Hey there - first time post so thanks in advance and I'm looking forward to being part of the community.

My father in-law's pc (xp home sp3) got inundated with fake security popo ups a few days ago. Mostly they looked authentic - i.e. part of the window's own security centre - but would send you to a bogus web site selling crap anti-spyware programs.

We've looked around for advice on the internet and have used a number of programs in an effort to remove the infections.

It boils down to this:

If the pc is allowed to access the internet - all hell breaks loose. Stuff coming from everywhere and almost impossible to use the internet without getting redirected or slapped in the face by another 'security alert'.

We downloaded the latest versions and updates of spybot, superantispyware, ccleaner and malwarebytes. Looking through various forums and sites, we ran these programs as recommended.

With the pc disconnected from the internet, this is the state of play:

Superantispyware and Malwarebytes report no problems found after a couple of sweeps.

Spybot reports it has found three registry examples of Fraud.XPAntivirus and can fix the first two but not the third. It asks to scan on reboot but still cannot remove the entry (tried this in safe mode too).

So there we are - I can post Hijackthis report.

Look forward to hearing from someone.
Cheers,
-Will.

Willy J's Malware Topic:
http://forums.spybot.info/showthread.php?t=33892
--

Willy, can you run Spybot-SD in 'Safe Mode'? What does it detect?

drragostea,
sorry for the delay in getting back to you - I have been monitoring the post in the Malware section where I posted the HJT log.
The results in safe mode are identical to the results in normal start up mode.
Spybot cannot fix the last of the three items relating to Fraud.XPAntivrus and recommends a scan on startup. This does not work either.
Did you want me to stick up any reports or logs from Spybot?
-W.
btw thanks for replying!

Hi there,

drragostea,
Did you want me to stick up any reports or logs from Spybot?


Once a log has been posted in the Malware forum, any requests for further logs will be given there by a malware removal helper. ;)

They are a bit busy at the moment but hopefully someone will be able to assist you soon.

Cheers. :)

Yep. tashi said it.

Sorry to hear of your troubles... The rogue applications were probably forced installed or was installed without your knowledge.

I can't provide further assistance as Malware Fighters have more knowledge than me in this area.

Just be careful.

Good luck in the Malware Removal Forums.

drragostea,
I'm a little confused by what you mean being this is my first experience on the forums here.
Do you mean I should wait for a reply on the Malware Removal forum, or do you mean there is another site called Malware Fighters, or something else?
Thanks,
-W.

What I mean (and tashi meant) is that you should wait for a response.

Malware Fighters are a group of volunteers (knowledgeable) folks who will assist you to purge the malware.