Virus help

Stevev · 17 Oct 2008 at 19:43

Just looking for some idea's how to remove a nasty virus from a neighbors laptop, its running XP SP3.

I've disabled system restore.

I've tried the following :
Full scan with AntiVir - Found 5 different Trojans - Removed all
Full Scan with Malwarebytes - 436 different types of Malware - Removed all
Full Scan with SpyBot Search & Destory - Found nothing
Full Scan with AVG 8.0 - Found nothing
Full Scan with Ad-Aware - Found nothing

Yet when I restart the computer they all appear again... It also keeps popping up in the middle of the screen saying something like " visit this site for the fix " and in the bottom right next to the clock it says " VIRUS ALERT!"

Any other idea of what I could try would be much appreciated.
I could always format, but that is a last resort.

Edit: On a side note its also stopping me from opening task manager, and has also removed everything from the start menu.

Also tried running scans in safe mode

Edit: Managed to get it removed with Combofix & Vundofix.

lord filbuster · 17 Oct 2008 at 19:49

Try running the antivirus software at boot? If you are lucky it might be able to remove them permanently then.

GSDog · 17 Oct 2008 at 19:59

Stevev said:
Just looking for some idea's how to remove a nasty virus from a neighbors laptop, its running XP SP3.

I've disabled system restore.

I've tried the following :
Full scan with AntiVir - Found 5 different Trojans - Removed all
Full Scan with Malwarebytes - 436 different types of Malware - Removed all
Full Scan with SpyBot Search & Destory - Found nothing
Full Scan with AVG 8.0 - Found nothing
Full Scan with Ad-Aware - Found nothing

Yet when I restart the computer they all appear again... It also keeps popping up in the middle of the screen saying something like " visit this site for the fix " and in the bottom right next to the clock it says " VIRUS ALERT!"

Any other idea of what I could try would be much appreciated.
I could always format, but that is a last resort.

Have you tried running those antivirus scanners in safe mode?

It sounds similar to a vundo trojan and many antiviruses are hopeless at removing those type of infections.

I suggest you try running the antiviruses in safe mode. If you still have those fake popups, then install and run SuperAntiSpyware free edition (google it). It's a great program at removing these type of infections.
If that fails, then download and run smitfraudfix and vundofix (google them and follow instructions on how to use them correctly).

Stevev · 17 Oct 2008 at 20:07

Zildjian said:
It sounds similar to a vundo trojan and many antiviruses are hopeless at removing those type of infections.

Just had a quick look at the last remove log, there was about 8 or 9 of vundo.H Trojans there :eek:

Zildjian said:
If you still have those fake popups, then install and run SuperAntiSpyware free edition (google it). It's a great program at removing these type of infections.
If that fails, then download and run smitfraudfix and vundofix (google them and follow instructions on how to use them correctly).

I'll try Superantispyware now, then I'll try smitfraudfix and vundofix.

Edit: On a side note its also stopping me from opening task manager, and has also removed everything from the start menu.

Also tried running scans in safe mode

Swordfish · 17 Oct 2008 at 20:09

smithfraud fix and combofix. both run in safe mode. works very well for me in machines with bad infextions.

Stevev · 17 Oct 2008 at 20:13

Just gonna let Superantispyware finish running then I'll try smitfraudfix, Vundofix & combofix. If these don't manage to fix the problem would it be best to just format ?

braveheart · 17 Oct 2008 at 20:35

switch off restore point and enter safe mode and then scan your software - try 30 days free trial Kaspersky AV also CounterSpy V3 and see if it high risk but it not free software.. I used KIS 2009 and CS V3...

you need switch off Restore point then reboot and enter Safe mode and scan and if you can remove it and then reboot it again.

GSDog · 17 Oct 2008 at 21:34

Stevev said:
Just gonna let Superantispyware finish running then I'll try smitfraudfix, Vundofix & combofix. If these don't manage to fix the problem would it be best to just format ?

I'm pretty confident they'll be able to remove it. It sounds like a load of vundo infections and those tools are the best at removing them.

If however they are not able to remove them, then you might want to try using HiJackThis and posting a log on here. It'll show what is running on the PC and some people might be able to help you remove the infections manually, but it could take some time.

rickyt · 18 Oct 2008 at 12:24

How have you managed with the laptop ?
I've just had a PC in for repair with this -VIRUS ALERT- ransomware on . It's a killer to remove without the right software .This thing hid the HDD & CD -ROM , disabled the desktop properties , registry editor and loads of other things .It's all gone now , thanks to some excellent software .

Stevev · 18 Oct 2008 at 15:43

Managed to get it clean with Combofix and Vundofix. I'm just scanning it through one more time to make sure its all clean.