Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Virus Attack


  • Please log in to reply
27 replies to this topic

#1 Richard ken

Richard ken

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 AM

Posted 06 October 2007 - 02:01 PM

Yeah im sort of infected with a trojan horse virus every time when i open my computer it pop up a warning saying a virus been detected and i move it to the chest but it doesn't work please help heres a picture at http://s227.photobucket.com/albums/dd176/d...p;current=1.jpg and http://s227.photobucket.com/albums/dd176/d...nt=untitled.jpg

Edited by Richard ken, 06 October 2007 - 05:49 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:58 AM

Posted 06 October 2007 - 02:56 PM

Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the Administrator's account or an account with administrator privileges? You can also Use the "Run As" Command to Start a Program as an Administrator.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Dr.Web CureIt as follows:
  • Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop. (You can use Notepad to open the DrWeb.cvs report)
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Richard ken

Richard ken
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 AM

Posted 07 October 2007 - 09:29 AM

Do u have a short way to delete the trojan?


Mod Edit: Edited to remove unnecessary quote. ~tg

Edited by tg1911, 07 October 2007 - 10:32 AM.


#4 Richard ken

Richard ken
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 AM

Posted 07 October 2007 - 12:33 PM

heres a picture of the virus and stuff http://s227.photobucket.com/albums/dd176/d...=untitled-1.jpg


Mod Edit:~To remove unnecessary quote~ TMacK

Edited by TMacK, 07 October 2007 - 12:37 PM.


#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:58 AM

Posted 07 October 2007 - 12:37 PM

Richard ken,
When replying to a post, don't use the QUOTE button under the post, unless there is something specifically in the post, that you want to quote.
Either use the button at the top of the page labeled Add Reply, or one of the 2 buttons at the bottom of the page, labeled Fast Reply, and Add Reply.
It keeps from cluttering up the board with unnecessary quotes.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:58 AM

Posted 07 October 2007 - 01:54 PM

Do u have a short way to delete the trojan?

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Richard ken

Richard ken
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 AM

Posted 07 October 2007 - 07:19 PM

Okay will this steps delete the stuff i have on my desktop? Also how u put it in safe mode?

Edited by Richard ken, 07 October 2007 - 07:19 PM.


#8 Richard ken

Richard ken
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 AM

Posted 07 October 2007 - 07:39 PM

Richard ken,
When replying to a post, don't use the QUOTE button under the post, unless there is something specifically in the post, that you want to quote.
Either use the button at the top of the page labeled Add Reply, or one of the 2 buttons at the bottom of the page, labeled Fast Reply, and Add Reply.
It keeps from cluttering up the board with unnecessary quotes.

Will the person know that i reply back to them?

#9 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:58 AM

Posted 07 October 2007 - 08:15 PM

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Since Norton identified "Vundo", you should use the tools below after following Quietman7's instructions.
http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/
The site for downloading Vundofix is NOT working now. (www. atribune.org)
You can try again tomorrow.
--------------------------------------------------------------------------------

Another program that removes Vundo is Super Antispyware.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:58 AM

Posted 08 October 2007 - 07:47 AM

Okay will this steps delete the stuff i have on my desktop?

As I already said there are are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job.

Will the person know that i reply back to them?

Yes but we are not logged into the site 24 hrs a day. Staff members and advanced members are volunteers and help whenever they can so you need to be patient.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Richard ken

Richard ken
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 AM

Posted 08 October 2007 - 10:12 AM

Yeah buddy215 your step worked but it still have the avast warning pop up but it did not pop up twice and wat so important about turning to safe mode?

#12 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:06:58 AM

Posted 08 October 2007 - 10:38 AM

While in Safe Mode, only specific programs and files needed to run the OS are loaded.
However, because just the essential programs and files are loaded in Safe Mode, this allows us to remove some Spyware, Adware, Viruses and such that cannot be removed in Normal Mode.

Did you also run the scans recommended in quietman7 Post #2?
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#13 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:58 AM

Posted 08 October 2007 - 11:31 AM

I just checked and the Vundofix site is now working. Or have you already used that tool?
http://vundofix.atribune.org/
Vundo and the malware it puts on your computer can be difficult.
Explain more of what is happening now on your computer.

To add to what Tmack posted:
Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode can prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

''In safe mode, you have access to only basic files and drivers
(mouse, monitor, keyboard, mass storage, base video, default system
services), just the minimum device drivers required to start Windows.''

Because of that some malware does not load in Safe Mode and is easier to get
rid of.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Richard ken

Richard ken
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 AM

Posted 09 October 2007 - 04:39 PM

Okay i didnt follow quietman7 instruction but if u think it will get rid of the virus i will and i follow buddy215 way but it did not delete the trojan horse?

#15 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:06:58 AM

Posted 09 October 2007 - 05:08 PM

Yes, now please complete the scans as quietman7 has instructed.

Like quietman7 said previously,

As I already said there are are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job.


Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users