 sj |
||
|
||
Tech: Re my: Help! Serious Virus Plea.
|
|
|
Subject: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 09:32 AM I think I might have celebrated a little early after all the fantastic help I was given recently, when I thought I had eliminated it. A couple of days later I got this message in a little box. "WINDOWS. The system must shut down because tha DCOM SERVICE PROCESS LAUNCHER TERMINATED UNEXPECTEDLY. This shutdown was iniated by NT AUTHORITY SYSTEM" it then started counting down from 50 seconds before closing. After it shut down it restarted and came up with this message "DATA EXECUTION PREVENTION. To help protect your system Windows has closed this program. Name. GENERIC HOST FOR WIN 32 SERVICES. Publisher: Microsoft Corporation." Then asks to send error report. It is now doing this approx every 30 minutes and I cannot stop it. I did a full scan and it found and destroyed two trojans which I thought was the end, but it is still shutting down every half hour. Anyone help AGAIN please. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 25 Jan 10 - 10:36 AM first thing is to boot in safe mode, hit f8 when booting then click start , run and type mrt hit enter see if the mal software removal tool can get rid of it try that first Dan |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 11:41 AM Tried that Dan, it did scan said no infected files found, then just after that the message came up and the system went into shutdown again. The only scan I could do was the quick scan because if I try the full scan it shuts down after 30 mins so there is not enough time. Seems to me it is a clever little bugger and makes sure it closes before it is found, if it is a virus of course. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Neil D Date: 25 Jan 10 - 11:49 AM Have you tried this? Click Start, then my computer, then right click the c drive, click on properties, click tools and then under error checking, click check now, select "auto fix file system error and scan for and attempt recovery of bad sector, then click start. It may tell you to restart your computer to do this, go ahead and restart it. This usually works for me, afterwards I run my virus scan, just to be safe. Good luck. Christina |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 12:24 PM Tried that Christina , it did it and said it was clean, but thanks anyway. Each time I try something I learn a bit more, can't be bad. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 25 Jan 10 - 12:32 PM willy - try this to stop the shutdown: Go to the desktop, right click in some empty space and select Create/New Shortcut. When the wizard starts in the location of item box, type shutdown -a, click the next button and in the name of the shortcut put Abort Shutdown or some name you like. (This is for XP). If a shutdown starts, double click this icon and it should abort the shutdown. That may give you time to finish a malwarebytes scan. (You might want to download a new copy of that to your desktop and run it from there in case you old copy is compromised). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 25 Jan 10 - 12:38 PM For reference, I think the previous thread was Here, in case any helpers would like to look at what was done before. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 01:09 PM I'll try that Mick, thanks. Thanks John, I didn't know how to do that. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Sandy Mc Lean Date: 25 Jan 10 - 03:16 PM Are you turning off System Restore before you scan? Perhaps the bugger is reloading from backup files. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 03:54 PM I didn't know it was possible to turn off system restore! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Sandy Mc Lean Date: 25 Jan 10 - 04:46 PM For Windows XP: I'm not sure if Vista is the same. Click start Right click My Computer then click properties Open System Restore tab Check box |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Sandy Mc Lean Date: 25 Jan 10 - 04:46 PM |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 25 Jan 10 - 07:01 PM Note that removing the check from the System Restore box Deletes ALL prior restore points IMMEDIATELY. This does mean that you will not be able to use System Restore to go back to a previous configuration once the box has been unchecked. You can save a Registry configuration manually, by recalling a config using System Restore and exporting the Registry from regedit, but it does require manually accessing the registry, and it's easy to confuse where you are with the configurations. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 26 Jan 10 - 08:40 AM Thanks to all. Hopefully I will find the cure shortly. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: bobad Date: 26 Jan 10 - 09:15 AM If all else fails do, or have done by professionals, a wipe of your hard disc, after backing up all the files you don't want to loose. I recently experienced problems with my computer, the cause of which was never found either by me or the staff at a very good computer repair shop. They finally did a wipe for me and my computer hasn't worked this fast and well since it was new. Hard drives tend to become bloated with useless junk and files get corrupted files over time, regular wipes are recommended. Mine had never been wiped in six years. