One tough cookie to crack

Last week I had a family member hit me up for some computer advice.  She said the computer was quite slow and really stopped working in a few areas.  Some sites simply would not come up.  Using Logmein.com (great free tool to help out in a pinch) to remote in, I started poking around.  I immediately saw an interesting icon at the bottom right that looked quite suspicious.  I proud it into view and asked our helpless victim what this app was because it appeared to be an anti-virus app, but was not one that I quickly recognized.  The app is called XP Pro Cleaner and is basically an app that reports that there is a virus on your PC and actually shows it "scanning".  Some quick Google searches showed that this app is all about getting the hapless user to put in their credit card and buy the full version.

Let me tell you that the windows update service disables along with any other antivirus software and at one point the service was gone completely.  At least I was able to get in and then back out via the internet, otherwise I'd be in trouble since they live several states away.

I won't bore you with the rest of what was next because there was a lot of trial and error, but basically I pulled resources from these web sites.  I did finally get Malware bytes installed and we were looking good.

http://malwaretips.com/blogs/xp-security-cleaner-pro-removal/

http://www.bleepingcomputer.com/virus-removal/remove-xp-security-cleaner-pro

http://www.youtube.com/watch?v=xxn9zTUMbig

http://guides.yoosecurity.com/xp-security-cleaner-pro-how-to-remove/

http://www.anvisoft.com/resources/remove-xp-security-cleaner-pro-virus-uninstall-guide/

Once that was complete, I got Microsoft Security Essentials installed.  And then I moved onto the automatic update issue. 

http://www.geekstogo.com/forum/topic/299297-cannot-turn-on-automatic-updates/

http://www.microsoft.com/security/scanner/en-us/default.aspx

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/cant-install-windows-updates-error-code-80248015/61f1309b-90f3-4c5f-bcc3-63440155577a

http://support.microsoft.com/kb/2730071

This error came up as well "net start wuauserv the service name is invalid", more research revealed this script.

net stop bits 

net stop wuauserv 

regsvr32 /u wuaueng.dll /s

del /f /s /q %windir%\SoftwareDistribution\*.*

del /f /s /q %windir%\windowsupdate.log

regsvr32 wuaueng.dll /s

net start bits

net start wuauserv

wuauclt.exe /resetauthorization /detectnow

As of last Thursday we are up and running and work can be continued without reloading this PC.  Quite frankly, I wouldn't have spent this much time on one of my personal PCs, but was very glad to help.  

Moral of this story: Don't download software that you don't know from whence it came.