How to Remove PC AntiSpyware 2010?

K,

Thanks so much for this excellent, step-by-step explanation of how to get rid of PC Antispyware 2010! This is the worst computer infestation I’ve ever seen! It’s really insidious! It seems to know just how much to disable each anti-malware program to make it ineffective. It will allow some programs that are already on your system to run, only disabling selective features, such as the resident scanner, virus vault, and the program’s ability to scan archive files — all the features that would threaten its ability to do its dastardly deeds. (This is what it has done to my Avast! anti-virus program.) This way, it craftily manages to make you think you’re doing something to fight it, but it isn’t effective.

It also allows Ad-Aware to run but disables its Scheduler, so you can’t schedule a boot-time scan. Of course that means that, if you rely on this program to fight the infestation, you’ll never get rid of it, since it regenerates itself during startup. Other programs already on your system are totally disabled, such as Windows Defender (which won’t even initialize). As far as downloading new anti-malware programs or getting an online scan, you can forget that once you have this infection. If it allows you to download these programs (or the launchers required for online scans) at all, it prevents you from installing, opening, or running them. It’s definitely a tough one to get rid of!

Still have to get the bootable disk made on someone else’s computer (as you suggested because my system has so many infected files that could infect/disable the boot-time virus scanner). Hope to be able to do this soon! Can’t wait to be rid of this nasty bug that has infiltrated my entire PC!

Thanks again for your help and for sharing this valuable information with all your readers!

Jeanne

Great post!

Sometimes when downloading security software is blocked, it’s possible to download from alternative sources. For instance, check shareware/download sites. I searched Google for Malwarebytes and sites like CNET, MajorGeeks and FileHippo were near the top with malwarebytes available to download from their servers instead. That may bypass a download block…

This method worked for me the other day when I had to fix a friend’s computer, so it’s worth a try before giving up on that route.

K,

A lot has happened since I wrote my first comment on this post. After much online research, exploration/investigation of my computer system, and numerous “tweaks” here, there, and everywhere, I’ve managed to eradicate PC Antispyware 2010 without using the boot-time virus scanner and without reinstalling Windows!

Though yesterday was the turning point, I believe that some of the changes, reconfigurations, and malicious file deletions I’d made the day before helped bring it about. Unfortunately, I can’t remember everything I did, but I do know that when I booted up yesterday morning, though the PC Antispyware 2010 icon was still on my desktop, it looked different. It no longer had the fancy looking shield reproduced in your screenshot, which had made it appear legitimate, but instead had the bare-bones square white window icon with the blue bar at the top, which I believe indicates an application/utility. I noticed this and wondered about it. Then I went to work seeing what else I could try to rescue my system, while I waited to get someone to create the boot-time disk for me.

I decided to go back into Add or Remove Programs and try to restore my Avast! and Windows Defender programs — even though the day before, I’d gone in and clicked “Repair” and it hadn’t worked. This time I decided to try clicking “Change,” and both programs immediately updated and corrected themselves! Avast! regained the capabilities that had been disabled (resident scanner, virus vault, and ability to scan archive files), and Windows Defender (which had been totally incapacitated) came back to life!

Of course, I immediately used both programs to do two full scans of my system. Avast! found 27 infected files, including Trojans, rootkits, and Braviax — and it found multiple files that had been infected with the same Trojans! Windows Defender found two Trojan Downloaders and one Trojan. But, the amazing part is yet to come!

When I went into my Recycle Bin (not sure whether it was before or after the scans, though I know it was after I’d “changed” the two anti-malware programs), I discovered the Beep.sys file there (which contained a rootkit)! Of course, Beep.sys is the file that causes our computer to beep on startup. But, it’s also the file that I’d read at CM2 Consulting is generally used by hackers to execute and orchestrate an insidious Braviax infection (though this post was written a while back and wasn’t actually talking about a PC Antispyware 2010 infestation). I’d sort of discounted (or, to be more accurate, temporarily tabled it), since it was an older post, since I reasoned that the hackers had likely changed their tactics by now, and since I wanted to try other things before tackling the scary procedure they had described (which had to be executed in Recovery Console Mode and could cause more problems than it corrected if done by inexperienced users).

Well, it turned out that this blogger had been right all along! Here’s a link to his post: Removal of braviaxcru629 malware.

Anyway, once Avast! was working again, I was able to schedule a boot-time scan and so restarted my computer on the spot. After two hours of scanning, Avast! had found another rootkit in the System 32 folder, along with a number of corrupted files.

I later downloaded Malwarebytes’ Anti-Malware and ran a scan, and it found 16 infected files, some of which had executed commands such as “disable security system notify” and other such nasty orders.

This has really been a learning experience, but I seem to be free of the PC Antispyware 2010 infection — after nearly five days and one entire night of working on it! I do plan, however, to continue downloading as many anti-malware programs as I can find and running them to make sure I catch everything malicious that’s potentially hiding on my PC (since every program catches things the others don’t). Also plan to create the boot-time disk you’ve recommended in case this problem should recur.

Still have a few issues I need to work out — after I figure them out — to bring everything back to normal. (For example, still can’t open Spybot S&D, or even locate it in Add or Remove Programs so I can uninstall/reinstall it, and I still see no sign of my Windows Security Center in my Control Panel, though I know by checking my Services panel that it’s active and running.) But at least I’m free of PC Antispyware 2010! And good riddance to it!

Thanks again, K, for all your help, because you’re the one who made me realize that a boot-time scan was what it would take to stop this infection from continually regenerating itself, since it does that on startup. Even though I was able to use my resident anti-virus program to do it, rather than the rescue disk you recommended, it was only because your expertise led me in the right direction that I knew what to do.

Really appreciate your help!
Jeanne

I meant the System 32 folder (in par. 7), not the System 23 folder! Sorry!

Jeanne,

First of, thank you so much for coming back with your findings. I am so glad to hear that you were able to get rid of this insidious infection.

I was glad to be of help but I think you have done all the right things in this situation to get rid of this infection.

You rock!

No worries, I corrected it for you.

K,

Thanks for saying such nice things, but I think I was just more stubborn than the malware was! I was so determined to get rid of it that I would have done whatever it took — so, it didn’t have a chance!

Thanks, too, for correcting my System 32 typo! After writing everything I’d written in that comment, it was a bit embarrassing to go back and find that error! Correcting it right in the comment is so much better than explaining it after the fact, because it clears up any confusion a reader might have had on initially reading it.

Thanks again for being such a great blogging friend — one who’s always so willing to help a fellow blogger/reader when needed!

Martin,

Thank you! Thanks goes to Jeanne for prompting me to write this tip. You bring up a very good point for downloading security software if the DNS appear to be hijacked for most sites.

This infection was thoughtful enough to prevent installing/updating any of those popular software even after a download but this tip could help in other instances.

