Antivirus Discussion

[DiscGo]

I downloaded a free program from Softpedia, and when I installed the active x component I got a trojan horse, I was using McCafee and it didn't recognize the threat and couldn't repair the virus. I switched to Norton 360, installed a different program and installed a virus on my PC. Norton didn't detect it and can't remove it.

I have tried a demo version of kapernsky (or whatever it is called) and it couldn't remove the virus. I have tried adaware, spybot, spydoctor, and can't get rid of it.

I usually just reinstall my OS when this type of thing happens because I have everything backed up and have a clean OS in about 30 minutes. So I am just having fun trying to figure out how to get rid of this and see what programs work because I can just start over any time (and spend a lot less time doing it). I just want the experience of removing this or find a program that will.


Any thoughts?

[RugerShooter]

What trojan horse is it?
Last week I had to remove one the only program I could find to remove it was AVAST I can't remember what the name of the infection was, it was something like windows 2008 anti-virus.

[Deathcricket]

Usually I don't recommend this unless you know what you're doing. But since you are going to reinstall anyways, I would suggest you remove the virus MANUALLY. IMO that is the only way to go. I have to run to the server room real quick, but in half hour I will tell ya how to do it.


Ok for the first try just run it from here. but when you do it "for reals" you want to be in safe mode. Click start, run, then type regedit and hit enter. You will see a window with endless "drill down" menus. Just keep click the + sign and you will be fine. There are 2 paths you need to follow but they are almost identical.

hkey_current_user ,software, microsoft, windows, currentversion, then click on the "run" folder you see. On the left you'll see a bunch of entries. These are the programs that run on your machine automatically when it starts up. The virus is one of these programs. So try to make sense of what they are. I usually run google searches on the name to find out what it is. Soon you will locate the virus file and just delete it.

Here is the 2nd path it might be under. hkey_local_machine ,software, microsoft, windows, currentversion. Check this one as well. the virus could hide in one of those places.

Now here is the tricky part. You might see a "run once" folder or similar named. The virus could be in these also. Basically this is the folder for stuff that doesnt need to run everytime your machine starts up. Like a software update lets say. Viruses sometimes put them selves in here so they can reinstall themselves next time you start your machine.

Now here is the advice I wouldn't give someone who has the option. Just delete pretty much evrything in these run, runonce folders. Unless your absolutely sure it's something you need. You'll have a better chance of getting the culprit. I usually do this and have never had a problem. Of course I always have everything backed up like you do, so if it crashes I would just reinstall.

You'll find the machine will run a lot better if this folder is as empty as possible. Here is a sceenshot of mine and it works fine.

After you get done cleaning out these folders under these 2 paths. just reboot your machine and start as normal. The virus should not be there, I have had instances where it did reinstall itself and you will then see the executable back in that folder. Then it's just a simple matter of googling it and finding out what it is and how to remove it.



Oh yeah.. besides the "run" folders under the 2 paths, dont delete anything in any other folder unless you're sure. That's an instant crash waiting to happen.

Good luck man! Let me know if you run into any other troubles.

[BruteForce]

A few suggestions on virus removal:

- Get a free program (from SysInternals, now Microsoft) named: Autoruns
- Get ADAware

Launch autoruns and remove any programs from the Logon, Services Control Panel and IE that are questionable or you didn't install yourself.

Follow this by deleting all temp files, empting your recycle bin, resizing your paging file (to the set maximum) and reboot.

Run ADAware and perform a full scan.

In most cases, this combination will resolve your issue.

As a seperate tool, I recommend ZoneAlarm Pro Suite, its a firewall, Spyware and AntiVirus tool all-in-one for around $40.

[DiscGo]

Thanks guys.

I don't know what the trojan horse is called. Everyone once in a while when I open my d: drive, I get an IE window recommending some antivirus program, I did a search for that program and didn't find too much except for other people complaining about the same thing.


The problem I have found with Avast is that it lists everything as a virus, including things that I know cannot be. But I should try it before I do the OSRI.

I am work right now, but when I get home tonight I am going to try DeathCricket's registry adjustment. I spend about a 10th of my work day in registries, so I am hoping that I will not ruin anything too badly.

