2006-06-19 15:31:26 · 5 answers · asked by rusty4me02 1 in Computers & Internet ➔ Other - Computers
Spysweeper is reported to be able to remove it. You can download the free trial at spysweeper.com. Also try going to www.trendmicro.com and using their free anti-spyware scan.
2006-06-19 15:36:53 · answer #1 · answered by nighthawk_842003 6 · 0⤊ 0⤋
This is the best way I know to get rid of viruses.
1. Reboot the PC in safe mode. Do this by restarting and pressing F8 about once per second until a boot menu comes up. Choose safe mode.
2. Run your anti-virus program from there.
3. If the virus comes up in a file named "Restore", you will have to cut off System restore. Do this by going to Start>Control Panel>Maintenance>System, and click on the System Restore tab, uncheck the box.
4. Run your anti-virus again.
While you're there in safe mode, you might as well run anti-spyware, as well.
Just as an afterthought, I suggest AVG anti-virus from Grisoft. It is free, and probably the most effective and least system sapping anti-virus availible. Get it from Http://free.grisoft.com .
And I use BOTH Ad-Aware and Spybot S&D for my anti-spyware. Get Spybot from Http://www.safer-networking.org , and get Ad-Aware from Http://www.lavasoft.com . They are both free and great. Also, switch from Internet Explorer to Firefox. It is almost impossible to pick up viruses using Firefox due to the way it handles "Scripts". Get it from http:www.mozilla.com .
Good luck to you.
2006-06-19 22:42:49 · answer #2 · answered by Jamie 5 · 0⤊ 0⤋
Check this forum:
http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=233378&SiteID=2
Download and run Windows Defender from Microsoft web site.
2006-06-19 22:39:44 · answer #3 · answered by rovita54 1 · 0⤊ 0⤋
Ok
Please download Ewido-Free Download: http://www.ewido.net/en/
Install and update it. Do not scan
Download and unzip to a new folder on desktop:
http://noahdfear.geekstogo.com/smitRem.zip
Download this scanner – mwav exe http://www.spywareinfo.dk/download/mwav.exe
And this scanner - cureit.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called: System Startup Service (SvcProc)
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Then run Hijackthis and place a check beside each of the following. Once you have checked them, click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - D:\WINDOWS\dsr.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - D:\WINDOWS\AuroraHandler.dll
O4 - HKLM\..\Run: [Dinst] D:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [znyvih] d:\windows\system32\writllm.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - D:\WINDOWS\svcproc.exe
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
Open Folder Options in Controlpanel >view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
D:\WINDOWS\Nail.exe
D:\WINDOWS\dsr.dll
D:\WINDOWS\AuroraHandler.dll
D:\WINDOWS\dinst.exe
d:\windows\system32\writllm.exe
D:\WINDOWS\svcproc.exe
Run the mwav scanner:
Put a checkmark in:
Memory, Startup folders, drive, Registry, System folders og Services.
And:
All local drives og Scan all files
Push: Scan Button
The scan can take a couple of hours
Open folder with smitrem and run RunThis.bat
Run full scan with Ewido
Reboot
Go to Start | Run and type: cleanmgr.exe and hit enter.
When prompted what drive to clean select your hard drive c:
If asked what folders to clean in a list, tick them all to clean all temp folders, downloaded program folders, temporary internet files, etc., and the recycle/trash bin.
Post fresh hijackthis log
2006-06-19 22:41:22 · answer #4 · answered by Olykzantr Marquisinoix 1 · 0⤊ 0⤋
I am having the same problem too. I think you will have to buy another one. Try CNet and ZD-Net for downloads and ratings.
2006-06-19 22:38:31 · answer #5 · answered by Yardie 1 · 0⤊ 0⤋