Jeanne,

You are most welcome.

K,

Just discovered that both your Autoruns link and your Hijack This link take us to Hijack This. Figured you’d want to correct that. (Tried to use your link to reinstall Autoruns, and that’s when I discovered it.)

[...] How to Remove PC AntiSpyware 2010? [...]

Can you help me? My computer has bin infected. This helped, but I have a question. The program blocked my downloads so I cant download any of the softwear you gave. So I cant complete the steps D: Can you help me?

Ryan, in that case you have to go with the option I specified above where you need to use a ‘boot time anti virus disk’. Try to burn that from a friends computer and run it in your infected computer. Good luck!

Ryan,

Here’s something else you can try in addition to getting the boot-time anti-virus disk: Go into your Control Panel and double-click “Add or Remove Programs.” Then, go to each or your anti-virus and anti-spyware programs and click “Change/Remove.” After that, click “Change.” (You can try clicking “Repair” first if you have that option, but that didn’t work for me.) When I clicked “Change,” my programs updated and sprang back to life. (Hopefully this will work for you. I’m not sure if it worked because of other system changes I’d made beforehand or not, but it’s certainly worth a try.) If it works, you can then do a couple of full scans of your PC and schedule a boot-time scan with your anti-virus program. I’d still recommend getting the boot-time virus scanner disk, though, just in case you need it. If it doesn’t work, you definitely will need the boot-time anti-virus disk.

Next thing I’d do is check to make sure your Windows Firewall is turned on. You’ll find that in your Control Panel, too. You may notice that your Windows Security Center icon is missing from your Control Panel, which prevents you from accessing your Security Center. I’m still working on this one. It’s been a week since my active PC Antispyware 2010 infection has been disabled, and I still haven’t been able to access my Security Center.

Another thing you’ll want to do is get PC Antispyware 2010 out of your Startup list (the list of files that automatically load at startup), which involves deleting a registry key. Until you do that, though, you’ll want to go into your System Configuration panel and uncheck PC Antispyware 2010, which you’ll find at the end of your list of Startup files in the Startup tab. This will prevent it from loading during startup.

To access the System Configuration panel, click “Run” in your Start menu, type in “msconfig,” and click “OK.” (Be very careful what you do in the System Configuration panel, though, because this can seriously affect the operation of your computer.) When you’re inside the Startup tab, uncheck “PC Antispyware 2010.” Once you’ve done this, you’ll notice, if you go into the General tab, that your sytem’s Startup mode changes from Normal to Selective. It isn’t intended to remain in Selective Startup mode indefinitely, so you’ll want to remove the registry key that’s causing the problem as soon as possible.

From what I understand, there are programs that will do that for you, though I personally did it manually, with my computer in Safe mode, after researching online to learn where to go in the registry to do it. (Again, it’s important to be very careful when making any changes to the Windows Registry, so as not to adversely affect the operation of your computer.) I’ve kept screenshots of the entire process of manually removing this registry key (actually, this registry sub-key). Perhaps K would want to include these in another post on this topic, so you can see the process in action.

Once you understand the process of finding the various branches of the Windows Registry — which works much like an outline, with headings (keys), sub-headings (sub-keys), and details (values) — the following registry location won’t be difficult for you to find: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg. This is where you’ll find the sub-key “PC Antispyware 2010,” which you need to delete. When you get there, you’ll notice various values (in the right hand panel, all of which are related to PC Antispyware 2010 and all of which will be automatically deleted when you select and delete the sub-key “PC Antispyware 2010″ from the registry. Doing that will entirely remove PC Antispyware 2010 from your computer’s Startup list, causing it to automatically return to Normal Startup mode. (This won’t remove every malicious file related to the infection from other parts of your system, though. It will only prevent the main program from loading on startup.)

If you’re worried about trying to manually remove items from your Windows Registry, research Windows Registry (or Windows MSConfig) cleaners online and download one from a trusted source. (I hesitate to recommend one, since I’ve never used them and couldn’t say which ones would be good.)

PC Antispyware 2010 is a very insidious malware infection that isn’t easy to fully purge your system of. So, download all the anti-malware tools you can get your hands on (once you’ve regained your ability to do that by reactivating your current anti-virus and anti-spyware programs), because every program will find malicious files that the others miss — and you’d be surprised how many different ones this nasty program places on your system! Stick with it, and don’t give up until you’ve beat it!

Good luck!
Jeanne

Ryan,

Forgot to mention that, if you decide to delete the PC Antispyware 2010 sub-key manually, you can access the Windows Registry by clicking “Run” in your Start menu, typing in “regedit,” and clicking “OK.” You’d then navigate through the various branches of the registry, using your mouse (or mouse and arrow keys), until you locate the “PC Antispyware 2010″ sub-key. Clicking to select it will reveal all its registry values in the right-hand panel. You can then either right-click the sub-key (in the left-hand panel) and choose “delete” or click “Edit” in the registry menu at the top of your screen while you have the sub-key highlighted and choose “delete.”

Remember to do this with your computer in Safe mode. If you need help getting into Safe mode, either K or I can explain how to do it.

Jeanne

K,

Hope you don’t mind my input and suggestions to Ryan on his problem. I can really empathize with his situation (since I’ve just gone through it), and I thought that maybe, through my own experience, I’d be able to provide a few helpful tips. Hope I haven’t overstepped my bounds!

Jeanne

Jeanne, absolutely not! You are offering true and personal insight into what you just went through. Your comments are adding more and more value to this issue and I really appreciate it. Have at it!

Thanks, K! Certainly do appreciate your openness to your readers’ input!

man this malware is killing me. thanks so much for the post!

Thank you for your instruction, Jeanne. I am having the same troubles like you and tring to solove it manually.

Among your great tips, there is one thing that does not work for me.
After the infection, “Add and Remove” in my Control Panel does not work. Clicking it does not activate anything. Do you have any thoughts how to solve this problem?

Also, if you could share your experience about how to restore Windows Security Center after removing the virus, I would appreciate it a lot.

Again thank you very much for your time and effort.
Yosh

Why FBI does not investigate PC-Antispyware? It is really bad.

Yosh,

You’re very welcome! Don’t mind at all doing whatever I can to help people get rid of this really insidious malware. Unfortunately, I haven’t yet figured out how to get my Windows Security Center back, though I may be homing in on it. I’ve discovered some suspicious-looking registry values that are related to the Security Center, but I’m thinking that perhaps I should check with Microsoft before I delete them, since I’m not certain that all the values in question are actually malicious.

