Really nastey Viruses on my PC, what can remove them?

[OzyOly]

Hi, I have some viruses on my PC that originated from one exe file. Now McAffee, my primary antivirus programme, says "trojan romoved" about 7 times a day.

I have run uptodate versions of Mcaffee, spybot, adaware, dr spyware and avast, all of which came up with different things.

From avast it appears I have/had a lot of dodgy things in system 32, mcaffee just says it finds the sam trojan over and over, dr spyware found stuff in my temp internet files (that I deleted manually) and spybot and adaware just found tracking cookies.

But still I get the this torjan message often, my network keeps disconnected if it connects at all and my mouse and keyboard become unresponsive intermittently.

Do you know ofgod virus/anti spyware progs that can fic my PC? Thanks all.

 

[SamuraiTortoise]

Have you tried booting your PC into Safe Mode and then running your virus scanners. Quite a lot of the time the virus can only be removed in Safe Mode when the PC is only running bare essential processes. I'd try that first.

 

[OzyOly]

Have you tried booting your PC into Safe Mode and then running your virus scanners. Quite a lot of the time the virus can only be removed in Safe Mode when the PC is only running bare essential processes. I'd try that first.

Thanks mate. I just need to find a none usb keyboard to do this right? My USB keyboard is not reconised between post and windows has boot, it's weird.

I'll give it a try though.

 

[z0mbi3]

Enable usb emulation in your bios and you won't have to get another keyboard.

 

[Mark M]

Disable system restore as it can "hide" in there.

Also have a look at msconfig at the start up apps incase it is running itself upon booting window.

 

[OzyOly]

Already checked msconfig, thanks for the keyboard tip.

I ran a boot scan with avast and it said it found win32 vbstat-c. I deleted this, but that was all it found.

My PC is still mot running great and I can no longer connect to the internet, or even my network with my pc.

 

[Darkaber]

Sounds to me that you need to backup what you can and format then.

 

[OzyOly]

I have a lot of stuff on there, too much to back up any time soon. Is it normal for a computer to be this messed up over a few viruses? I only got them yesterday.


But say I had to reformat, would my second harddrive be safe do you think? Is there anyway to find out?

 

[Mark M]

Virus could be on the 2nd hard drive as well.

I would try downloading Active Virus Shield and run that. Sorted out a mate of mines PC that was seriously infected within a couple of hours!! Just ran it in safe mode, rebooted into safe mode ran it again and then rebooted into windows and then ran it again.

 

[The_KiD]

Download a copy of HiJackThis.

First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
Then doubleclick the Hijackthis.exe.

Click the Scan button, when the scan is finished the scan button will become Save Log click that and save the log.
Go to where you saved the log and click on Edit > Select All then click on Edit > Copy then paste the log at one of the sites listed here.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

 

[Fr0dders]

sorry but the only way to fully remove these kind of well bedded in virus' is to backup your data

format and re-install.

every time i've come across a system like this, i've never been able to clean it 100%. There's allways one (usually the source of the problem) that no ammount of virus checking etc. .is able to remove. Usually because it digs itself into the kernel itself, and it re-loads itself every time you reboot. So no matter how many times you remove it. It comes back because its integrated itself into the actual windows code

so the only to remove it is to re-install the windows code

thankfully this is now sorted in vista. As access to insert your code into the kernel will only be granted with a license which you have to apply for. So the usual suspects like ATI/Nvidia/Mcaffe/Nero etc.. should all be able to insert their own custom code. But there shouldnt be any virus getting into the kernel.

 

[The_KiD]

sorry but the only way to fully remove these kind of well bedded in virus' is to backup your data

format and re-install.

every time i've come across a system like this, i've never been able to clean it 100%. There's allways one (usually the source of the problem) that no ammount of virus checking etc. .is able to remove. Usually because it digs itself into the kernel itself, and it re-loads itself every time you reboot. So no matter how many times you remove it. It comes back ..

I think that while that may be true in yoru case, if you speak to anyone any the ASAP list of forums they will disagree.

Admittedly some times it is easiest way to make sure you rid of it, but the people on the list are experts in malware removal and rarely fail to get things removed.

 

[Fr0dders]

I think that while that may be true in yoru case, if you speak to anyone any the ASAP list of forums they will disagree.

Admittedly some times it is easiest way to make sure you rid of it, but the people on the list are experts in malware removal and rarely fail to get things removed.

looks an interesting forum

i'll have to have a browse. My sister in law's PC still has a trojan on it that i couldnt remove for love nor money.

 

[the-void]

I have a greater degree of success in removing malware and spyware when I insert the hard drive the afflicted OS is stored on into a 2nd pc as a slave drive.
Then use the anti-malware/spyware removal tools. Also have a greater chance of actually deleting any Windows/../.exe

 

[The_KiD]

Using HJT (and other diagnostic tools) enables you identify problem files, which in turn then enables you to find what particular piece of crud has got on your system.

Then it's just a case of removing the files and reg entries manually or using specific tools for those malware.

Even things like rootkits and "blue pill" malware can be removed.

 

[the-void]

Using HJT (and other diagnostic tools) enables you identify problem files, which in turn then enables you to find what particular piece of crud has got on your system.

Then it's just a case of removing the files and reg entries manually or using specific tools for those malware.

Even things like rootkits and "blue pill" malware can be removed.

Sometimes it is easier, quicker and far more reliable to do a fresh install after you have backed all the data up.

 

[Datamonkey]

Heads up for all of you,

well those of you suggesting he backs up and re-installs.

He needs to get rid of the virus BEFORE he backs anything up. If he backs up with the virus present there is a very high chance the virus could be backed up also.

Download a copy of avast on the pc your using to get on the net, its a free av and pretty good. get the infected pc off of your network also mate, otherwise you could be spreading the love (virus)


Boot in safe mode as long as you can keyboard permitting and re-scan.

Its a crap situation to be in, trust me i know lol

Good luck

 

[jbloggs]

You could try this:

Have a look Here - click on the second "HER" to download "mwav.exe" to Desktop, unzip and click "mwavscan" to start scan, then on next windows put a checkmark in:
Memory, Startup folders, drive, Registry, System folders and Services. And: All local drives & Scan all files, then click Scan clean.

This file has a very large virus/malware database that is updated every so often, during the scan it will remove/rename the infected files.

 

[OzyOly]

I reformated my windows drive in the end. 5 hours and still it isn't fully restored.

I hope I don't get viruses like that again.