Help, I am trying to rid my friends comp of some very evil malware know as "contra virus" also called "AddProtect" .
I have used "spybot search and destroy" and then "SuperantiSpyware" and the cursed thing just comes right back from the dead! This is on a xp home machine. Any luck out there getting fully rid of it?

Hello gerraldr, can you give me a few more details about what the virus is doing, where you found it and any details your removal software is giving you.

Martin

Hello Martin,
The computer infected is a 9 month old Dell with windows xp. I am not sure what my friend was up to but he did admit to being on "the bad side of town" surfing the other night. He was surfing with firefox. To quote from "ContraVirus is a fake anti-spyware program that is often downloaded and installed without user knowledge or consent by a Trojan or through browser security holes. ContraVirus launches on Windows startup and may generate large numbers of popup adverts. ContraVirus will also display notifications of imaginary security risks in its attempts to get the user to purchase the full version. ContraVirus program can be extremely difficult to remove manually, and will continue to try to recreate itself. ContraVirus is thought to be related to VirusBlaster" This quote is quite accurate except that they could have added that it is hard to completely remove with spyware! Some small part of the cursed thing remains after even the most thorough cleaning, so that it can re-install itself on rebooting.
thanks, GR.

Hello, can you give me any other details your anti-spyware is giving you, like the location of the virus?
Also, any other filenames e.g. C:\Windows\System32\vcehaeb.dll

I got one myself about a year ago, that one was called 'VirusBurst'! It sounds like the same one.

Martin

My computer just recently had that same problem, and I tried the same techniques you used. Then, my AVG anti-virus program got an update and said that there was a problem on my computer. I healed it and haven't had any problems since. However, at startup, a popup message now appears from contra virus saying "File config.ini doesn't exist. Please reinstall software." If your friend's computer doesn't have AVG, download the free version (that's what I have), and it should help.

Hi,
I also had a contra virus infection.
It took me numerous tries to clean the thing from my system.

I used the search function to find this file and contravirus files. I had to go through this process numerous times before I got them all. It took me all day to get rid of this thing. The combination of this and the 411 spyware product finally got my computer clean again.

Hi ,
I just did a bit more research and found that the software from the 411 site is a form of spyware.
My research lead me to download "Spybot - Search & Destroy" which found numerous other infections on my computer. This is a free program.
I ran this and cleaned up my computer and the difference is just remarkable.
My previous instructions did get rid of the contravirus (and unfortunately also installed additional sypware) but the computer was still running too slow for my liking. Hope this helps you.

Check the listing on the following site of things that need cleaning
ContraVirus - from Wiki-Security, the free encyclopedia of computer security
Also check for the "XPuudate" process and files. On the 411 site there is also a mention of some other file names this uses.
After you clean your computer from "contravirus and xpuudate" run a search for both of these using the search files. (also search hidden files) These programs lodge themselves everywhere including in the backup.
Then clean the computer again using Spybot S&D