(Perhaps K would be interested in helping me out here by comparing my screen shots of these values to his own values in these specific parts of the registry to see whether any of them match up [in which case they'd probably be OK].) Some seem pretty obviously malicious, though, such as “AntiVirusDisableNotify,” “AntiVirusOverride,” “FirewallDisableNotify,” “FirewallOverride,” and “UpdatesDisableNotify.” Others I’m not so sure of, such as “FirstRunDisabled.” I’ve also found the “DisableMonitoring” registry value in one branch of the registry under the Monitoring sub-key of the Security Center registry key. This one looks suspicious to me, as well.

I could simply try saving these values before deleting them, so I’d be able to restore them if it turned out that they shouldn’t have been deleted; but I’m hesitant to do that, since I’m not sure what problems it might cause. I do, however, suspect that these values could just hold the key (no pun intended) to restoring my Security Center and will keep you apprised when I learn more.

So sorry to hear that the “Add or Remove Programs” link isn’t working for you. Can you tell me what happens when you double-click that link? Do you get a list of the programs you currently have installed on your computer, or does the link simply do nothing? If you do get the list of currently installed programs, are you able to locate and highlight your anti-virus and/or anti-spyware program(s)? If you can, what options are offered to you at that point?

This malware is a really tough one to beat; and even after the main infection is gone, you’ll find many lingering issues that will need to be overcome. But, don’t give up! Stick with it! We can work together to figure out how to overcome this malware menace!

I’m really thinking I need to contact Microsoft, since the company does want to know about anything that compromises the security of its applications and I’m really beginning to believe, more and more, that PC AntiSpyware 2010 qualifies!

Jeanne

Yosh,

Here’s something else to try to get your anti-malware programs up and running again (hopefully it will work):

Go into your Control Panel and double-click “Administrative Tools.” Then double click “Services Shortcut.” This will take you to a list of the services currently available on your computer, giving you information about each, including whether or not it is running and whether it is set to Automatic or Manual.

Locate your anti-virus and anti-spyware program(s) on this list and check to see whether their status is “Started,” “Disabled,” or whether there is simply a blank space in the “Status” column, which indicates that the program is not currently running. If they are not running–and especially if their status is “Disabled” (which is highly likely in this situation)–right-click on the name of the program, click “Properties,” and, in the window that opens, set them (in the “General” tab) to “Startup Type: Automatic.” Then click “Apply.” To start the programs, click “Start” and “OK.” Their “Service status” should now change to “Started.” Click “Cancel” to close the window and return to the Services list. Do this for each program, checking also, to make sure that your Security Center service is running (even if you can’t access it yet).

Also, make sure that Alerter and Messenger are running, and if they aren’t, set them to “Automatic” and start them. (Messenger has nothing to do with instant messaging, but instead, sends Alerter messages about your Windows Operating System.)

You’ll also want to check your Event Viewer (which is also found in Administrative Tools in your Control Panel) to see what important notifications you may have been missing. Event Viewer will give you a list of all the information items, error messages, and warnings you undoubtedly haven’t been getting because PC AntiSpyware 2010 has disabled your notifications.

(Think I will go in and delete the various “DisableNotify” values from my Windows Registry, since, as far as I can see, there’s no way these items could be good. There’s such a thing as being overly cautious, I think, which I believe I’d be doing if I put this off any longer. Will need to restart my computer in Safe mode, though, which does get a bit tiresome.)

Let me know how things go.

Good luck!
Jeanne

Yosh (and anyone else who’s been reading my above comments):

On second thought, I don’t think I’ll be deleting the above registry values after all–at least not at this point–since I really feel that I’m out of my league where the Windows Registry is concerned. I don’t have sufficient expertise to understand the data items that are associated with these registry values.

I’m looking at one of my Malwarebytes’ Anti-Malware program’s logs and notice that it says it has already taken care of a few of the registry items in question, and it appears that it may have done this by changing the info in the Data column (and thereby effectively deactivating the command contained in the registry value), which I believe has likely made it unnecessary to delete the entire value (though perhaps it wouldn’t hurt to delete it).

While I’m not absolutely certain this is what has occurred, it seems reasonable. Yet, I will be giving this a little more thought and likely doing more research before making any more changes to my Windows Registry. (It always pays to be cautious where your Windows Registry is concerned!)

I may ultimately go with my first instinct and send screenshots of these registry items to Microsoft and let their experts decipher them. I’m still deciding on this. At any rate, I have a strong feeling they’d be very interested in knowing about PC Antispyware 2010′s hijacking of their Security Center.

Just got this pesky thing, but it didn’t actually fully install but it’s still locking me out of everything…internet…gone….Won’t let me install malwarebytes, but I’m going to try using the bootable disc for Avira and will report back. I never actually ran a program but I think I downloaded something and extracted a file that automatically ran somehow….was supposed to be a e-book but it was an exe so i deleted it. I never have had a problem on my PC but this was my mom’s work PC. So I’ve been up all night because I have to fix it.

Thank you guys for all the advice. The Malwarebytes’ Anti-Malware worked! I am not computer savvy but am soo thankful it is gone
thanks again

Bob,

Sorry to hear that this malware is preventing you from accessing the Internet! This isn’t a problem that PC Antispyware 2010 caused me–though it did cause plenty of other problems! Throughout the entire ordeal, I’ve always had access to the Internet, though I often felt the malware was attempting to manipulate much of my Web surfing (which may or may not have been true, because I was using what was a new and unfamiliar Web browser to me at the time: Google Chrome).

Is PC Antispyware 2010 the specific malware program that has infiltrated your mom’s work PC? You’ll know by the windows that will continually pop up on her desktop and even on the Web pages she visits. They will look like the screenshot K has put into this blog post. You’ll also see a window that claims to be the Windows Security Center, giving you erroneous information about the Windows Firewall and the PC’s resident anti-virus program. If you don’t mind my asking, what browser does your mom use on her work PC?

Do you know whether your mom has recently allowed a Java update while she was surfing the Net? I’ve read that this is the way PC Antispyware 2010 is inadvertently downloaded (because, though the update appears legitimate, it really isn’t). I also know that I recently allowed a Java update while I was on the Internet, so this may be the way I contracted this malware.

Though I unfortunately don’t recall what day I allowed the “Java update,” I do know that I contracted the malware on August 8th. That also apparently was the day I downloaded the Google Chrome browser which I’m currently using. So, I’m keeping all these things in mind as I attempt to figure out how the malicious software was downloaded.

(I’m also wondering whether my old Yahoo! browser might not have had something to do with it, since I continued using it for quite a while after Yahoo! had warned me that it would no longer be providing updates and advised me to uninstall it and begin using Internet Explorer instead. Don’t believe I used it on August 8th, though I’m not absolutely certain. Since I might have used Yahoo! browser, the possibility of a security vulnerability does loom large when one considers the fact that there had been no recent updates.)

