It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

dallawagot - New virus?

page: 1
0

log in

join
share:

posted on Feb, 27 2006 @ 03:20 PM
link   
A friend of mine has this on her computer, and after finding the exe, i cannot remove it. Everytime it gets deleted, it just reappears. I've tried a few methods, like switching off system restore (read on a site somewhere this can prevent files from duplicating themselves, which i never knew), and hard-deleting it with no luck (no antivirus/spyware removal tool that i have tried has detected it either). Google gives me one website that is absolutely no help at all, so i ask you, belowtopsecret, for help.

How can i perminatly remove this?
And does anybody have any other information abot the virus/worm/whatever itself?

Thanks,
vishnu192




posted on Feb, 27 2006 @ 03:29 PM
link   
Try booting in safe mode, and deleting the file. A file won't delete if it's being used, and if it's a virus, then it is probably being used. Also, try start>run>msconfig. select the startup tab, and uncheck anything you don't want starting when you boot the machine. you can uncheck all of these items and not suffer any major problems.

To be sure, try an online virus scan like this to catch items that may have altered your own antivirus's definitions.



posted on Feb, 27 2006 @ 04:25 PM
link   
msconfig was the first thing i looked at, but it always puts itself back in there when the computer is restarted.
The file gets deleted, it just reappears seconds afterwards. i've closed all the processes which could cause this to happen, but it still happens.
I'll give that link, and safe mode, a shot tomorrow
Thanks alot



posted on Feb, 27 2006 @ 04:29 PM
link   
Try running Windows Defender that you can find at Microsoft

You could also try running Microsoft Online Virus Scan

I work on a microsoft contract and have not heard anything about this but the not being to remove the item itself is very common.

Try these scans and see what you come up with. I am sure its only something minor.



posted on Feb, 27 2006 @ 05:44 PM
link   
Na, its not a virus. Just more spyware.

Spyware vendors have figured out how to insert items into the registry under one name, in a manner that points to a file under another name. The filenames are random, so you cant find out much about it. Generally the only thing the names have in common is that they are a series of letters or numbers that dont make a word. When you delete the file, the registry entry puts it right back. Until you find that registry entry, you will never get rid of it.

It is generally in Current_user\software\Microsoft\Windows\CurrentVersion\Run
but there are other locations they hide it in.

I would suggest that you search this BTS forum for posts on how to use hijackthis, and follow the advanced techniques to rid yourself of this troublemaker. I have made several posts about hijackthis, and the web based hijackthis automated log analyzer that will help you identify the culprit. Study hijackthis until you understand it completely. Then destroy the pest.

Best of Luck
makeitso



[edit on 2/27/06 by makeitso]



posted on Mar, 1 2006 @ 02:54 PM
link   
Thanks for all your help people - ill have a look at hijackthis and see if that does the trick.

Thanks again



posted on Mar, 1 2006 @ 02:59 PM
link   
I would also recommending looking under:

HKeyLocalMachine/Software/Microsoft/Windows/Explorer/BrowserHelperObjects/ Delete anything under here.

MAST was a good program for this as well, but its no longer available. Windows Defender is new and have not run it yet, but probably has the same features.

Be careful with Hijack this and I would learn about it before just clicking away on things.




top topics



 
0

log in

join