Please help with computer virus................

[DAVE VAN]

I have somehow gotten a Trojan Virus on my home system that I can't get rid of. I am running Symantic Internet Security program but it got right by it. I am also running Microsoft Spyware Beta. I have turned "System Restore" off and restarted in safe mode and re-run all anti-virus programs. The programs sometimes detect the virus but can't delete it. It is a real pain to use the system right now as there are constant windows warnings popping up on the screen. I have switched to Firefox as my browser as I think MSN Internet Explorer was the problem to begin with. I am about to trash the system and reboot the hard drive. The system is really not usable now. Do any of you tech gurus have any advice?
***************************************************************
Update: I downloaded AVG 7.0 anti virus from Grisoft and it wiped out the viruses first try. Norton Internet Security, Ad Aware SE, and Microsoft Anti-Spyware all failed. Guess which one I will buy in the future?
Thanks everyone for all your help.

 

[Rich Gibson]

I have somehow gotten a Trojan Virus on my home system that I can't get rid of. I am running Symantic Internet Security program but it got right by it. I am also running Microsoft Spyware Beta. I have turned "System Restore" off and restarted in safe mode and re-run all anti-virus programs. The programs sometimes detect the virus but can't delete it. It is a real pain to use the system right now as there are constant windows warnings popping up on the screen. I have switched to Firefox as my browser as I think MSN Internet Explorer was the problem to begin with. I am about to trash the system and reboot the hard drive. The system is really not usable now. Do any of you tech gurus have any advice?

I use a combination of Spy sweeper and Zonealert. Spy sweeper has successfully kept all the "doubleclick" type bots out of my computer but also detected a trojan horse and quaranteened it. Zone alert suite ($69.00 US) not only has a virus checker but prevents applications from exiting your computer.

I've gradually gotten rid of my Symantec utilities. They've grown too big and heavy handed. Basically they load onto your computer and ask for money to continue your subscription. I think all of the protection applications are moving in that direction but Symantec is a real hassle if you do get into trouble. The times I sought help I wound up going through a circle of web-site pages with no solution.

Rich

Rich

 

[DAVE VAN]

I've gradually gotten rid of my Symantec utilities. They've grown too big and heavy handed. Basically they load onto your computer and ask for money to continue your subscription. I think all of the protection applications are moving in that direction but Symantec is a real hassle if you do get into trouble.

Thanks Rich for the response. I agree about Symantec, all it seems to do is make the system run slower and it doesn't really work that well anyway. Its really frustrating when Symantec detects a virus but than tells you it can't do anything with it :x
I have the viruses isolated but I still can't delete them. I hesitate to load yet another spyware program as I presently have about 5 now installed and none of them work.

 

[Steve S]

You need to identify it, then go to Symantec's website

Once you ID it, they have tools to help you get rid of it, esp if it's an esp nasty one that Norton AV can't eradicate on it's own. I got the Klez Worm a couple yrs ago, and used their Klez Worm removal tool to get rid of it. Was Norton AV able to Quarrantine it, or at least ID it?

 

[bravocharlie]

Now that you have it isolated....try the following:

Whereever you have it isolated, there must be a file name or two that is specific to the virus.

Do a search through your registry start>run>regedit>edit>find (insert file name without file extension), click on find and see what you come up with. Make sure that you have the first thing in your regedit list selected so the search starts at the beginning of your registry. Anytime you find the string of letters, make sure what it is and delete it, then continue your search through the end of the registry.

After that is complete, start>run>msconfig>startup tab
Scroll down through this list and uncheck anything that resembles the virus name or file within the virus folder.

Then, go to the windows\system32 folder and search for entries there resembling the virus.

Reboot.

If it is still there, continue to search the rest of your computer for variations of the file name (without file extension)

Hope this helps.

P.S. Be very careful and deliberate when editing your registry.

Reboot.

 

[DAVE VAN]

Once you ID it, they have tools to help you get rid of it, esp if it's an esp nasty one that Norton AV can't eradicate on it's own. I got the Klez Worm a couple yrs ago, and used their Klez Worm removal tool to get rid of it. Was Norton AV able to Quarrantine it, or at least ID it?

Thanks for responding Steve,
After running Norton, it identifies the threat. When I then run the repair/delete option it goes thru the motions but when I check it says it failed to delete or quarantine it. I went to the Norton site for more info, but they don't have any method of removing it. It has embedded itself in the windows system 32 directory. It seems to rename and duplicate itself. The constant windows pop-up warnings state a different .exe file is trying to start. I thought that turning system restore off and starting in safe mode would allow me to delete the file. When I try to manually delete the file it says that the file is "write protected" and I don't have access to delete it. Please help.........

 

[Steve S]

Email Symantec with your problem

They've helped me out before, when I asked them to. Good luck, and keep us posted!

 

[DAVE VAN]

Now that you have it isolated....try the following:

Whereever you have it isolated, there must be a file name or two that is specific to the virus.