At any rate, I learned the other day from an expert on a malware forum, at BleepingComputer.com (wish I’d saved the link, because now I can’t locate the thread), that outdated Java programs definitely do present a security vulnerability which can lead to downloading malware, so you should check to make sure you have the most recent Java Runtime Environment update (currently JRE 6, update 16), and if you don’t, you should download it directly from the Java website. This malware expert stated that you should check the box that says “Windows Offline Installation,” then click the link below it and save the file to your desktop. You should then proceed to remove all older versions/updates of JRE or J2SE currently on your PC (after closing any programs you have running–especially your Web browser). Do this in “Add or Remove Programs” in your Control Panel. When all old Java versions/updates have been removed, restart your computer and then double-click the downloaded Java update and follow the installation instructions.

If your mom’s problem is PC Antispyware 2010, it won’t be quick and easy to remove all traces of it. But, try using any anti-virus and/or anti-spyware programs that may still be usable or that you can manage to start up again or successfully download. (See my above comments for some hints on starting up anti-malware programs that have been disabled by PC Antispyware 2010.) Run full scans with these programs, and set up a boot-time scan as well. If unable to do this, consider K’s advice of using a boot-time anti-virus disk, since it’s critical to get rid of any malicious files that load or regenerate themselves during startup.

Hope all goes well for you!
Jeanne

Thank you very much for this posting.

I had the PC Antispyware 2010 virus infect my computer and NOTHING could remove it.

I downloaded Malwarebytes and ran the program. Virus removed.

I’ll admit, I was leery to do it as I am not very tech savvy and afraid I might get another virus from the Malwarebytes instead. NO SUCH PROBLEM.

Once again THANK YOU and also to the people at Malwarebytes. Without this free download, I was looking at spending at least $125 at the local computer shop for the work to remove PC Antispyware 2010.

Can’t the government sue the creators of the PC Antispyware virus?

I would love to be a member of a class action suit against these B@@@@rds.

Yep, it was not exactly the same but I think a varient of pc antispyware 2010. I did get a message telling me about it but when I saw that I just found the service and shut it down. Then when I rebooted everything was just messed up…ended up needed work tech to give us a new PC for her job and wiping the old one.

Bob,

There seem to be quite a few variations of PC Antispyware 2010 out there, which apparently cause different issues for different PCs.

One good thing about having it be a work PC that was affected in your mom’s case was that you were able to turn the problem — and the PC — over to the work tech and get another! When it’s one’s own PC, one has little choice but to find a way to overcome the problem, either on one’s own or by paying someone else to do the job. Glad everything worked out for your mom! Thanks for reporting back and letting us know the outcome!

Jeanne

Yosh, K, and Everyone,

I’ve discovered, through trial-and-error, as well as online research, that the “AntiVirusDisableNotify,” “FirewallDisableNotify,” and “UpdatesDisableNotify” registry values are apparently added to the registry by one of our anti-malware programs (not sure which one) to avoid duplicate notifications, since the anti-malware program itself takes over this task.

That explains why, after I had tried two separate times to delete these three values from the “Local Machine” branch of the Windows Registry, I discovered, on checking after reboot, that all three were back again. I did, however, apparently manage to remove all three of these values from the “Current User” registry branch, since I no longer see any sign of them there. I’d guess that this is because they really aren’t needed in relation to the current user if they’ve already been implemented for the local machine the current user is using.

Still don’t know the significance of the “AntiVirusOverride” and “FirewallOverride” values, though, as I not only haven’t attempted to delete these but also have found no helpful info about them online.

Just wanted to pass along that info to anyone who might be interested, since I’d left the issue hanging last time. It’s good to know that these devious-sounding registry values can indeed be used legitimately and that we needn’t worry about them! After all, PC Antispyware 2010 already gives us enough to worry about!

Hi
I seem to have got PC Antispyware 2010 somehow aswell, but there is nothing that I can seem to do about it. Everytime i try to scan using McAfee security centre an error occurs, and Malwarebytes’ Anti-Malware won’t even start up
I even tried using the rescue disks ( I used Ultimate Boot CD, Avira Antivir and Kaspersky) and although Ultimate Boot CD and Kaspersky found 2 viruses, when I reboot my computer PC Antispyware 2010 is still there!
I am losing hope now, and i am afraid that I might have to take my computer to a shop, and have to pay a large amount of money to get rid of this malware
Is there anything else i could do to get rid of it once and for all?

Hello, I got the virus a couple weeks ago and it’s been giving me hell. I’m not computer-savvy, so could someone please explain to me what to do, in a more simple way?

I tried to use the Run command to delete registries, but it says that I’m blocked by administrator from doing that. I don’t know how so, as I am the administrator. Also, I don’t think I’m able to do the boot-disk thing, as I have no clue which is my network cable. I’m a minor, and my dad would be upset if I told him I’d been infected for a couple weeks now.

So, in short, any advice is much appreciated. This virus is one of the worst I’ve seen (and I’ve seen a few!) so I certainly can’t wait for it to begin.

Oh, one feature I didn’t see mentioned (or maybe just missed) is that it kills all Anti-Spyware programs. Generally during the “Preparing for Scan” phases, or sometimes later. Trying to run Avira even causes my computer to crash. So please, someone, help me end my misery.

Matthew,

For a few things you can try that might help get your anti-malware programs back up and running, first read the beginning of my first comment to Ryan, above. If that doesn’t work, try the technique mentioned near the beginning of my first comment to Yosh. In those comments, I’ve explained the two actions that were helpful to me in getting my anti-malware programs working again. If you try both and neither works, try going back and doing the first one again. Hopefully, that will help!

You’ll also need to uncheck PC Antispyware 2010 in your Startup list to prevent it from loading every time you boot up. I explain how to do this in my first comment to Yosh. As I also mention in that comment, you’ll eventually want to delete the PC Antispyware 2010 registry key that’s causing it to load during bootup, but until you can do that, unchecking the program in your Startup list will prevent it from loading.

Keep us posted on your progress.

Good luck!
Jeanne

JoshMac,

Try following the advice I just gave Matthew in the previous comment. As I’ve told Matthew, use the techniques I’ve described in my comments to Ryan and Yosh, and hopefully you’ll be able to get your anti-malware programs up and running and get PC Antispyware 2010 out of your Startup menu.

Once that’s been accomplished, your anti-malware programs will do much of the rest of what needs to be done for you.

Good luck and keep us posted on how things go!

Jeanne

P.S. If you have any questions, feel free to ask.

Yosh, K, and everyone who’s interested in finding your Windows Security Center:

I’ve finally located my Security Center and restored my access to it.

Here’s where I found it: C:/WINDOWS/$NtServicePackUninstall$ (Author note: substitute / with a backslash as the comment form has trouble displaying it)

To access the above folder, click “Start,” then “My Computer.” Then copy and paste the above information (without the period at the end) in the address bar and click “Go.”