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 26 Jan 10 - 09:58 AM Unfortunately, it could be a 'rootkit' infection, which cannot easily be cleared after the system has booted, even in Safe Mode. You may need to either use a solution that boots from a CDRom, or put your drive in a caddy and 'clean' it on someone else's machine which isn't infected and has every known protection available. A 'rootkit' infects the boot sector of the system drive, and often transfers itself to any other drives on the system via the 'autorun' feature. Turning off autorun on all drives before you've been infected is good protection, though not infallible. When you boot a system with a rootkit in its boot sector, the malware is able to 'cloak' itself so that even the best antivirus or antispyware cannot detect it - and is often disabled by it. Other clues can be the inability of the AV software to update, and even Windoze updates can be compromised. System Restore can also be disabled, and accessing Safe Mode itself may be blocked. There is no cover-all cure for these things - first you have to find out what you're dealing with, which is often the longest part of the cure. In my experience the symptoms one system has may be similar to another system, but they are often not caused by the same thing... so be careful about grabbing the nearest solution and expecting a miracle! One very handy tool is available from Trinity Rescue Kit, which involves downloading an ISO image from which you burn a bootable CDRom. However, information changes on their website alarmingly frequently, which shows how the malware threats are modifying to try to keep ahead of the cures... so make sure you read up as much as you can before attempting any 'cure'... each time you visit the site you may find they've changed their approach yet again! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 26 Jan 10 - 09:59 AM Yes, what Bobad said! Often a much quicker answer! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 26 Jan 10 - 12:38 PM Okay, back from a job... to add to what Bobad said: Buy a new hard drive and a caddy (making sure it matches what you already have - don't buy a SATA drive and caddy if you're still on a PATA drive). Rebuild the PC on the new drive, and all your old stuff will still be available via the caddy. As long as you've got adequate malware protection the rootkit can't transfer itself (you did remember to disable 'autorun', didn't you?!!), and you may even be able to clean the old installation that way if you prefer to revert to it. Another word of warning - if you use USB fobs or other removeable drives, it's just possible they may have been infected with an 'autorun' rootkit. As long as autorun is disabled, they won't work - but you need to delete (and empty the trash) the autorun.ini file AFTER you've opened it with Notepad to see what it loads - delete that folder and its contents, too. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 27 Jan 10 - 08:32 AM Thanks Bernard, but I'm afraid this talk of Sata Iso Caddy etc is a foreign language to me. It's looking like I will have to take it to the "experts" to try and get them to do it. The thing is still trying to shutdown after 30 mins each time I power up, but at least it only does it once now as I took the advice from Mick Pearce and can abort the shutdown and it seems to then carry on indefinitely, (until I switch off then on again). Weary John. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 27 Jan 10 - 09:41 AM I've just done another scan with Spybot and it's come up with more files, but they all seem to be "tracking cookies" and relate to progs I didn't even know were there, all of a similiar nature i.e. Adviva,Doubleclick,Mediaplex,Rightmedia,Tradedoubler. Am I right in thinking these things must be "generating from within" as it were, because I'm sure they weren't there on the last scan, although there were similar.(tracking cookies). AAAAAAAAAAAArrrrrrrrgh. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 27 Jan 10 - 09:54 AM It's a minefield, innit?! Do you have a set of 'System Restore' CDs that came with the PC? It's not that difficult to replace the hard drive and reinstate it 'as new'. As for the apparently complicated terminology, it's not really so obscure, honest! A 'caddy' is a box you can put a hard drive into, then you can plug it into your PC (after disabling 'autorun', of course!) and use it as if it's an internal drive. PATA is the old IDE connection with the wide ribbon cable, SATA is the modern connection with a small (sometimes locking) plug. ISO means an image file (cd_image.iso for example) that most CD burning software can use to make a CD - and is an easy way of producing a bootable CD. As for disabling 'autorun', you only need to open 'My Computer'... right click on the drive icon, select 'properties' and you'll see an 'AutoPlay' tab. Click that tab and you'll see a few options. All you do is click the 'radio button' on 'Select an action to perform', scroll down to 'Take no action', make sure it's highlighted and click 'apply'. You DO NOT want to be propmted each time for an action, as this means the autorun.ini file will have already run... However, if the choices are greyed out, you're too late - the malware has beaten you to it! As yet I'm not sure about this shutting down business... I'll try to find out more, as it's a new one on me. Clearly it's the malware doing it, but why?! Okay, I know... 