# My computer was just attacked!



## BittersweetEmbrace (Feb 24, 2010)

I was reading my profile and i was just told that my computer was attacked. It says its infected now. What do i do??? How do i get some protection? My mom doesn't have money to buy some by Macafee or anything  Help!


----------



## BittersweetEmbrace (Feb 24, 2010)

I am being told by my Windows XP Supporter that when i enter my Registration Key i can stop worrying about computer harms forever....what is this? How do i get my Reg. Key???


----------



## BittersweetEmbrace (Feb 24, 2010)

see?????!?


----------



## CraziNate (Oct 15, 2009)

Close it out.

Download AVG free and the free version of Adaware.

Also download Spy Bot search and destroy

All are free and those are the only ones that I use and I never get any viruses


----------



## BittersweetEmbrace (Feb 24, 2010)

k im downloading AVG right now


----------



## BittersweetEmbrace (Feb 24, 2010)

which Spy Bot?

The home of Spybot-S&D!


----------



## CraziNate (Oct 15, 2009)

This one

The home of Spybot-S&D!


----------



## NinaThePitbull (Feb 10, 2010)

CraziNate said:


> Close it out.
> 
> Download AVG free and the free version of Adaware.
> 
> ...


she's right, and its whats doing the attacking is that program that wants you to download their "software" dont do it.


----------



## CraziNate (Oct 15, 2009)

NinaThePitbull said:


> she's right, and its whats doing the attacking is that program that wants you to download their "software" dont do it.


He  hahaha


----------



## Mcleod15 (Jul 17, 2009)

Here is what you need to do, turn off your machine restart into safe mode(hit f8 during boot up),

Steps:
Log into the machine
Click start, then run, type *msconfig*, click ok
Click the startup tab
Search through the records and uncheck anything that contains keywords that match the program that is attacking your computer.
Then go the program files, find the XP security tool folder click it, with the folder highlighted hold down the shift key and hit the delete key, delete the folder.

Once that is done, click start, and run, type *regedit*, click ok
Click edit, find next, then type in XP security tool, then click find next
Once it finds a record delete(Just pay attention to what your deleting if it doesn't seem like it is associated with XP security tool program don't delete it)
Once all records are deleted(no more are found) restart your machine login and download
Avast, MalwareBytes
Run scans with these two programs

AVG is garabage, and so is macafee, and Norton, if your not careful AVG will put viruses right back on your machine.


----------



## CraziNate (Oct 15, 2009)

Mcleod15 said:


> Here is what you need to do, turn off your machine restart into safe mode(hit f8 during boot up),
> 
> Steps:
> Log into the machine
> ...


Ive never had any issues with AVG and I've been using it for quite some time.


----------



## Mcleod15 (Jul 17, 2009)

CraziNate said:


> Ive never had any issues with AVG and I've been using it for quite some time.


I can't stand it we all tried it at work and had nothing problems out of it, Had so many bad experiences with it I stop messin with it, maybe the newer versions are better. Avast has always been good to me.


----------



## beccaboo (Dec 27, 2009)

avast let viruses on my friends computer. i've never had trouble with avg and it took care of the virus that avast let slip thru. crazy that it would let a virus back on tho. nice to see computer savvy people around tho


----------



## BittersweetEmbrace (Feb 24, 2010)

CraziNate said:


> This one
> 
> The home of Spybot-S&D!


I can't find one that says Spy Bot Search And Destroy....


----------



## BittersweetEmbrace (Feb 24, 2010)

Mcleod15 said:


> Here is what you need to do, turn off your machine restart into safe mode(hit f8 during boot up),
> 
> Steps:
> Log into the machine
> ...


Its says:


----------



## smokey_joe (Oct 14, 2005)

This is why we are now a Mac household.


----------



## BittersweetEmbrace (Feb 24, 2010)

Yeah well my family isn't very "fortunate". Everytime my mother gets the little check she works hard to make they still half of it away. For no reason whatsoever.


----------



## BittersweetEmbrace (Feb 24, 2010)

Help? Anyone? Everyone left


----------



## Mcleod15 (Jul 17, 2009)

beccaboo said:


> avast let viruses on my friends computer. i've never had trouble with avg and it took care of the virus that avast let slip thru. crazy that it would let a virus back on tho. nice to see computer savvy people around tho


Yeah, If you click on the right thing at the right time, it don't matter what you have something will get to your files.