This will take you to a hidden folder, which you won’t be able to locate if you simply double-click “Local Disc (C:)” and then “Windows” in “My Computer,” because the folder doesn’t show up there. This is why you’ll have to copy and paste the above information into the address bar, which will take you directly there.

This hidden folder contains a very large number of files, all the names of which appear in blue type (rather than the usual black type)–an apparent indication that they are hidden and possibly also that they are template files, which I realized later. I believe this folder contains not only the uninstall files for various updates, etc., but also extra copies of our computer’s critical system files–though I haven’t done an actual survey of which specific files are included here.

At any rate, the main point is that this folder is where I found my Windows Security Center file. This file is called “wscui,” which stands for “Windows Security Center User Interface.” This file uses a very plain-looking icon which looks like a sheet of paper with the top right corner folded down and has an image in the center. You may also notice another Security Center file here, which you’ll recognize immediately by the familiar four-color Windows Security Center shield. You’ll note that it also says “Shortcut.” This isn’t the actual Security Center file, but a shortcut to the Security Center. For now, you’ll want to concentrate on the “wscui” file, which is a Control Panel Extension that will allow you to access your Security Center from anywhere you place it.

I started out by moving “wscui” to my desktop, and it worked fine there, though it didn’t look as nice as the shield icon of the shortcut did. But, at least I was able to access my Security Center at long last! The simplest way for you to access your Security Center will be to place the “wscui” file on your desktop–though I would recommend that you copy and paste it, rather than moving it, as I originally did. This will leave a copy of it in the Uninstall folder, as well. This is the first and most important step to restoring access to your Security Center. Replacing the icon in your Control Panel will be a separate process. At least you’ll have access to the Security Center in the meantime, though.

I’ll return later to explain the remainder of the process I followed for restoring the Security Center icon to my Control Panel and replacing the “wscui” file in my System 32 folder. Everything that happened through my experimentation isn’t even completely clear to me, though my Security Center icon is now back in my Control Panel and the “wscui” file has been safely restored to my System 32 folder. Yet, I’m still puzzling out exactly what happened and why.

So, stay tuned. Try the above and please report back to us on your success in accessing your Windows Security Center so we can share your excitement!

Jeanne

Google Vundo virus and there’s a new tool that helps get rid of it.

The best thing to simply do against any virus is get a copy of Acronis True Image and make a backup 1:1 image of your HD before you get any trojans or viruses. This way, boom you can restore your pc to a healthy status. I have never had a real problem on my PC but it was my mom’s work PC as I had mentioned b4 that got infected. They simply gave her a new computer and cleaned the old one, but it was really, really infested. PC antispyware 2010 is what I believe a Vundo varient. Nasty little bugger too….the big trouble is that it leaves registry traces that malwarebytes does fix I believe. You need to re-install malware bytes but rename the executable to something else…I’ve read that it may help.

K,

Just noticed that there’s an error in my comment addressed to “Yosh, K, and everyone who’s interested in finding your Windows Security Center.” My apologies!

The text I said to copy and paste into the address bar in “My Computer” to locate your Windows Security Center should contain backlashes after “C:” and after “Windows,” but the Comment software apparently didn’t reproduce them.

The following is what you’ll want to use in place of the version containing no backslashes (only replace “[backslash]” with an actual backslash) before copying and pasting:

C:[backslash]Windows[backslash]$NtServicePackUninstall$

Comment boxes may simply not reproduce backslashes. Come to think of it, I’ve seen this phenomenon before.

If it isn’t too much trouble, K, would you mind making the correction right inside my earlier comment to avoid confusion? (PC Antispyware 2010 is causing people enough confusion without the solutions providing even more confusion!)

Thanks–and again, my apologies to all!

Jeanne

Jeanne,

I have to appreciate your continuous monitoring of this thread and providing assistance to those needing help. I have been so time constrained to reply here but I am so glad you have it upon yourself to help! You rock. The comment form does have problem displaying backslash so I have added forward slash with a note to replace it with a backslash)

Great idea, K!

Thanks for taking care of that! I hate to make it harder for people who are already struggling with PC Antispyware 2010 to correct their issues by having the fix be as confusing as the problem! Your idea for clarifying the file path was a great one!

Don’t mind at all helping out, since I know how frustrating this infection can be! I’m just hoping that everyone else will find their Windows Security Center in the same place I found mine. Hopefully this malicious program always puts it in the same folder. (Likely it does, because it’s such a convenient place to stash it, since it’s a hidden folder.)

Alright, here’s the newest episode in my saga of woe. I’m rid of the program itself, PC Antispyware 2010 no longer shows up in my list of programs or anything. However, it’s lackeys do. I know there’s a rootkit out there somewhere, but the problem is, I can’t find it. Malwarebytes, which I used to swear by, can’t even scan for more than 20 seconds before it closes out, and then the .exe for it becomes inoperable. Occasionally, by reinstalling it, I can get it to scan for a few seconds, but to no avail. I located my Windows Security Center; and it was disabled. I got Windows Defender to open, but it too closed out, saying a program had forced it too. Something in the System32 folder I’m pretty sure, because it was busy scanning that when it happens. I downloaded Avast, and it was kind enough to go ahead and do a boot-time scan or whatever it’s called. 10 hours later, it found over 25 infections, but the rootkit’s still there. Any more advice? I can’t afford to take my computer to a shop, and really really don’t wanna have to reformat my harddrive. I’ve been receiving help on BleepingComputer, but no program they recommend works, including HijackThis and ComboFix. Thanks for all your help here.

One thing I forgot to mention: the virus (or what’s left of it) seem to be doing three things. One, preventing antivirus software from successfully running, which is what I’m most worried about. Two, it frequently tells me that “Firefox has been disconnected from the server” when attempting to navigate to other sites, which is worked around easily enough. Three, it opens invisible Internet Explorer windows that don’t do too much, other than to be extremely annoying. Is there a way to prevent access to them? I tried to by using the “Set Program Access” option in the Start menu, but it didn’t do much. Thanks again!

JoshMac,

Have you tried restarting your anti-virus and anti-spyware programs by going into “Add or Remove Programs” and clicking “Change” and going into your list of services, clicking “Properties,” setting them to Automatic, and clicking “Start” (as I’ve described in my comments to Ryan and Yosh)? It’s critically important to somehow get your anti-malware programs running again, because they will find and remove the malicious files that are causing all the harm.

