Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Can't Download Ad Aware And Have Trojan


  • Please log in to reply
8 replies to this topic

#1 enkvargas

enkvargas

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 21 January 2008 - 04:31 PM

I have a trojan virus (tries to run Deus Cleaner) that I am trying to remove. I went to download ad aware but a a window pops up saying windows installer can't run properly. I therefore can't run it to remove the trojan. I tried to download a microsoft update for the windows installer but I can't fo that either. Any suggestions?

Kathy

Edited by enkvargas, 21 January 2008 - 04:34 PM.


BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,715 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:35 PM

Posted 21 January 2008 - 10:13 PM

Do you have any other security software on your computer? Have you tried scanning with them in safe mode?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:35 PM

Posted 21 January 2008 - 10:57 PM

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".

If you cannot download it from your machine, download from another, save to a usb stick and transfer to the infected pc.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 enkvargas

enkvargas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 22 January 2008 - 11:26 AM

I ran bitdefender which let me know there was something but it couldn't remove it. I ran a spyware which found other things but not these. I tried to install ad aware because that is what worked for another computer.

I was able to do cureit. It found this:

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Moved.;
EN_CA-ie.reg;C:\hp\region;Trojan.StartPage.1505;Deleted.;
A0000016.reg;C:\System Volume Information\_restore{D59E603E-E779-4255-A506-9792E7E8B0AB}\RP3;Trojan.StartPage.1505;Deleted.;

It looks like two got deleted. What do I do with the one that couldn't be deleted only moved?

BTW Thanks for all you've done to help so far.
Kathy

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:35 PM

Posted 22 January 2008 - 11:48 AM

KillWind was moved/quarantined by Dr.Web CureIt.

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it from within the program. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "False Positive". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer.

KillWind.exe was probably flagged as a "Potentially unwanted tool" (not a virus). That means it has the potential for being misused by others. Anti-malware scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In your case the file appears to be part of the HP application. KillWind.exe and other executables are part of the Backweb program that HP installs on all Pavilion PC's. Backweb enables HP to connect directly to a PC when it is connected to the Internet without your knowledge.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 enkvargas

enkvargas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 22 January 2008 - 11:55 AM

Thanks so much for all your help windows installer is running again as are any microsoft updates. I cuurently use spysweeper and bit defender. What else do you recommend besides these that would avoid me getting this far in the future?

Again thanks so much for your help.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:35 PM

Posted 22 January 2008 - 12:05 PM

Your welcome.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1".
"Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 enkvargas

enkvargas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 29 January 2008 - 01:22 PM

The virus is back. I changed the settings like the article recommended. I've been running different scans but somehow it never got removed or it somehow came back. Any other suggetions?? I haven't done much by the way of internet this week so it's very unlikely that this was the cause. Is it possible the one moved file really is a problem?

Edited by enkvargas, 29 January 2008 - 01:23 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:35 PM

Posted 29 January 2008 - 01:30 PM

Can you provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users