'because it can!' |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 27 Jan 10 - 09:56 AM IDE and SATA connections SATA connections and cables General instructions to install a SATA drive I have a couple of drive enclosures holding one backup drive I've used for a while and the previous hard drive for this computer from a rebuild last year. When I was first dealing with a SATA drive I realized, in poking around the mother board, that I had three free slots there that I'd never thought about using. It's really pretty amazing what you can find when you get under the hood. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 27 Jan 10 - 11:49 AM That's if you dare!! John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 27 Jan 10 - 12:27 PM willy - the tracking cookies your scan is finding shouldn't be the cause of your troubles: they're just small information files that websites you visit put on your computer. The tracking cookies saved on your machine can be read by the same/other websites and used to target adverts to you. In themselves they can't harm your machine and you can set your browser up to ignore them (ie not save them) or ask if you want to save them or not. For the symptoms you're getting I'd use malwarebytes rather than Spybot and if that doesn't work I'd try combofix (although that involves a bit more work to use, though the instructions are pretty clear). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 27 Jan 10 - 01:56 PM Yes, Mick - except that a rootkit can be capable of cloaking itself so that neither Malwarebytes nor Combofix can spot it unless the PC is booted from an alternative device, such as CDRom. That way the boot sector doesn't trigger the rootkit. If you boot from the infected device the 'fix' has already failed. The buggers are getting too flamin' clever! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 27 Jan 10 - 02:05 PM It was suggested in a previous post that turning off System Restore might be a good thing to do. It's not clear that it's widely understood why this may help, or just how System Restore works. If System Restore is turned on, each time the computer is shut down or rebooted, if anything in the setup has changed the System saves the configuration in a separate encrypted and inaccessible folder. This folder can hold about a half-dozen "restore points" but when a new one appears the oldest previous one is "pushed out" and gets discarded. Malware that gets on the system may make changes in the Registry before the original "infection" is removed. When your AV deletes the original infecting file, it may not delete entries made in the Registry, and some malware may copy the original infecting file under a "scrambled name" that's unlikely to be found by the AV. When the computer is rebooted, with System Restore on, the system looks at the last previous restore point, and if anything that "looks useful" is missing System Restore may automatically (and invisibly) put the Registry entry back into the system. The registry can "call for" the aliased/renamed original infecting file, and the infection reinstalls itself each time your reboot. Once you have rebooted a half-dozen times, with changes each time while you have tried to remove the infection, it becomes unlikely that System Restore contains a restore point that does not contain the instruction to reinstall the infection, so there is no harm in removing all the restore points. You remove them by turning off System Restore (which dumps them all). This does not remove the reinstall instruction from the Registry for the current configuration, but booting in Safe Mode lets Windows restart without reading all the Registry instructions, so the malware might not be put back. The KB article linked up above does give you somehwat more control over what starts, and what doesn't, in WinXP Safe Mode, which may be helpful in getting the computer up without turning on the infecting file(s). If all copies of the original infecting file can be removed by your AV while running in safe mode, but the Registry is not cleaned, the next normal boot should give a different error message when the registry attempts to open a file that doesn't exist. The new error message should give the name of the file that wasn't found, and you can then (sometimes) look in the registry to find the line that calls for that file, so that the Registry entry can be deleted. If you're not comfortable with working with the Registry, it should be fairly easy to find advice once the filename is identified. The