virus
- Thread starter mondo
- Start date
If you're able to find out exactly what infection(s) you have you may be able to remove it/them.
You should be able to find some clues by looking in either msconfig, the registry and your WINDOWS/system folders. Malware authors tend to follow the same patterns...
Add a program or programs to start-up (Odd programs that are listed in Startup in MsConfig or CurrentVersion\Run in the registry are always a good place to start)
Modify the registry to either hook the Explorer or Internet Explorer Control class or modify entries for network services
Create files in the Windows, System32, Temp folders, most people tend to stay out of them for fear of breaking something....
Create programs or DLL's with unusual names. The names may be obvious such as random text strings of certain lengths (eg xfsddrts.dll/.exe) or they may be slightly more cunning look for ones prefixed WIN/WIN32/SYS/NET with underscores (WIN_NETASD.DLL) or capital letters.
Open ports that would not normally be open.
Target specific AV/Anti-Spyware solutions - authors tend to have a favourites targets to go after (Mcaffee used to be a common one)
Most malware will do at least one of the above. Once you've found something to identify what it is you've got you can take steps to remove it.
You should be able to find some clues by looking in either msconfig, the registry and your WINDOWS/system folders. Malware authors tend to follow the same patterns...
Add a program or programs to start-up (Odd programs that are listed in Startup in MsConfig or CurrentVersion\Run in the registry are always a good place to start)
Modify the registry to either hook the Explorer or Internet Explorer Control class or modify entries for network services
Create files in the Windows, System32, Temp folders, most people tend to stay out of them for fear of breaking something....
Create programs or DLL's with unusual names. The names may be obvious such as random text strings of certain lengths (eg xfsddrts.dll/.exe) or they may be slightly more cunning look for ones prefixed WIN/WIN32/SYS/NET with underscores (WIN_NETASD.DLL) or capital letters.
Open ports that would not normally be open.
Target specific AV/Anti-Spyware solutions - authors tend to have a favourites targets to go after (Mcaffee used to be a common one)
Most malware will do at least one of the above. Once you've found something to identify what it is you've got you can take steps to remove it.