Ok, set, fight!
1. Computer was previously infected with the above said virus and previous user had made all sort of attempts to fix it - probably not good things.
2. Avast had been the first sentry on duty and was completely mutilated by virus.
3. Malwarebytes, second sentry on duty - dead as a door nail.
4. Windows Firewall - third sentry also disabled by virus.
5. TCP/IP stack corrupted.
6. Blue Screens.
7. No Window Updates functional.
1. Follow Bleeping Computer web site steps: virus-removal of xp-antispyware-2012
2. After I did the above, I was still not satisfied because I could run Malwarebytes in Safe mode, and it found one Trojan, but just did not feel it was good enough. So I took the drive out of the PC, plugged into my laptop with especial adapter that allows me to connect SATA drives as USB, and proceeded to scan with Malwarebytes, but lo and behold, my Microsoft Security Essentials found 8 viruses just by plugging it in and removed the viruses. I still finished scanning with Malwarebytes - came clean. Scanned again with two more scanners. All clean.
3. So I put the drive back in but even though I felt it was not infected, it was still corrupted.
4. Chkdsk fixed some more files.
5. TCP/IP stack was corrupted, and you could not get the PC on the network. Also Windows Repair was not working, so I followed these steps:
b. Locate the [MS_TCPIP.PrimaryInstall] section.
c. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.
d. Save the file, and then exit Notepad.
e. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
f. On the General tab, click Install, select Protocol, and then click Add.
g. In the Select Network Protocols window, click Have Disk.
h. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.
i. Select Internet Protocol (TCP/IP), and then click OK.
Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.
j. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
esentutl /g c:\windows\security\Database\secedit.sdb
First try the recovery option
esentutl /r c:\windows\security\Database\secedit.sdb
esentutl /p c:\windows\security\Database\secedit.sdb
Choose install > protocol > TCP/IP and try again
Please see: Smokey's Security Web Log for a reference
6. Awesome, now I had network access again, but still had some blue screen issues so I had to reboot into safe mode and what I noticed was that Avast was still trying to load, so I uninstalled Avast and rebooted into normal mode.
7. I disabled all add-on toolbars in Explorer, and I also made sure that I looked for all residue Regentries and files left over by the virus these you can find on the clean up instructions of the Bleeping computer step by step. I did not find reg keys, but did find a bunch of suspicious files lurking in the profile folders.
8. Now the Firewall worked so I disabled all exceptions.
9. Also could not run windows update, so after a couple of failed attempts, this finally worked (error was 0x80070424):
a. turned on the service Background Intelligent Service
b. regsvr32 wuaueng.dll
10. Pulled a bunch of updates from Microsoft - Including service pack 3 even though it was a service pack three version of XP - so a lot was corrupted on it. Also made sure the video driver was updated also.
11. Re-installed Malwarebytes - ran scan good!
12. I had installed as part of the Windows Updates, Windows Defender - ran scan - clean!
This was a great match which I was not defeated. I have had many a fight this year with viruses, and so far I am 100% victorious. So I had to as part of my last Blog Entry of 2011, write something about it. Go to love it :)