following:
“Name Alert Level Action Take Date
Status
Trojan:Win/32/Fake XPA High Quarantine 3/21/2009 8:58 A
Succeededâ€
Beneath that is:
“Category:
Trojan
Description:
This program is dangerous and executes commands from an attacker.
Advice:
Remove this software immediately.
Resources:
process:
pid:4464
View more information about this item onlineâ€
The “View more information about this item online†is a link. Nothing
happens when I right click on the link. So I left clicked on the link and
was brought to the web page which explains the virus.
The way it directs me to get rid of the virus is to go to the “Quarantined
Items†window, highlight the virus and click on “Removeâ€.
Unfortunately, when I go to the “Quarantined Items†window, the virus is not
there.
By all indications, it appears that Defender did, indeed, remove the virus.
However, as the web site warned, it put two files in the “Start Menuâ€
“Programs†list, but, when I went to the “Programs Files†via the C drive, it
wasn’t there. I right clicked on the files in the “Start Menu†“Program
list†and deleted the two files.
Why is it still in the “History†window, where it tells me to remove it as
soon as possible, but not in the “Quarantined Items†window, where there is
ability to remove it?
I also did a Registry Cleaning to remove anything that it may have placed in
the registry.
Bottom line, I’d like to know if this virus was really, totally removed from
my computer.
Thanks in advance.
MichaelBN
