English Deutsch Français Italiano Español Português 繁體中文 Bahasa Indonesia Tiếng Việt ภาษาไทย
All categories

Ok, I did a full scan with the latest definitions. I quarantined and then deleted the infected files. But there are two files that it said it "left alone" I right click on it and click properties, and it said that it failed to quarantine it and delete it. And in the instructions, it says it can still spead if its not taken care of. I don't get it, how do I fix those files. The files are "winlogon.exe" and "lsass.exe" The name of the virus was W32.RONTOKBRO@MM. Thosea are the only two files it wont do anything about. But, still the computer is running very well, but I dont want those files to become a problem later. Please help....I'll give you ten points!!

2006-09-18 08:30:36 · 8 answers · asked by Casey 3 in Computers & Internet Security

8 answers

Very good question. I've run into that many times myself and always scratch my head. Here are some things to try and keep in mind.

First, I like Symantec and think it's the best of breed for antivirus and firewall protection at home. However, it is not 100% successful as you have experienced. I highly suggest purchasing SpySweeper (www.spysweeper.com) for $30.
I've tested them all (I'm an IT professional) and SPySweeper does the best job when it comes to online protection, especially from those annoying adware/spyware backdoor trojans and pop-up ads, etc. I always have a good antivirus program (symantec) and a spysweeper running at all times.

As for removing the files that symantec can't remove, I would do a search on your entire hard drive for those files (using *) and rename them or move them to a floppy disk or CD-R. Then replace them with new copies taken from another system similar to your's or from your Windows XP CD. Also do a search on google or on Symantec's site or mcafee's for those files and the virus mentioned. They often times has a free utility that removes the toughest strains that their programs can't remove themselves.

2006-09-18 08:39:29 · answer #1 · answered by thepaissano 1 · 0 0

Don't delete those files, they are both necessary for Windows to operate. If they are truely infected you can try starting in safe mode then scanning. You can also try replacing both files from the Windows CD (using the expand command) but you have to start the computer in safe mode with the dos prompt. You may have to copy both those files to your hard drive first (to a temp directory) if your system cannot read the CD in safe mode.

2006-09-18 08:34:25 · answer #2 · answered by smgray99 7 · 0 0

have had the same problem. So i know what you are going through, so this is what you must do. Go to this website http://www.iolo.com/sm/
Then download System Mechanic professional 6. After you have installed it run drivescrubber2. After that is done restart the pc. You have fixed your problem. The problem was a couple of your windows files were infected. that needs to be fixed right away. And this program will fix it like nothing was ever there. You are done and your pc is like brand new and nothing was ever there. That will solve the problem.

2006-09-18 08:35:17 · answer #3 · answered by wiz_on_line 3 · 0 1

This is a Worm. Your Symantec might not be able to remove it because it is in hidden files and folders not allow the program access to.

This procedure will open these areas and allow removal. If Symantec AV doesn't remove it, then try other programs to remove it. Continue to use this procedure:

Malware is a general word for all form of Viruses, Spyware etc. This procedure works for all Malware. Replace the Ewido program with the appropriate program.

You might be unable to access the Internet after removing the Malware so you will need to run LSPfix or Winsockxpfix (as appropriate).

LSPfix: all Windows OS except 95.

http://www.cexx.org/lspfix.htm

Winsock XP Fix: Windows XP only.

http://www.spychecker.com/program/winsockxpfix.html



UPDATE YOUR ANTI-VIRUS OR ANTI-SPYWARE PROGRAM.


Let's get cleaning

Part 1

• Temporarily show hidden files.

For Windows XP:

1.
Click Start, and then click Control Panel.

2.
Click Appearance and Themes, and then click Folder Options.

3.
On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.



For older systems:

1.
Double-click My Computer, click View, and then click Folder Options.

2.
On the View tab, under "Hidden files and folders", click "Show hidden files and folders", and clear (uncheck) the "Hide protected operating system files" check box.


IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.


Empty your Internet Explorer cache and your other temporary file folders:

1.
On the Internet Explorer Tools menu, click Internet Options.

2.
On the General tab, in the Temporary Internet Files section, click the Delete Files button. This will delete all the files that are currently stored in your cache.

