So, I come home from school today and say hey to my brother who arrived sometime while I was sleeping last night (He's home from college for a week.)

Anywho, he was on myspace and just the internets in general. He didn't really tell me how this thing got installed, but apparently something called XP Cleaner Pro installed itself on the computer (I'm sure he installed it accidentally or something.) I looked it up, couldn't really find anything on it that says it's a virus, however, in the options of the program, it won't allow me to click it to NOT start when windows first starts up. In addition to that, it made you download an uninstaller (Which probably was a virus.) which did absolutely nothing except say the program was uninstalled, when in actuality, it was still completely there. Now, I'm checking the control panel's Add or Remove program function, and it's doing nothing.

I can't find so much as a folder for where the program is. All I know is that the .exe ummm... button thing is in the /C: folder. Not in Program Files. In the actual /C: folder.

Halp? D:

I've seen advertisements for that thing while browsing porn.

I use no-script though so I just saw that it tried to redirect me, but never did.

Checked the internet history. Only a few sites looked suspicious. http://67.192.42.5/tserve/gateway.html?code=e1dde40aaa7acded68f4d5307fffc0cb &domain=allsp.com&seccode=51ff062cbc1060d838138d3f13ed3abf
http://67.192.42.5/tserve/gateway2.html?code=e1dde40aaa7acded68f4d5307fffc0c b&domain=allsp.com&seccode=51ff062cbc1060d838138d3f13ed3abf
http://savilla.cn/f/sd.html
and http://xpcleanerpro.com/about.php was visited.
However, those all look extremely suspicious. -_-; He visited the PRP which is a music site, myspace, and some site that has South Park.

Try "Hijackthis". It should get rid of your problem, but you have to look up how to properly use it because it comes with no instructions.

Okay, this may sound like a noob thing to do, but have you tried locating the folder where the program is installed in and deleting the folder manually?

Go into the C:/ drive and click on tools-->folder options-->view-->show hidden files and folders. Maybe it did something as simple as that, since you say it is somewhere in the C:/ drive.

You should be able to stop it running easily.
Start / run / msconfig
Then go to the last tab and find it listed there, untick it, done.
The listing there will also show you where the file is.

You can also try the program "Spybot Search & Destroy," that program will find any adware, malware, virus, etc that MS Defender can't even find, then it will remove it.

After uninstalling the program, run "CCleaner" a freeware program that removes useless registry entries and erases unnecessary files that are just taking up HDD space

I used to use Spybot. Then I downloaded Spyware Doctor, and found 54 minor infections and 3 trojans.

Consider getting Sandboxie (free for 1 month, then it asks for a donation upon startup, but will still run fine w/o making any payment), and making your brother browse the internet through that. It sets up a virtual environment that you can run your browser in and surf, but any spyware or other programs that piggyback in can't get out of the virtual room. Then when you close the browser, it wipes all the info inside.

Spybot is free. Totally necessarry as it locks the reigistry so new stuff won't have access. 90% of the time junk installs itself and sits until the next reboot, then it goes wild. This totally shuts it down.

Also run the free version of Zone Alarm - nice simple firewall.

I also run BitDefender. It's a very good but not quite free AV program. IT catches the vast majority of stuff.

Spybot is great, although I like Ad-Aware better. It can't hurt to run both.

If you're comfortable editing the registry, you can go into it and delete the key that lets the virus start up.
Run regedit and navigate to:

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run

Look for anything that looks like XP Cleaner Pro. Usually random letters are for programs you probably don't want running. Delete whichever key you think is XP Cleaner. Don't just randomly delete everything. Use some common sense, which I'm sure you have.

Next navigate to:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run

and look for anything there that looks like XP Cleaner.


Before you do any registry stuff, run Spyboy and Ad-Aware and the other programs people recommended. They'll probably get rid of the problem for you.

Good luck!

Ad-Aware Is The Best (http://www.download.com/Ad-Aware-2007/3000-8022_4-10045910.html?tag=lst-2)

No one has mentioned Avast (http://www.avast.com/eng/avast_4_home.html). It's an excellent antivirus program. Had it on an old computer of mine and it found malware that ad-aware and spybot couldn't.

No one has mentioned Avast. It's an excellent antivirus program. Had it on an old computer of mine and it found malware that ad-aware and spybot couldn't.
Better yet get all three and form the Captain Planet of anti-viruses.

http://www.hitmanpro.nl/hitmanpro/index.php?lang=en

It's all spyware and anti virus in one handy program! Use it! It saved many a person.

Ad Aware and spybot search and destroy are pretty useless now, at least according to the fine folks over at PC Magazine.

What are all these viruses you're talking about?


I recommend this first: http://www.antivirus.com -> gets you to Trendmicro


Then sell you box and get a Mac. :D

get a Mac. :D

WORD!

