I think I have a virus on my home PC, Windows XP, Dell Dimension 3000. I have McAfee and it is set to run every Friday last time it ran it shows it ran 3 virus' (but didn't remove them) when I move the mouse over the tray icon, but when I click on it nothing comes up on the McAfee screen it just remains blank like this virus is stopping scripts. I have also tried using Avast and Spybot and neither of the find anything. Any Ideas out there?

I'm a bit of a tech junkie when it comes to these sorts of things. I have successfully baptized my computer on numerous occasions. Do the following for me:

1. Download and run AdAware: http://www.lavasoft.com/single/trialpay.php

AdAware is the bread and butter trojan and malware remover. It catches many if not most nasties that might infect your computer.

2. After running AdAware, download and run CWShredder: http://www.download.com/CWShredder/3000-8022_4-10301587.html

CWshredder catches anything AdAware might miss.


Do these two things, and then see if it fixes the problem. If not, I've got other tricks up my sleeve.

Here is my advice:

Run this scan twice:
http://support.f-secure.com/enu/home/ols.shtml


If you still have viruses after running F-Secure twice, you will probably end up needing to reinstall your OS.



---------------------------------------------------------------------------------------


TrendMicro's HijackThis is also a great free tool:
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

I'm a bit of a tech junkie when it comes to these sorts of things. I have successfully baptized my computer on numerous occasions.

Dang porn sites.....

:roflol: :roflol: :roflol:

Dang porn sites.....

:roflol: :roflol: :roflol:


You outta know... :lol8:

store your valuable files on one PC, surf porn on the other.

store your valuable files on one PC, surf porn on the other.

Why didn't you tell me that before??

store your valuable files on one PC, surf porn on the other.


You outta know X 2 :haha:

Most of the nasties you find on the web are from file-sharing - Kazaa, Limewire, and other P2P file sharing software.

ComboFix is also a great little tool.


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

store your valuable files on one PC, surf porn on the other.

Oh, that is good advice.

Here is my advice:

Run this scan twice:
http://support.f-secure.com/enu/home/ols.shtml


If you still have viruses after running F-Secure twice, you will probably end up needing to reinstall your OS.



---------------------------------------------------------------------------------------


TrendMicro's HijackThis is also a great free tool:
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

I have not tried this stuff at home, but one computer at work Dimension 2200 I tried on It has removed several virus' but not the one that is screwing it up f-secure will not load. So I was going to use system recovery and can't find the CD anywhere then I remembered doing a CTRL F11 keystroke during bootup to go into it. But that don't work. would using the windows xp pro cd get rid of my problem?

You gotta be careful when using HijackThis because it will alert you to items that may be viruses as well as other useful and required registry items. Before doing any changes in HijackThis its wise to check with someone who knows. You might try posting a HijackThis log to the following forum:

http://www.spywareinfoforum.com/

HIJACK didn't find anything

Ad-aware found the following

DialerData Dialer
GAIN
Win32.TrojanPWS.Magania
Win32.Trojan.Crypt
Win32.Generic.Worm
Win32.Worm.Autorun
Win32.Trojan.Vaklik
MRU Object

It said it removed these.

HIJACK didn't find anything

Ad-aware found the following

DialerData Dialer
GAIN
Win32.TrojanPWS.Magania
Win32.Trojan.Crypt
Win32.Generic.Worm
Win32.Worm.Autorun
Win32.Trojan.Vaklik
MRU Object

It said it removed these.


Niiiiiiiice. :2thumbs: That may have solved your problem -- that's quite a gaggle of trojans.

HIJACK won't "find" anything the way AdAware and Fsecure does. Typically HijackThis will create a long list of items that may potentially be trojans....but it's up to you to know whether or not it is harmful to your computer.


I would suggest also running your internet through Firefox, and not Explorer. Firefox is more resilient to incoming Trojans and viruses.

I do use FireFox, I am sure there is still a virus on the computer. The scripting still don't work in McAfee. I am re-installing Windows right now.

I posted a while back how to get rid of malicious programs manually through safe mode and digging through the registry. Not as hard as it sounds. Sometimes it's the only way to fix er up. Hold on I'll find it for ya

:2thumbs:

Edit: There is even a picture of what you should see @
http://www.bogley.com/forum/viewtopic.php?t=12963&highlight=safe+mode This WILL work, trust me. I've only ran into 2 or 3 viruses in my life that can survive this.


Usually I don't recommend this unless you know what you're doing. But since you are going to reinstall anyways, I would suggest you remove the virus MANUALLY. IMO that is the only way to go.

Ok for the first try just run it from here. but when you do it "for reals" you want to be in safe mode. Click start, run, then type regedit and hit enter. You will see a window with endless "drill down" menus. Just keep click the + sign and you will be fine. There are 2 paths you need to follow but they are almost identical.

hkey_current_user ,software, microsoft, windows, currentversion, then click on the "run" folder you see. On the left you'll see a bunch of entries. These are the programs that run on your machine automatically when it starts up. The virus is one of these programs. So try to make sense of what they are. I usually run google searches on the name to find out what it is. Soon you will locate the virus file and just delete it.

Here is the 2nd path it might be under. hkey_local_machine ,software, microsoft, windows, currentversion. Check this one as well. the virus could hide in one of those places.

Now here is the tricky part. You might see a "run once" folder or similar named. The virus could be in these also. Basically this is the folder for stuff that doesnt need to run everytime your machine starts up. Like a software update lets say. Viruses sometimes put them selves in here so they can reinstall themselves next time you start your machine.

Now here is the advice I wouldn't give someone who has the option. Just delete pretty much evrything in these run, runonce folders. Unless your absolutely sure it's something you need. You'll have a better chance of getting the culprit. I usually do this and have never had a problem. Of course I always have everything backed up like you do, so if it crashes I would just reinstall.

You'll find the machine will run a lot better if this folder is as empty as possible. Here is a sceenshot of mine and it works fine.

After you get done cleaning out these folders under these 2 paths. just reboot your machine and start as normal. The virus should not be there, I have had instances where it did reinstall itself and you will then see the executable back in that folder. Then it's just a simple matter of googling it and finding out what it is and how to remove it.
2 Thumbs


Oh yeah.. besides the "run" folders under the 2 paths, dont delete anything in any other folder unless you're sure. That's an instant crash waiting to happen.

Good luck man! Let me know if you run into any other troubles.


Edit #2... Since you are planning to reinstall anyways... Just start in safe mode, delete every single value from all the "run" folders. Then hit F5 to refresh. If the value pops back up, then you will need to reinstall. remember also to go into bot the local machine path and the current user path. There is 2 places the virus can hide in. Even remove all the stuff in the "run once" folders. Don't delete the folder itself, just the cont

Wow that's like brain surgery for your PC! I guess if you're just gonna reinstall everything anyways...

You might wanna post an inquiry on the previously posted link for the spywareinfo forums. They are quite knowledgeable and have helped me in the past.

Even I never want to go into the registry, it seems it's never the same....

Well as a last resort I went into the registry and found a file that I googled named KAMSOFT got rid of it and now all looks good. Now to my home PC

Go Deathcricket!