I'll let you guys know how things go, if you guys have any other suggestions I'm up for them. (I'm just having fun with this anyway)

[Deathcricket]

Actually when you describe it, that doesn't sound like a trojan at all. Or at least not what I think of as a trojan. I thought it was opening a backdoor through your firewall, keylogger, setting your machine up as zombie, or doing file corruption. This just sounds like adware or spyware.

My way will still work, but Bruteforce's suggestion to get Ad Aware of even Spybot I think might be a better suggestion. It's real easy to install, free, and foolproof. If that doesn't work then try my suggestion. Of course it still will be fun I think to play around with the registry. Hehe

If you recall the name of the window that pops up or the software it is trying to sell you, let me know? I have a pretty good database archive and might have the fix on file for ya.

Another thing that comes to mind.. Maybe your messanger service is not disabled? That would give you grey screens with ads every once in awhile. Do you just click "ok" and it goes away? Check out this and see if the windows look familiar. The words on the "pop up" of course would be different. There are lots of ways to fix this problem also.

http://www.itc.virginia.edu/desktop/docs/messagepopup/

[RugerShooter]

That sounds like what the virus/trojan that I had to remove, It was just a pop-up that said "you have xx Virus' click here to remove", and yes they clicked to remove which is what infected the whole computer. I just googled the name of the "anti-virus" program I think it was "windows anti-virus 2008" and it explained how to get it off of your computer.

[DiscGo]

I downloaded "Hijackthis" from TrendMicro (and I am hopeful it has worked), but I won't know until I get home. I have found portable versions of Avast, Adaware, and Spybot and I'll try and throw that at this as well. I'll keep you guys posted (just in case you are interested)

http://download.bleepingcomputer.com...HiJackThis.exe

[sparker1]

I've gotten viruses with McAfee and Norton (they are pretty much the same), but have never gotten a virus with AVG (Free).

[RugerShooter]

McAfee and Norton suck, they only catch about half of what some of the others do.

[theking648]

That sounds like what the virus/trojan that I had to remove, It was just a pop-up that said "you have xx Virus' click here to remove", and yes they clicked to remove which is what infected the whole computer. I just googled the name of the "anti-virus" program I think it was "windows anti-virus 2008" and it explained how to get it off of your computer.

lol ya i seen that one on my dads computer a few days ago... ok

TIP #1 when you get a message like that and it asks you to install the virus remover program..... IT'S THE VIRUS ASKING YOU TO DO IT. don't do anything the messeges in the bottom right hand cornner want you to do. there fake and just trying to sell you a virus remover.

TIP #2 NORTON SUCKS.... norton is a virus in it self and is a curse. and macfee anit any better.

so do what DiscGo said and get hijackthis and post your log here... and next the two programs i used to get rid of the virus was my anti virus nod32 and http://www.malwarebytes.org/ which really cleaned it out... but in the virus my dad got it disable the desktop and screen saver tabs in display properties. and i had to go into the REG and delete the disable rules.


and and remove all the programs that it asked you to install and ones that it installed it self and you should see some new icons on your desktop.. after you uninstall them go into program files and delete the folders.

[RugerShooter]

That sounds like what the virus/trojan that I had to remove, It was just a pop-up that said "you have xx Virus' click here to remove", and yes they clicked to remove which is what infected the whole computer. I just googled the name of the "anti-virus" program I think it was "windows anti-virus 2008" and it explained how to get it off of your computer.

lol ya i seen that one on my dads computer a few days ago... ok

TIP #1 when you get a message like that and it asks you to install the virus remover program..... IT'S THE VIRUS ASKING YOU TO DO IT. don't do anything the messeges in the bottom right hand cornner want you to do. there fake and just trying to sell you a virus remover.

TIP #2 NORTON SUCKS.... norton is a virus in it self and is a curse. and macfee anit any better.

so do what DiscGo said and get hijackthis and post your log here... and next the two programs i used to get rid of the virus was my anti virus nod32 and http://www.malwarebytes.org/ which really cleaned it out... but in the virus my dad got it disable the desktop and screen saver tabs in display properties. and i had to go into the REG and delete the disable rules.


and and remove all the programs that it asked you to install and ones that it installed it self and you should see some new icons on your desktop.. after you uninstall them go into program files and delete the folders.

I went into the registry and cleaned it out that way and then ran avast on it. It took out even more files that I didn't find in the registry.

[DiscGo]

That "Hijack This" worked great. I really recommend the program.