Another thing you’ll want to do is go to “Search” in your Start menu and manually search for every file that contains either “Braviax” (the virus that PC Antispyware 2010 puts on your PC) or “cru629″ (another name for Braviax). Delete every file that you can find that contains either of these. (If you go into “My Computer” and access your System 32 folder (in Drive C and in the Windows folder), you may see a file there called “Braviax.exe.” That’s the executable program that helps keep PC Antispyware 2010 active on your system. You’ll definitely want to delete this one, along with all the other files containing the virus; though there are Trojans and rootkits that are also part of the package with this malware. Programs such as Rootkit Revealer or Trend Micro’s RootkitBuster can help you locate rootkits so you can remove any that contain either the virus or any Trojans you may recognize the names of. My only problem with Rootkit Revealer is that the last time I ran it, it found almost 41,000 files, and I had no idea where to even begin assessing the readout. RootkitBuster didn’t find anywhere near that many.)

If you find out during your search that any registry keys contain Braviax/cru629 (which they likely will), you’ll want to reboot your computer and put it into Safe Mode before deleting them. (You might even want to do that before searching for and deleting the files containing Braviax and cru629, though I didn’t.) To speed up your search, you might want to limit the dates, based on when you got the infection.

You’d also do well to delete your Beep.sys file and will most likely find that it’s been infiltrated by Braviax anyway. (This is apparently one of the favorite places to hide Braviax.) Your system doesn’t need the Beep.sys file to run; it only makes your computer beep on startup. You may find that you have two Beep.sys files. One will be found in System 32 Drivers, as I recall; and one may simply be found in your System 32 folder. (Not absolutely sure about the second one because I didn’t find it myself; Avast! found it and put it into my Recycle Bin when I managed to start it up again.)

If you want to search for your Beep file, use the same process mentioned in this comment, but just search for “Beep” without the “.sys” extension. Searching without using the file extension (with Beep or any of the other terms mentioned above [i.e., Braviax and cru629] will allow you to find all files that contain it, no matter what file extension they use.)

Try these ideas for now, and let us know how it goes; then we’ll take it from there. If I have any other ideas in the meantime, I’ll stop back and let you know.

Good luck!

Hey Josh, that’s the point I was at….the main thing was not installed…the virus but it was still doing other bad things and I had given up.

Try changing malwarebytes name that launches the program…..I did not try this, but leanred about it after I had given up.

google “vundo fix” and you may find some other various programs. I see bleepingcomputer does have a vundo fix as well….this thing is a bad boy so keep trying or format. I had to give up because it was not even my computer….and like I said, always make a backup image so you can avoid MAJOR problems like this. Acronis saved me many times.

Bob and JoshMac,

I didn’t try changing the name of any of my anti-malware programs, either, though I did try changing the name of Braviax.exe, which didn’t do any good. Hopefully it will help in this instance, though. It’s so important to get those anti-malware programs up and running and/or to download others that can help get rid of the amazing number of infected files PC Antispyware 2010 puts on your computer.

I’d keep trying to download every anti-malware program and tool I can think of, because you never know when one of the downloads you try will work.

Vundo was not one of the Trojans that was involved in my PC Antispyware 2010 infection, as far as I can tell. Win32:Fraudo, JS:Pdfka-MQ, Win32:Vuku, Win32:Spyware-gen, and Win32:Trojan-gen were involved in my PC’s infection, and all were found by Avast! Avast! also found Win32:MoPack, which it classified as “[Cryp],” as opposed to “[Trj],” and also located the rootkits Win32:FakeAV-NO and Win32:Rootkit-gen. (Perhaps some were unrelated to this particular infection, but all were found at the same time my PC was infected with it.)

This infection is very bad, and the number of files affected is quite large. That’s why anti-malware programs are so important in fighting it. So, keep trying everything you can think of to get yours working again and/or to get new ones effectively downloaded.

Hopefully your name-change idea will work, Bob!

JoshMac,

Don’t forget to make sure that PC Antispyware 2010 is unchecked in your Startup list, so it doesn’t load every time you boot up. (You’ve said it’s no longer in your list of programs. Were you referring to your Startup list?)

It might also make a difference if you go into your list of Services and enable the services that have been disabled. I found several disabled services after my malware attack, and I believe most of these were probably intentionally disabled by the malware in order to prevent my PC from working properly. As I recall, I enabled all these (except for one–explained below) before I managed to get my anti-malware programs started again. You may need to do this before you can get yours running, too. In my second comment to Yosh, quite a bit earlier in the comments on this post, I explain how to do that.

I’d go into the Help screen, once you get there (via my instructions to Yosh), type the word “Services” into the search box and click “List Topics.” Then choose “Default settings for services” in the list of topics and click “Display.” This will show you the default setting for each service. Use this as a guide to properly enable each of your disabled services. Only one service on the entire list is supposed to be disabled, according to this list of default settings: Human Interface Device Access. All the others should be set to either Automatic or Manual, as indicated on this list.

Hopefully, enabling all your services will not only help you get your anti-malware programs running but will also help you with your server disconnection problems, as well, since some of the disabled services appear to be network-related. (Some services are also dependent on other services to function properly. You can see these dependencies when you open the Properties window for each Service.)

Don’t really know about the third issue you’ve brought up. I, too, had wondered if it might be possible to deny access but couldn’t figure out how to do it or if it could even be done. Figured it might be too late at this stage of the game, since the malware has already entrenched itself in the system–but would love to find out I’m wrong about that! If anyone knows how to do it, we’d certainly appreciate hearing about it!

I know it’s called Fraudo or whatever, but I’ve heard the PC antispyware is a Vundo varient. I did not know this beforehand. If you look up Vundo in Wiki though, it’s explained that a similar program just like PC antispyware is used. It also does the exact same things as this does. I had managed to del Braviax.ee as well…but there was a lot of redistry entries that I just couldn’t track down. Eventually I just made so many mistakes that I had no internet even with all my services put back the way they were…was really nasty.

I checked my services, and they seem…. Decent at best. Bitdefender’s been inactive from the start, and Avira works, to a certain extent. However, it didn’t show up in the list of services? And I couldn’t reactivate Bitdefender. None of the other anti-malware programs I have showed up except the recently installed Avast, and that was activated.
When I said that PC Antispyware 2010 is gone from my list of programs, I mean completely, as far as I can tell. I deleted its file from my “Program Files” folder, uninstalled it (for some reason, the uninstall feature the virus gave me itself worked, go figure) removed it from programs, and was not in my list of services.
At the moment, I’m running Rootkit buster, it’s found a couple things so far. By the way, I tried renaming Malwarebytes a while ago, didn’t seem to help. The guy on BleepingComputer recommended it too.

Oh, also, under “Add Or Remove Programs,” I don’t get a change option. I get a remove option, but that’s it.

Bob,

I can believe it’s a Vundo variant. Just noticed today that I had a Spybot S&D (zipped) file named Virtumonde, which, when I researched it online, I learned is a variety of Vundo. So, I either had both it and PC Antispyware 2010 at the same time, or it helped to cause my PC-A 2010 infection. Nasty is definitely the word!

