Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware / Winhound Help!


  • Please log in to reply
5 replies to this topic

#1 Verown

Verown

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 29 November 2005 - 11:18 AM

Hello, i have found out by using adware se that i have malware running and i can't seem to fix it, i removed all of it from my temp / temp int files and such and scanned it all with my spyware tools but heres the problem, EVERY time i restart "winhound" gets created and executed and starts running, don't know what it is never wanted it on my computer and don't know how to get rid of it i un install it and remove all of the files and exe's with it but it comes back and remakes itself every restrart. every time win hound runs... adware finds like 97 new files (all labeled "malware.psguard" ) that i have to remove, so i tried to find out what processes were running that i don't normally know of on start up and the only thing i saw was "userinit.exe" that i was unfamiliar with... "every time i restart a winhound.exe" appears in my temp folders and executes itself.

i tried going through the help site using the "autoruns" program but i really don't know what files to disable and i could really use some help... my buddy is giving me his norton antivirus that he never installed so maybe that will help but please if u have any suggestions please help :thumbsup:

i used the autorun folder and "deleted the autorun for winhound" but it keeps reapearing in there..

i took a picture of my processes during my start up here it is

Posted Image

Edited by Verown, 29 November 2005 - 11:28 AM.


BC AdBot (Login to Remove)

 


#2 rms4evr

rms4evr

  • Members
  • 812 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East Coast
  • Local time:12:44 PM

Posted 29 November 2005 - 11:52 AM

Have you tried running the adware se and norton in safe mode? Sometimes programs that can't be removed normally can be removed in safe mode, because the malicious processes can only run during normal operation.

If you don't know how to get into safe mode, follow this tutorial:

Safe Mode

Are you running with windows xp? I'm no expert, so if the adware and norton don't work in safe mode, you should probably post a hijack this log in the appropriate forum:

Hijack this! Forum

And, here is a step-by-step guide to preparing a hijack this log:

Hijack this! preparation

I know that this is a lot of reading to do. But these people are experts (unlike me!) who will do everything in their power to free your computer of the infection.

BTW, after you post a log DO NOT REPLY!!!! If you reply to your log and ask why no one has responded, then a hijack this team member will assume that you are being helped, and will not look at the log. Just be patient! Lots of other people need help too!

Hope your problem gets resolved!!!

#3 Verown

Verown
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 29 November 2005 - 12:03 PM

alright thanks but i have not yet got norton in im getting it from him when he's out of class in a few hours, and i'll try the safe mode stuff out asap

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:44 AM

Posted 30 November 2005 - 06:54 AM

We have removal instructions that include psguard in our Spyware Removal & Malware Self-Help and Reading Room. See How to remove the Smitfraud / Quicknavigate / VirtualMaid, Self-Help Guide Options . As rms4evr mentions, your best option is to post a log and let our HiJack Team help you remove this.

Disabling System Restore before removing viruses is not a good idea as having an infected restore point is better than having none at all.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 Nicky

Nicky

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 30 November 2005 - 07:20 AM

Leurgy, I agree that system restore is an essential utility, but Verown says that "EVERY time i restart "winhound" gets created and executed and starts running, don't know what it is never wanted it on my computer and don't know how to get rid of it i un install it and remove all of the files and exe's with it but it comes back and remakes itself every restrart."

Which suggests that he has a problem in his backup folder and is getting re-infected each time he restarts.

look at:
http://support.f-secure.com/enu/home/virus...emrestore.shtml
http://forum.grisoft.cz/freeforum/read.php?4,27725,27725
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

I still think that he should disable system restore, go into safe mode and run all the apps, then reboot and re-enable sys restore.

Are you going to remove this post?

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:44 AM

Posted 30 November 2005 - 07:41 AM

FSecure doesn't say to disable SR before cleaning and neither does McAfee. AVG is ambiguous about it. The policy that our HiJack team uses is as I stated. Normally, you won't be reinfected from an infected restore point unless you actually restore. If your system is Fat32 then your antivirus/spyware/adware programs can clean SR, but an NTFS system protects the SR and the restore points must be deleted so without knowing the file system you can't be sure disabling SR will do anything at all.

Most malware doesn't need system restore to return but relies on files like .dll's and registry entries to reinfect.

You will receive a PM from the Moderator who removed that post shortly.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users