only caution here is that you don't want to edit out the Registry line that calls for a file that is needed but is just missing. In the present case, where Windows Explorer fails repeatedly, it is possible that the malware has modified or replaced a file used by Explorer. The modification/replacement may have just corrupted the file so that it doesn't work, or your AV might have removed it because it was infected. My recollection is that WinXP usually includes a "Repair Windows" option in Control Panel, at the Add or Remove Programs location. If you don't find it there, it may come up if you boot from original installation disk (or a "Repair Disk" as some OEMs call them). In Vista, an OEM installer can have included the Repair module in the installation; but usually you have to boot from an original installation disk to get to it. If you can run the System Repair utility, it will theoretically look at all the necessary Windows files and will replace any that are missing or corrupted. Since the file(s) will be replaced with an "original" version, it may not incorporate patches issued after your computer was built, so Windows update should be run as soon as possible after any "Repair" that goes back to your original installation disk. (Even if you don't have to use the installation disk, the check will be against "CAB files" copied to your hard drive at the time of first installation, so you should still check for updates.) John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 27 Jan 10 - 02:20 PM boot to safe mode F8, use the free microsoft one care safety scanner. My friend had a bad bad virus yesterday. I tried a lot of things and finally nailed it with this one and it worked slick Microsofts safety scanner |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 27 Jan 10 - 02:27 PM forget spy sweeper, root kits etc, do the safety scanner in safe mode. the virus I took off my buddies PC skated through everything. Safety scanner nailed it removed it fixed all the files and took about 3 hours of run time ... now here is the problem, if you don't have a high speed line like a dsl or cable modem, I have no idea how long it will take ... |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 27 Jan 10 - 03:28 PM The utility JiK is pointing you to is the System File Checker. This can check system files and replace them if they are not the correct version. The command: sfc /scannow will do this - you can type it into the Run box of the start menu. (of course if malware is clever enough to rewrite the cache of correct files, this will not do anything useful). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 27 Jan 10 - 03:44 PM I forgot to mention that I would never willingly turn of System Restore. It doesn't always work the way I want it to, but it has saved my bacon a couple of times. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 28 Jan 10 - 04:06 AM More brilliant advice, thanks all, I will take time now to run through and digest it, then give them a try. Thanks again. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 29 Jan 10 - 03:03 AM Did the safety scanner bit, took 4 hours for complete service scan and it found 3 serious infections and got rid, as well as other stuff. Restarted and then up came that blasted shutdown window again, so, onto the next bit.... John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 29 Jan 10 - 09:01 AM Let's be clear about this... a 'rootkit' is not a fix, it is a particularly pernicious form of malware that replaces the system drive's boot sector. It is therefore capable of circumventing any attempt to remove it, even in Safe Mode. The only sure way to get rid is by booting from another device (usually CDRom) and replacing the boot sector with a clean version. This could also be achieved by connecting the drive as a slave or external drive on another machine which is adequately nailed down. I repeat - disable autorun (autoplay) to prevent infected drives from installing their rootkit payload. If you have a network, they will spread like wildfire to any machine that has mapped drives with autoplay enabled. I've been there... |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 29 Jan 10 - 09:35 AM Bernard - not all rootkits replace the boot sector, most just subvert operating system files. While replacing the boot sector would typically require booting from some other device - some kind of recovery CDrom as you say - that may not be necessary. The same behaviour willyhillbilly described after infection removal could easily be caused by malware installing Run or RunOnce keys in the registry to reinstall themselves on startup. If it was me I'd do the malware scan and removal followed by a HijackThis (or one of the other registry scanners) to check the Run keys in the registry and delete those if needed followed by sfc to recheck the operating system files. If I was still getting problems then I might try creating one of the scan and recovery discs (there are links and instructions for downloading isos and creating discs on the reputable antimalware sites - make sure its one of the recognised reputable sites!). But as willy has said above his level of technical expertise might not let him feel confident with some of these, so it may be better to bite the bullet and take it in to a store. (Stress that you want the system cleaned not the disc wiped and O/S reinstalled from scratch, or you need your data recovered if they do that). