There is a virus roaming around. I had kinda taken care of it before, but sadly not entirely. I had help from roy.

The effects in total, including cured and easily curable:

1. Ping.exe and ping6.exe (or was it ping9.exe?) spammed my computer with CPU usage [Fixed]
2. Any .exe I try and run gives me "Choose the program you wish to run this with" [Fixable with Malwarebytes]
3. Any google links I click send me to various ad sites and virusey sites [Still broken]
4. If I turn off the antivirus thing I downloaded (it takes up a shitton of CPU usage) for more than 5 seconds the virus comes back in its entirety except ping.exe
5. Youtube videos continue playing in the background even after I close a tab in firefox. They continue to eat up memory and I have to end the plugincontainer every now and then.

The antivirus I had to download to be able to even run programs is PC Tools Spyware Doctor. Otherwise my computer wouldn't let me do shit iirc.

When I turned off my antivirus's "Intelliguard" a second ago, the Windows XP Security 2012 virus came up again, telling me I was infected (Gasp!). I checked processes to see which one I needed to nuke. The last time the virus came it was some random 3 letter thing like nms.exe, I don't remember exactly. This time it was HGB.exe or HBG.exe. I noticed also a strange process that I hadn't seen before. Sorry I can't be more specific, but it was some BS in all caps with the letters "NOT" in it. Like "NOTTD.exe" or something. Anyway, when the windows XP security 2012 virus finally fully arrived, and I saw the HGB.exe (or HBG.exe... whichever), my antivirus was like "YO DAWG THERE BE A COMPUTER PROGRAM ACTING SUSPICIOUS IN C:\Documents and Settings\Evan\Local Settings\Application Data\HBG.exe

I went there and found it. I went to google. Looked back and the program was gone.

Halp. Roy helped me a little bit through some of this, so he could give some more details.
edat:My goal is to not wipe my computer and still get rid of the virus.

Post has been edited 3 time(s), last time on Jan 12 2012, 1:44 am by TiKels.

You can do what I do, and system reset your computer.
Just be sure to back-up all your important files on discs or flashdrives first.
It feels good starting new again every once in awhile!

You've either never completely gotten rid of it or you keep re-infecting yourself... so its best that you get someone better with this stuff to to help you or reboot your computer.

My goal is to not wipe my computer and still get rid of the virus.

Also here's a rundown of what malware bytes just removed.



I never got rid of it entirely. I didn't say I did. What do you think I'm doing by getting on SEN? I'm getting someone better with this stuff.

Instead of starting completely over he could utilize a system restore point to some time prior to catching the virus.

System Restore FAQ

I did a system restore. I realized soon after that the virus had actually incubated on my computer for several days or weeks. I had ping.exe back on my computer and was almost entirely unable to delete it. I'd rather just kill the virus another way. Going back with system restore removes too much shit.

...you know that malwarebytes took no action on any of those, right...?

Yes, I haven't hit "remove selected" button yet on the scan.

lawl wait, i said removed didn't i

I would use some NyQuil and some Norton Antiviral Flu medicine to get rid of that nasty virus you got.

Consider buying a new computer and not visiting those "porn sites" that you use to love to visit.

I've delt with a couple of these buggers. You may have to restart your computer many times... Read through this before trying it, the key is being fast.

I'm assuming your on windows xp, and the virus has already disabled safe mode (if safe mode works, use it). I'm also assuming you're unable to pull out your harddrive and scan it as a slave drive from another computer, as that would be the elegant way to go.

1. Turn on your comp (if you have to log on, do so). Hold the windows key and hit R, type msconfig, hit enter. Select Diagnostic Startup, hit apply, as soon as the apply button unfreezes, pull out your laptops battery/your computers power cord.

2. Plug your comp back in, startup & login, first priority, get in task manager and kill any procceses except these...


3. Load up malwarebytes, don't bother updating for now.

(3.5) If you have the option, start a malwarebytes trial (under the protection tab)

4. Perform a quick scan, remove what comes up, then perform a full scan and remove what that finds.

5. Open up msconfig again, select normal startup (or if you use it, selective startup), restart, and enjoy.

I was able to nip the program a long time ago with some lucky process ending. I can run malwarebytes and can do scans. It fails to find the program, it has spread somewhere where it doesn't find it. Oh I just remembered a 5th symptom of the virus, updating OP.

Essentially, my computer is functional, but slowed down and infected.

I consider malwarebytes the best free scanner, but you can try kaspersky or one of these av's

Kaspersky got its source code stolen a while back.

TiKels: Just nuke your computer. Being lazy will leave you with a computer that's still as slow as before.

I had something similar occur. In my Windows folder, I found a few exe files with 4 random letters for names. They would periodically attempt to connect to files on various web addresses, but my NOD32 would block it. I also had an issue where I couldn't open exe files, but I just fixed that with regedit. Ultimately I found and deleted all the 4-letter named files and the issue went away. I have since reformatted my computer and started over, though, so that's helped a lot as well.

I agree wholeheartedly with RIVE on this one. It does feel good starting fresh.

Yes, unless you can find instructions on the net somewhere for removing the *specific* virus that you have, you can't ever be sure that you've gotten rid of it completely. It could potentially have a keylogger in there as well and steal your passwords/bank accounts etc.

So unless you can find out the name of this virus and specific tools for removing it, I'd just reformat and start again.

I did some speed googling. You should download and use Combofix, perferably in Safe Mode if you can.
(source: http://www.bleepingcomputer.com/forums/topic435494.html note that the person in that thread fixed it January 8, so this guide/virus is pretty recent.)

Or you can just reinstall Windows XP, but that's not fun at all. You'd be surrendering to the virus. You can't let it win.

Don't run combofix unless someone who knows their shit is helping you as you are running it. ComboFix has the potential to break way more things than it fixes and should be used as a last resort.

The virus is Windows XP Security 2012

I've heard of at least two other people getting the same virus. Random lady in a computer shop and my mother. Do you guys want me to re-get the virus again and just like... zip it and send it to you? Does anyone know how to do anything with it?

You're asking if we want a computer virus. Um, no.

I'd imagine someone on here has a computer that has no files of value on it and could do some sorcery and figure out what it does.