Do a search through your registry start>run>regedit>edit>find (insert file name without file extension), click on find and see what you come up with. Make sure that you have the first thing in your regedit list selected so the search starts at the beginning of your registry. Anytime you find the string of letters, make sure what it is and delete it, then continue your search through the end of the registry.

After that is complete, start>run>msconfig>startup tab
Scroll down through this list and uncheck anything that resembles the virus name or file within the virus folder.

Then, go to the windows\system32 folder and search for entries there resembling the virus.

Reboot.

If it is still there, continue to search the rest of your computer for variations of the file name (without file extension)

Hope this helps.

P.S. Be very careful and deliberate when editing your registry.

Reboot.

Thanks for the info. I will try this tonight. I am running XP home edition. I have the computer setup for 3 users. I am the administrator. I was able the other night to get rid of the virus and the computer was running fine. I shut down and restarted a couple of times and everything was fine. Yesterday my wife signed on under her user and the virus was back. It also appears in my sons user profile. I would have thought that if I deleted it under my profile it was gone from the system. I am very frustrated :x

hey've helped me out before, when I asked them to. Good luck, and keep us posted!

Thanks Steve, I might end up giving them a call if the above doesn't work.

 

[linm]

Try AVG

Try AVG. I have a computer geek friend who swears that it will find and get rid of alot of viruses that Norton can't touch. I've never had one so I can't say for sure. There is a free version to download but if you like it, I'd suggest the paid one.

http://www.grisoft.com/doc/1

Lin

 

[TOLady]

Just a thought: if you already know the location and you know the name, try booting in DOS mode, and delete through there.
I'd would HIGHLY recommend Norton Ghost once you get this fixed. You make an image of your C: drive (I store this image on my D: drive) and if something like this happens, I just restore the image as it completely overwrites anything on C: and I'm back up in 8 minutes. I know this is "barn door after horse has gone" but it might help you and others in the future. Also, store ALL data files on separate drive, never the C: drive. I've aimed WindowsXP to my D: drive for 'My Documents' so there's not chance of data being incorrectly stored.

 

[DAVE VAN]

Re: Try AVG

Try AVG. I have a computer geek friend who swears that it will find and get rid of alot of viruses that Norton can't touch. I've never had one so I can't say for sure. There is a free version to download but if you like it, I'd suggest the paid one.

http://www.grisoft.com/doc/1

Lin

Thanks for the reply. I actually was browsing some of the "geek" websites and I saw it mentioned a few times. I will give it a look and see what happens.

Just a thought: if you already know the location and you know the name, try booting in DOS mode, and delete through there.
I'd would HIGHLY recommend Norton Ghost once you get this fixed. You make an image of your C: drive (I store this image on my D: drive) and if something like this happens, I just restore the image as it completely overwrites anything on C: and I'm back up in 8 minutes. I know this is "barn door after horse has gone" but it might help you and others in the future. Also, store ALL data files on separate drive, never the C: drive. I've aimed WindowsXP to my D: drive for 'My Documents' so there's not chance of data being incorrectly stored.

Thanks for the info. I will setup my system this way when I finally get it fixed. I was thinking of booting up in DOS to delete the file. Just another thing to try. :?

 

[Gale]

I use AVG as well, free version. Avg up-dates auto everyday.

A "threat" maybe is why you "think" you can't find it. Because it may not be there.

Do a search for online trojan scanners. I can't remember them all right now.

Norton is not good for an OS in my opinion. I would not use it for free. I would use nothing first.

I get the name and search google for it and take it out manually, using reg-edit. After you find the first string and right click and delete go back to find and just hit F3 or find again until it finds no more strings.

The strings on the right hand side of screen.

Sometimes if you understand file names and programs you may have to delete from left hand side of that screen.

I also do a manual back up of the registry when the machine is running correctly. I am not talking the restore point. A back up can be done in reg-edit. Then I keep it up-dated and usually on a cd/rw. Remove old reg file and replace with new.

Hope that helps.

 

[celia bule]

A few months ago I had the same problem with a Trojan and with the advice taken at DPReview I downloaded AVG and got the problem solved. It is the best anti virus I know even in it´s free version, that I'm currently using. Ever since I downloaded it I stopped having troubles with viruses.

 

[Gale]

PS: Trojans and Viruses are different.....

Avg may pick up the Trojan and tell you the name and location, but may only be able to remove part.

Always write down ever word from avg and go hunting on google. You will prob have to pick out manually.

Avg does the viruses in for sure. Iam glad it detetcs the Trojan. Makes it easier.

A Trojan may carry 1 or 2 viruses with it. They are nasty.

 

[jklofft]

You can look in the registry and id what is loading at start-up time. Then there is a utility that will delete even loaded (aka locked) .exe and .dll. Once you delete the thing that is spawning everything, Norton or something else should be able to clean everything else out.