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 29 Jan 10 - 09:45 AM Ok, everyone is correct here, try this now, you got rid of 4 of them from the scan, probably all of them but the boot sector is messed up. get your windows CD and boot from it ... then choose repair instead of full install do the repair portion of the installation, this should repair corrupted files ... then you should be alright I think |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 29 Jan 10 - 11:44 AM I bow to your superior knowledge people,it's great having you around. Mick is absolutely right about my expertise or lack of it and I fully expect to have to eventually take it somewhere, but in the meantime I am enjoying the experience of trying the simpler things and who knows, one of them might work. I know I keep saying thank you, but I really appreciate the time and advice given. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 29 Jan 10 - 03:31 PM That sounds like a good option, Dan. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 29 Jan 10 - 04:47 PM wilby et. al. Until you get fixed, it's not really certain what you've got; but according to The Red Tape Chronicles there are worse things out there than what we think you've got. GIVE ME YOUR MONEY, OR YOUR COMPUTER GETS IT Posted: Friday, January 29 2010 at 06:00 am CT by Bob Sullivan Could be worth a look, just to keep up on what the thieves are doing these days. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Rasener Date: 29 Jan 10 - 06:44 PM Bernard Getting rid of a rootkit virus is possible. I know I did it for my wife about 9 months ago and I haven't had any problems since. All her data was retained. I actually talked with PC World first and they said, you will have to reformat etc, etc. Fortunately I didn't listen to them. I will have a look and see if I can find what I did. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Rasener Date: 29 Jan 10 - 07:43 PM OK This is the way to remove the files that are causing the root kit virus. I did this and it worked. When you have done this, you still need to use you virus checkers to make sure there aren't any other viruses left on the machine. Please take the time to read it properly first and print it out so you have it by your side as you carry out each instruction. UACd.sys Trogan / Winpc Virus Removal It does require a level of skill. This is not recommended for beginners and requires an advanced set of technical skills.* Symptoms: - Programs like Spybot, Malwarebytes, Superantispyware, Windows Defender, etc. wont run or install. You double click, it looks like it is trying to open, but nothing ever happens. - Every time you try to search something on Google and click on the link of a result, it will redirect you to a site with the URL of gwww.windowsclick.com or something similar. - Your computer will be slow and will freeze. Removal: Instead of playing around and trying to get programs to work and to remove it, use this trick instead. 1. First you will need a copy of your Windows CD. 2. Boot your computer to the Windows CD. Let it boot to a blue screen and it will ask you if you want to repair your computer by pressing R. Press R on the keyboard. 3. It will ask you what Windows installation you want to log onto, select the appropriate one. (Most likely 1.) 4. If it asks for an Administrator password, enter it in. If you dont know the password, chances are it is blank so just press enter. If that still doesnt work, you will have to change or remove your administrator password. 5. You will see a black window and if you are successfully logged in, you should see C:\Windows in white text. Type the text after the word Type and then press ENTER C:\Windows Type cd system32 C:\Windows\system32 Type dir (Now you will see a long list of a bunch of files. Scroll down to the U's. If you are indeed infected with the UACd.sys Trojan, you should see files named UAC*random characters*.dll. Write down on a piece of paper all of the files that begin with UAC including guacinit.dll. Make sure you write them down exactly as they are (take your time on this and get it right). Now you can scroll to the bottom and you will be back at the C:\Windows\system32 prompt. You are now going to delete each item you have written down, so remember to tick each one off on your list as you succesfully delete them. So your first one you carry out the instructions after the word Type. C:\Windows\system32 Type del UAC*random characters*.fileextension (If the file is named UACdsferskwufy.dll that is what you type in.) If it is successful, it will just go to a new line with C:\Windows\system32 쳌as the prompt. Repeat the del process with the rest of the files that you wrote down. Once you have deleted all of them. Run the dir command again