I am now cleaning my 8th PC of this nasty little virus for folks. For those who have not run into this thing just Google it. My observations based on these 8 removals:
1 – All 8 machines were running XP.
2 – 6 of the 8 machines were still on SP2.
3 – 7 of the 8 machines had an EXPIRED AV program.
4 – None of the 8 computers had an image (Acronis/Ghost/etc.) to restore from.
BleepingComputer has a decent guide on how to remove this:
How to remove XP Antispyware 2009
BUT, I have some tips to improve on the above guide instructions. This is the only method I have found to remove everything.
1 – The first and most important thing. If you entered your credit card info in one of the pop-ups, call your credit card company immediately!
2 – As per the above instructions download Malwarebytes’ Anti-Malware. Then go here and download SmitFraudFix and print the instructions.
2 – Disconnect the target machine from the internet and install Malwarebytes’ Anti-Malware. Reboot into Safe Mode and run a FULL SCAN ON ALL DRIVES. Quarantine and then remove the files it finds, then reboot.
3 – Install and the run SmitFraudFix as per the instructions.
4 – Connect the target machine back to the net and update Malwarebytes’ Anti-Malware. Reboot into safe mode and do step 2 again.
That should do it.
Now, PLEASE, download and install an AV program and run a complete scan. Then fully update Windows.