Yea…that’s crazy….you probably did have both. When I saw the initial alert that pc antispyware 2010 wanted to install, I knew already I had trouble. The problem for me was that I never actually installed it to be uninstalled and that threw me for a loop on getting rid of it. I had tried other things and deleted files manually but it had always partially managed to come back upon rebooting even after a system restore. The system restore did however let me back onto the internet. Well…I know there’s worse out there, but as far as annoying on a constant basis, this thing is far up on the list. I do not know how exactly I got it though and since my mom is on a work network someone else had gotten the same thing….so I’m not sure if there was some sort of random attack or something or someone else ran something they shouldn’t have ran. I did download what I thought was an e-book, but turned out not to be (so I deleted it after I unrared it but did not execute) I wonder if that matters…??? Can something run if you don’t double click it…..not sure. It seemed to happen near that time….adobe acrobat just went nuts opening a bunch of times, things started slowing down, then boom I rebooted cause it locked. Then when it came back on I had seem pc antispyware pop up and thought…oh man…I got a virus on here…..screwed!

Avira was no good….it eventually went bye bye…. it did detect things but never fixed the entire damage so I think it just replicated itself. NOD4 was automatically shut-off by the virus…and counterspy 3 worked once, then the trojan got wise and shut it down, then deleted it. The company had some old Mcafee on there….completely pointless.
As usual Malwarebytes would uninstall itself or become useless…Not sure what else I could have done, but here’s hoping everyone else has better luck then I did. Here’s also hoping no one gets it again! hehe! Peace….

JoshMac,

Glad to hear your anti-malware programs are partly functional. Every little bit helps! Unfortunately, you may not always spot them easily in your list of Services because they sometimes use abbreviations that aren’t easily recognizable. You may have to do a little detective work to locate some of them.

Also, don’t forget to check your entire list of Services, and not only your anti-malware programs, because you’ll want to make sure ALL your system services are functioning properly. This is an important step in getting your system back to normal.

In “Add or Remove Programs,” you’ll find that some of your programs will offer only the “Remove” option, but others will provide either “Change/Remove” or separate “Change” and “Remove” options. You may need to experiment a bit here. If you have a “Change/Remove” option, click it and see what you get. If you notice the “Change” option is totally separate from “Remove,” try clicking “Change.” If you have no other choice, you may even have to try clicking “Remove” for a totally non-functional program and then try downloading it again. What have you got to lose, if it isn’t working anyway?

Glad you aren’t finding infected files in any of the folders you’ve mentioned. If you haven’t yet, be sure you also go into your Start menu, click “Run,” and type in “msconfig”; then click “OK.” You can then check your Startup list to make sure PC Antispyware 2010 is no longer in it (or at least is no longer checked). You’ll find it in the Startup tab. (Be sure not to make changes other than unchecking PC Antispyware 2010 while in the System Configuration Utility, though, so you don’t end up causing any system problems. (It would probably be best to do this with your computer in Safe mode–though it will be even more important to use Safe mode when you go in later to delete the PC Antispyware 2010 registry sub-key that’s placed the program into your Startup list in the first place.)

RootkitBuster found several nasty files on my PC, though Avast!, Windows Defender, AdAware, and MalwareBytes found many more. If MalwareBytes isn’t working, try uninstalling/reinstalling it. Maybe that will help.

Keep us posted on your progress.

Bob,

This is definitely a tough one! I never installed the program either–at least not that I recall. I may have unwittingly downloaded it by allowing a Java update while I was online, though. It’s possible that I could have installed it thinking it was a Java update, but I doubt it. It does sound as if your non e-book may have been the culprit for you. The continuously replicating nature of this malware is one thing that makes it so difficult to get rid of–along with all the hidden files it places all over your PC. I’m still finding abnormalities (including strange-looking registry entries and missing or misplaced files) now and then that I’m attempting to figure out. It’s quite a puzzle!

It must be possible for this program to run automatically once it’s been downloaded; otherwise, how could these windows just suddenly begin popping open all over the place with no encouragement from us?

This program has the capability of disabling any anti-malware programs we happen to have on our PCs at the time it’s downloaded. It certainly isn’t only MalwareBytes that’s affected. Avast! was greatly (though not totally) incapacitated on my system when I contracted the infection, and Windows Defender was completely disabled. As I’ve mentioned, I eventually got both programs working again, though. Didn’t download MalwareBytes until later, and once I did, it worked great.

Let’s HOPE no one gets this nasty infection again, because one time is one infection too many!

Hi, i was just wondering if it is necessary to have PC Antispyware 2010 installed on your computer, in order to uninstall it?
At the moment i have the bubble which keeps popping up, but i always close the program when it says that PC Antispyware 2010 is downloading. My antispyware programs still don’t work, i searched my computer for bravix and cru628 files and i found some and deleted them, but this doesnt seem to have helped
I also tried to get Windows Security Centre working again, but when i type in the address in the bar it doesnt seem to find it

Matthew,

It’s hard to say whether the program needs to have been installed in order to be uninstalled. I doubt any of us has knowingly installed it, yet suddenly there it was! This infection is highly complex and difficult to get rid of, so it takes real persistence and consistent attempts at trying various things in order to figure out what will work. Have you tried the things I mentioned in my earlier comment to you?

It’s important to make sure PC Antispyware 2010 is not loading on startup, so you’ll want to make sure it’s unchecked in your Startup list. You’ll also want to do everything you can to get your anti-malware programs working again and/or get new ones downloaded and operating, because they will find and handle all the malicious files the program has placed on your system.

I wouldn’t worry about trying to locate my Security Center at this point. It’s likely operating, even though you can’t access it (a fact which you can double-check by looking at your Services list). Once you’ve gotten rid of the main malware infection, you’ll be able to concentrate on accessing your Security Center and replacing its icon in your Control Panel. Getting rid of the infection is really top priority right now.

You still got it bro….i didn’t install it either and was still screwed…. read every reply on here as we’ve talked about it to death, then come back and tell us if you’ve had any luck…..

Hi, I seem to have got rid of it!
It turns out that it was the braviax virus, and i am guessing that this is what it was for everybody else
Here is how i removed it :
Firstly, I removed braviax from my startup programs by typing msconfig into run
Then, the next time i started up the cross wasn’t there, and neither was the pop up
I tried running Malwarebytes AntiMalware at this time, but it still wouldn’t work because the virus recognised mbam.exe, so what I did was download Malwarebytes onto another computer, change mbam.exe to zzz.exe and then replace the file on the infected computer with zzz.exe. Then, when i clicked on it, Malwarebytes antimalware started up, and i was able to scan my computer

Good for you, Matthew!

It’s a great feeling to boot up and not see those annoying pop-ups anymore, isn’t it? Glad you managed to get the culprit out of your Startup list. That was definitely critical to your success in eradicating the virus. (Yes, it is Braviax/cru629 that’s at the root of this malware infection.)