BittersweetEmbrace said:


> Its says:


Your getting that message cause your trying to delete the Hardware regristry key, you will not be able to do that. In that pic you posted all those entries,(HKEY_ClassRoot, HKEYCurrentUser, etc) are all root keys that can not be deleted. The entries listed(hardware, sam, software) are sub root keys those you do not want to try and delete.

I have a folder in my program files folder named cmak. Lets pretend its a harmful program. So i went regedit and did a search, this pic shows my results.








I can either delete all the keys in the right pane or I could delete cmax.exe key thats highlighted in the left pane. Only delete in the left pane if the key is directly and only related to your search or program your looking for.(your case xp security tool)
That this pic below. I hit find next again and found another entry.








In this case it would not be wise to delete the folders key in the left pane, but to only delete highliged rd key in the right pane. The reason you would not want to delete folders key is that there is mulitple programs that are located in that folder, deleting it will more than likely corrupt all of them and crash your computer.

Using regristry editor is tricky and can destory your setupif you delete the wrong thing , but if you be careful in what your deleting then you will not have any issues, and it will safe you a couple hundred bucks, cause places like bestbuy, private computer shops charge a good price to fix simple issues such as this.


----------



## Mcleod15 (Jul 17, 2009)

smokey_joe said:


> This is why we are now a Mac household.


Yeah nobody(not many) writes virus programs to attack Mac computers cause NOBODY uses them in large scale applications on the regular. When they become as popular as PCs then Mac users will start to experience the same issues.


----------



## BittersweetEmbrace (Feb 24, 2010)

Mcleod15 said:


> Yeah, If you click on the right thing at the right time, it don't matter what you have something will get to your files.
> 
> Your getting that message cause your trying to delete the Hardware regristry key, you will not be able to do that. In that pic you posted all those entries,(HKEY_ClassRoot, HKEYCurrentUser, etc) are all root keys that can not be deleted. The entries listed(hardware, sam, software) are sub root keys those you do not want to try and delete.
> 
> ...


This is what i got when i searched: xp security tool
in the "Find next" box thing.


----------



## Mcleod15 (Jul 17, 2009)

What happens if you hit find next again? Try all one word, and try just security tool, try puttin in 2010 too.(if these searches find something else and you don't feel comfortable deleting them post up the screen shots and I will look at them for you)

Is the program still popping up on you when you login or are surfing the net?
If it is could you do a screen shot of your startup tab in msconfig. So I can look at your startup items.
Were you able to delete the that XP security tool 2010 folder out of program files?

If your still having issues or no luck finding the registry entries try downloading Malwarebytes http://www.malwarebytes.org/mbam.php, if you haven't already.


----------



## BittersweetEmbrace (Feb 24, 2010)

Mcleod15 said:


> What happens if you hit find next again? Try all one word, and try just security tool, try puttin in 2010 too.(if these searches find something else and you don't feel comfortable deleting them post up the screen shots and I will look at them for you)
> 
> Is the program still popping up on you when you login or are surfing the net?
> If it is could you do a screen shot of your startup tab in msconfig. So I can look at your startup items.
> ...


I'm still having the same issues.

This is what i got after i selected Run, msconfig, ok, and startup:

Also i highlighted one of them, so i could keep track in what i had already print screened.


----------



## Mcleod15 (Jul 17, 2009)

I see that you have Mywebsearch on your pc which can be uninstalled. If none of the virus scans are working for you and you cannt find any of the files associated with the virus program, there is one other thing you can try. You can try system restore. 

Go to start, all programs, accessories, system tools, system restore
select restore my computer to earlier date, click next
choose a date before the day your machine was attacked. The day will have to be bold indicating that you can restore your machine back to that day.

If you do this remember any changes(program installs, new documents, etc) you made since the date your restoring to will be deleted. So it might be good to back up all your files and documents to a flash drive, cd or dvd. 

Let me know if you have any questions? So if you don't feel comfortable about it ask me questions before you do the restore option, and I'll try my best to answer them.


----------



## BittersweetEmbrace (Feb 24, 2010)

It worked everyone!! See?? no pop ups saying that my comp is infected!!










Thank you so much everyone!!


----------