and scroll to the U's and see if there are any UAC files left. If you have done everything correctly, there shouldn't be. Once that is done, you will be back at a C:\Windows\system32 쳌 prompt. Follow these commands. C:\Windows\system32 Type cd drivers C:\Windows\system32\drivers Type dir Browse through the list till you come to UACd.sys. Write this down so you don't forget it. Now browse to the end of the list and you will be back at the prompt. C:\Windows\system32\drivers Type del UACd.sys If it is successful, it will go to a new line. You can then restart your computer by holding the power button or typing in exit. (Make sure to remove the CD so it doesn't boot to it again.) Let it boot into Windows. Once you are back into Windows, download Avenger from here http://www.downloadrage.com/avenger-antivirus-download.aspx Scroll to the bottom of the page to find the download link Extract the file and run the Avenger program. In the white text box, enter and run the following. Drivers to delete: UACd.sys Files to delete: C:\WINDOWS\system32\wJQs.exe It may ask to reboot, let it reboot your computer. Now run the usual spyware/virus removal tools to take care of the rest. I hope taht helps |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 29 Jan 10 - 08:03 PM Les those are great instructions. But I am pretty sure he got rid of the virus from the oncare scan, what I think is the virus corrupted the boot files and they are broken even though it is gone. if it is XP he should just boot from the install CD and do the repair which will copy over the files with the proper onces leaving everything intact ... your instructions for manually removing the virus is very good indeed, especially those that did not do the onecare scan good job Dan |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Rasener Date: 29 Jan 10 - 08:26 PM OK I understand Dan. Never the less its worth him checking. However its worth everybody keeping those instructions for future reference. It doesn't take long to do and it will save lots of time and effort, trying this and that and pulling your hair out etc. :-) You also won't lose any of your data. Les |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 30 Jan 10 - 07:53 AM El Thicko here again, how do I "boot from the windows cd". I put the disc in and went to "my computer" then double clicked on D drive and got the menu then looked at instructions which said restart with the disc in, which I did. It just started as normal, I can't find the repair option!!. I am obviously missing something |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 30 Jan 10 - 08:26 AM I just did another scan with Microsoft Essentials and it came up with this "serious threat" VirTool:Win32/Obfuscator.HW which it says cannot remove but has quarantined it. I think I now have to try Villans method, but cannot seem to work out how to boot from disc. HEEEEEEEEElp! John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 30 Jan 10 - 09:51 AM John go into your computers setup, that is usually F1 or F2 when it starts to boot. Here you see things like hard drives and other technical options, look for boot sequence, change the sequence to CD first then hard drive ... hit esc and save it will reboot but will look for the CD first |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 30 Jan 10 - 02:12 PM If your AV has quarantined the threat file, it should not be able to run the next time you reboot. The most probable reason why the AV could not remove an infected file is that the file was open/running. Most AV programs, however, as a "standard practice" do NOT delete files, but instead put them in quarantine so that, if necessary, you can restore them. Once the file is quarantined, if you just reboot normally you should be able to delete it from the quarantine file just by opening your AV program. Microsoft gives a specific "information" for the malware indicated at VirTool:Win32/Obfuscator.HW that may be of interest, but indicates that up to date AV should be able to remove it, and gives no other instructions. By putting the file in quarantine your AV has "removed" it. If you reboot and run a new AV scan, and the file is found again, it probably means that it's being reinstalled by a Registry entry or by a boot sector infection. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 31 Jan 10 - 12:27 AM i hope you are ok now and it all works again |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: GUEST,Jim Martin Date: 31 Jan 10 - 06:46 AM I would say most of all this hi-tech jargon is beyond most of us who are average computer users and in a similar situation, we will get an "expert" to fix the problem - I did this and finished up having to buy a new computer. It's all one big scam! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 31 Jan 10 - 08:17 AM |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 31 Jan 10 - 08:21 AM no kidding for a normal home user ubuntu linux .. no more viruses. i switched my doctor buddy and he is hooked now along with my mom and sister. if it were not for my clients i would never use windows |
| Translate Thread |