Also glad you’ve managed to figure a work-around to get Malwarebytes up and running. It will help you get rid of many of the malicious files that are hidden in various places on your PC. I’d recommend that you download and scan your system with as many other anti-malware programs as you can, since I’ve noticed that different programs find and remove different malicious files. In addition to Malwarebytes, I’ve had good success with Avast!, Windows Defender, Ad-Aware, AVG, and Trend Micro RootkitBuster. Autoruns is also good for checking which programs are automatically loading on startup, and HijackThis can give you a comprehensive (though complex) picture of everything that’s going on with your computer system (though it can often require an expert to decipher it all).

Now that the infection is gone, you might want to follow my suggestions earlier in this thread to locate and restore your Windows Security Center. I still haven’t returned to describe the final step that fully restored everything to its proper place on my PC, because truthfully, I’m not even sure how it all happened myself and so don’t really know how to describe it. Yet, if you follow the explanation I’ve posted so far, you should at least be able to get a usable link to your Security Center onto your desktop, which will enable you to access it–and access is really the most important thing.

Congrats on your persistence and success in eradicating this infuriating malware!

Thank you so much, because of this, I finaly removed it. This gave me a couple hints. But this what I did was is go onto my sisters laptop, download Malwarebytes into a USB, and import into the infected computer. Then once the softwarer was in there, I disconected the internet. Then I put my XP on safe mode, and began the proccess. A quick scan was enough to remove Antivirus 2010. Then everything was working again. It turns out the virus tweaked my internet settings so nothing can get in. Anyways, thanks alot!

That’s great, Ryan!

Good move! Glad to hear you’re rid of it! Thanks for explaining how you did it! I’m sure it will help someone else!

Do any of these methods cost money?

Yi Soon Shin,

As far as I know, all these tools are free.

Take care!
Jeanne

I always prefer to use Kasperky over Avast or McAfee. Kaspersky is much better in detecting new viruses and it does not consume too much resources on your dektop PC.:.~

Great tip, Faith! Thanks for sharing!

I got that nasty virus this spring and it took me an entire week going through my registry. What a pain in the butt.

Even after I got it cleaned up, I made a backup for my pc and then reformatted my hard drive.

works like a charm now!

That’s great, Mark! It’s a tough one to get rid of! Sounds like you did all the right things.

My mom’s computer has another issue…it was infected, then we cleaned it, but we don’t have access to windows updates anymore.

It comes up as page cannot be displayed and even google redirects you if you search for windows updates. It’s a different virus than the PC AntiSpyware but it’s almost just as bad because we can’t get windows xp updates unless I search for them 1 by 1 and install them, which is pretty much impossible unless you kno exactly which updates that computer needs. Any ideas on which virus does that?

Wow, Bob! That sounds like no fun! I’m afraid I don’t know anything about that particular virus. (Not sure whether K does.) I would recommend contacting Microsoft and explaining the problem. Perhaps they’ll be able to help. It’s possible they know something about this particular virus, since it affects their OS updates.

You might also try doing some online research to see whether you can find others who have overcome this problem and who therefore know what causes it. That’s the way I found out how to get rid of PC Antispyware 2010/Braviax. (I’m not even a techie type — just an inveterate researcher and very persistent.) If I learn anything about it, I’ll come back and share what I find. You might want to stay signed up for comment notifications on this post or check back periodically just in case.

Good luck getting this sticky problem worked out for your mom! She’s blessed to have you in her corner!

Just wondering, Bob, whether you’ve gone into the computer’s Control Panel and checked to see whether Windows Automatic Updates is turned on. It’s possible it was turned off somehow when you cleaned the computer. Your problem is likely not that simple, but it’s worth checking (if you haven’t yet).

You might also visit the Microsoft Update Solution Center, where it’s possible you’ll find some info that could prove helpful in correcting the problem. Fixes are mentioned there for specific situations, which might just help if one of the Top Issues they cover happens to apply. If not, the above web page also links to the MS Support Contacts page, where you’ll be able to access support professionals or discussion groups to try to get an answer to the problem.

Another way to get answers is at BleepingComputer.com a website where computer experts help people solve their computer issues. The site has quite a few different discussion boards/forums, depending on the problem, and also offers tutorials on various computer issues, along with malware removal guides. I haven’t scoured the site for an answer to your specific issue, but it might be a good place to look.

Just so I understand what you’re saying, can you tell me exactly what comes up as “page cannot be displayed”? What link have you clicked or copy/pasted into your browser’s address bar before getting that error message?

When you enter anything related to windows updates…yep….even google, the browser wil be hijacked and redirected. Also… under the start menu when you simply hit windows updates…you get page cannot be displayed or error. It’s something strange and yes, updates are on automatic but you can’t see what updates have been installed in the past either. I came here because I just though maybe someone had an easy fix. The other places require you to use 2-4 other programs and logs and it gets complicated. It’s not my computer, but my mom’s work at home computer. I could go in and really mess with it, but as it is right now she can still work on it but I know it’s not 100% secure or safe and I don’t like that.

Bob,

Is your mom’s antivirus program working, and have you tried a boot-time antivirus scan? If it’s a virus, you may be able to get rid of it that way — before the virus has a chance to load. A boot-time scan helped me get rid of a bunch of unwelcome PC Antispyware 2010 files (once I got my antivirus program back up and running). You should be able to set your mom’s antivirus program to do a boot-time scan on her next restart. Then you can either restart immediately or let the program run the scan the next time she turns the computer on. Once you’ve gotten rid of the virus, you’ll be able to focus on figuring out how to get Windows Updates up and running again. That should be a lot easier once her browser is no longer being hijacked.

Bob,

Curious whether your mom has Service Pack 3 for her version of Windows XP. Just read on the Microsoft website that support for the Service Pack 2 (32-bit) version has ended, which means that version is no longer eligible for updates. (The 64-bit, SP 2 version is still eligible.) Here’s the link: Support is ending for some versions of Windows.

Yes, all the basic question I have looked into…it’s a deep one. I’m going to try SuperAntiSpyware next. It’s good at getting rid of stuff others cannot find….but not sure it will enable the proper IE finctions or the update problem. Will report back. I did this on my computer which has no threats as far as I know, and it came back as finding some Vundo/MS fake variant…once I deleted those I came up with some Error 339 runtime code during startup but nothing that I know of was affected yet. But I found the fix for it anyhow.

So, you’ve run a boot-time anitvirus scan (mentioned in my second-to-last comment above)? And it came back clean?

I’m not familiar with SuperAntiSpyware. Is that an especially good antispyware program? I do know it’s always a good idea to try as many different antivirus/antispyware programs as possible because each one catches things others don’t.

Hope you get your mom’s computer problem fixed soon!