You should be able to stop it running easily.
Start / run / msconfig
Then go to the last tab and find it listed there, untick it, done.
The listing there will also show you where the file is.
Thanks. I also disabled some random thing that had no name >_>; hopefully it's not important. It didn't have a name, but it was under the same like location as my msn messenger and some other things.


Consider getting Sandboxie (free for 1 month, then it asks for a donation upon startup, but will still run fine w/o making any payment), and making your brother browse the internet through that. It sets up a virtual environment that you can run your browser in and surf, but any spyware or other programs that piggyback in can't get out of the virtual room. Then when you close the browser, it wipes all the info inside.
I think I might get that. I'm just gonna tell my brother to stop going on that south park website. It seems sort of shady to me. The PRP is a music site that I've gone on a few times myself and my brother's gone on since like 1999 or something, so I doubt that was it, but the streaming South Park site seems more shady. I'll tell him not to go on it or whatever until I get that sandboxie thing (will probably get it tonight.)

Also, thanks everyone for the tips and such. I'm kind of not sure if I'll get any other anti-virus/anti-spyware things, although I should probably get some more anti-spyware (mine recently ran out.) However, I just use AVG Anti-virus, and it's a shit tons better than a lot of things I've used. Every virus/spyware program seems to have their faults and such, but I dig AVG. Plus, there's too many for me to try out. However, thanks anyways. :3 Hopefully this thing doesn't kill my system.

I prefer the "Keep the hell away from my computer" filter. Or "touch my computer and die" search.

Passwords. Use them.

"Oh, I'm sorry. The last two times you got on my computer you went to sites that got viruses and took me 20 hours to fix. Get your own computer."

It doesn't work like that with my brother. Plus, he's normally pretty good with handling it. It was just a minor slip up. If it fucks up my comp, oh well, haha. I'll just borrow my girlfriend's laptop or something.

i also recommend downloading noscript: http://noscript.net/

This little program cancels MOST script processes that web pages run. You only need to allow scripts on web sites you trust.

also before i forget, go to start: all programs: accessories: system tools: System restore. Roll back to a point before your brother used your computer.

also before i forget, go to start: all programs: accessories: system tools: System restore. Roll back to a point before your brother used your computer.
That would eliminate the entire point of why I use the computer. It has all my music on it, and I never knew to do that like... set a set point to restore at, so I'd lose 40+ GB worth of music. In all honesty, if my music dies, I'll probably not bother using the computer, because that's the main reason I DO use it.

unless you have changed your basic system settings, your computer makes a check point every week, every time you use windows update, and typically every time you install a new program on your hard drive. So unless you put all your music on your computer after your brother fucked it up, you shouldn't have a problem doing a restore. If you are worried about it, make a restore point BEFORE you revert to an earlier date, if something wrong happens you can just go back to that point.

Let me know if you're still having issues. I can help you with it.

Do what I did... Get Ubuntu but if you don't wanna switch OSes then I would go with

1) Spybot
2) HiJackThis

Cool thing about HiJackThis is it's a lot like using Safe Mode and deleting crap from your registry in an easy fashion (that's just how I compare it). I've cleaned (and fixed) a many of system just deleting unwanted and unneeded Keys, Values, Strings and/or running programs. Like Mechs said though, make sure you look around and find out what you're doing before you get that and use it as you might end up deleting some necessary system files/functions and that wouldn't be too good.

If you've already solved the problem then having something there as a "just in-case" is always nice too so it doesn't end up happening again.

Also LOL@ Get a mac.

Typical response from all Mac users to Windows Users.

That would eliminate the entire point of why I use the computer. It has all my music on it, and I never knew to do that like... set a set point to restore at, so I'd lose 40+ GB worth of music. In all honesty, if my music dies, I'll probably not bother using the computer, because that's the main reason I DO use it.

Honestly, any important things like Music or whatever, I would get an external Harddrive (a fairly big one since I'm assuming you'll probably be getting more music ;) )to throw that shit on just in case your Windows screws up beyond all recognition and you gotta reload it (very rare but it's a good way to get your system back... if not the "last resort" method). I keep all the setup files to programs that I would reinstall onto Windows in a folder and all my docs, movies and music backed up on seperate DRIVES (plural because I've experienced really bad harddrive issues in the past). Prevention and being ready for a problem is saving grace when it comes to computer stuff.

System restore just rolls the registry back to a previous point, undoing new paths and the like. The actual music files won't be affected, as they'll still sit there on your HDD.. the only thing that might be affected by that is if you made any recent changes to your player.

On that note, since these infections typically do have multiple files associated with them, you run the risk of a restore not cleaning it out, but just temporarily disabling it and leaving traces. Not good.

Again, get in touch with me and I can help.