3.
Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK.

4.
Click OK again.

Restart in Safe Mode:

To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."

Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.



START RUNNING YOUR SCANNER.


When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode.

If you are unable to access the Internet after removing Malware you will need to run LSPfix or Winsockxpfix (as appropriate).


If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem, removing the need to run Winsockxpfix. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the dialogue box that appears. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.


The last steps

If you are running Windows XP or Windows ME, and your computer has been successfully cleaned of Malware, there is one more thing that needs to be done.

Delete any old restore points and then create a new restore one. The old ones may, of course, be infected with the Malware and cannot be used.

First, start and then stop the Restore Service. This is done differently depending on what operating system you are running.

Windows XP:

1.
Click Start, and then click Control Panel.

2.
Click Performance and Maintenance, click System, and then click on the System Restore tab.

3.
Select the Turn Off System Restore check box, click Apply, then restart your computer.

4.
Return to the System Restore Tab and turn System Restore back on.


Windows ME:

1.
Click Start, click Control Panel, click System.

2.
Click Performance, click File System, and then click Troubleshooting.

3.
Enable the option Disable System Restore, click Apply then restart your computer.

4.
Return to the Troubleshooting tab and turn System Restore back on.


To set a manual restore point complete the following steps:

1.
Click the Start button.

2.
Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.

3.
Choose Create a restore point, and then click Next.

4.
In the Restore point description box, type a name for your restore point, and then click Next.

5.
Click OK.

2006-09-18 09:13:57 · answer #4 · answered by Anonymous · 0 0

Rkill isn't an Antivirus utility, that's a great gadget for removing/cleanup after a device is already contaminated in spite of if.. in case you want an incredible AV utility Google Avira its impressive and unfastened! i've got used it for over 8 years on the two my laptops and laptop its super. Its the only AV i understand of that makes use of heuristic scanning to bump into/do away with/preclude new and old virus's.

2016-10-15 03:27:32 · answer #5 · answered by ? 4 · 0 0

hello
ok this is how your going to fix the pc ,
1 xoftspy422
XoftSpy 4.22 is
http://www.paretologic.com/products.aspx...


download xoftspy422 and install it then run it stop the scan and click on scan settings tick every box and click on where it says >> click here to select a folder then tick the (c) thats your hard drive if you have 2 hard drives tick the 2 of them then click ok
then click start when the scan is done click on remove tab


2: ewido anti spyware
ewido anti-spyware 4.0.172 plus
http://www.grisoft.com/doc/10/lng/us/tpl...


3:
zoneAlarm internet security suite all in one firewall/anti virus/anti spyware,email spam junk block,, zonealarm internet security suite anti virus protection
Continually and automatically searches for, finds, and removes viruses and other malicious software as you search on the internet,in a single, powerful operation.stoping it ever reaching your pc in the frist place,

when on the home page click on
home and office
and click on
try now
zoneAlarm internet security suite
then click on download
zoneAlarm internet security suite

set the anti virus/anti spyware to full system scan
zoneAlarm internet security suite
all in one firewall / anti virus/ anti spyware
no1 auto virus killer that will kill off a virus
as the virus try to download on to your system
when you open your explorer firefox / any browser, and search on the net
there are virus on websire that will auto download
this all in one firewall/anti virus/anti spyware
will kill the download link fast and auto kill the virus
http://www.zonelabs.com/store/content/home.jp





now Symantec?
frist we have avg anti virus mess up now ,we
have Symantec,anti virus, Symantec?as in wow the big norton has made a right mess of things now so its avg anti virus& the big one Symantec/norton, this makes me laugh ,people put out a came that avg & Symantec. norton,are the best, lol

2006-09-18 08:41:21 · answer #6 · answered by Anonymous · 0 1

go to http://www.kaspersky.com and run their online scan with extended deffinitions. Nortons has been lacking in recent years with their quality of program. They used to be #1, now they are #3.

2006-09-18 08:35:34 · answer #7 · answered by Anonymous · 1 0

do yourself a favor, I read all the other answers just go here


http://www.sophos.de/security/analyses/w32brontokj.html

2006-09-18 08:42:32 · answer #8 · answered by Anonymous · 1 0

fedest.com, questions and answers