Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus


  • Please log in to reply
5 replies to this topic

#1 Boxers

Boxers

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 21 June 2006 - 06:32 PM

My son has running a Toshiba laptop with Bullguard anti-virus.

It found a file that it can not repair and I can not delete it manualy. I have tried as Admin and as user. The file is located as follows.

C:windows\system32\kbdvut.dll

I have attempted to rename, delete (shift+del) and I have open with notepad and change char., but all attempts failed due to "It is being used by another person or program"

Any suggestions. I am waiting for Bullguard's reply and will post if the have better solution.

Thanks

Boxers

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:11 PM

Posted 21 June 2006 - 07:05 PM

Have you tried deleting it in Safe Mode?
How to start Windows in Safe Mode
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Boxers

Boxers
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 21 June 2006 - 07:16 PM

I tried the safe mode and got the "It is being used by another person or program".

I am trying a "KILLbox" that BullGuard e-mailed. I hope that this works.
It allowed me to delete it, but am rerunning the program. It has found 1 virus.

Just because he is in college does not mean he uses all brain cells.

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:08:11 PM

Posted 21 June 2006 - 11:17 PM

Run both Adaware and Spybot Search and Destroy from safe mode, after updating each program’s malware definitions. Set them both to fix what they find.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE: http://www.majorgeeks.com/download506.html

*Spybot S&D: http://www.safer-networking.org/en/index.html

Following that that I suggest you post a “HijackThis” log for expert assistance with your possible malware infection.

Read the pinned post in our “HijackThis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.


A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make your computer to be different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

#5 Boxers

Boxers
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 22 June 2006 - 07:12 AM

Thanks for the advice. I have all those programs and run and update them weekly, but the file is a trojan virus. Spybot and Ad-aware miss it due to it being a virus. I worked with BullGuard last night and we finally got a resolve.....They e-mailed me a "KILLbox" file that I ran and got the damn thing off.

I love hijack this also.

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:08:11 PM

Posted 22 June 2006 - 08:15 AM

Unless you are expert at the registry we recommend that you do not use HJT by yourself but rather post your HJT log on our HJT forum for expert assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users