Hi,
well.. i was on my messenger and i got a a virus. I know where it is.. but it is write-protected.
It is deffenetly a virus, because it is only since it has 'appeared' that i have been getting the alerts. The virus is made to spread, it sends automatic msg's threw my messenger to all my contacts spreading the virus. It is automaticaly hidden (i found it and un-hide it), but if you delete the file within it it automaticaly replace's itself. I cannot delete the folder itself because of "write-protection". I am deffenetly not using it as far as i know, as i have closed all my programs.
* picture: http://img488.imageshack.us/img488/7126/deletebs5.jpg
Please if anyone could help me i would be very grateful as this virus is slowing down my computer and stopping me from going on messenger (yahoo&msn).
/Paul J
2007-06-08 08:16:23 · 6 answers · asked by Anonymous in Computers & Internet ➔ Other - Computers
*Spybot Search and destroy didnt find. Nortan didnt find. Panda Plat' didnt find.
2007-06-08 08:18:17 · update #1
Since you have already run a Norton and Spybot S&D scan, you can skip those steps. If you cannot rid of the malware, try doing them in Safe Mode. If that still doesn't get rid of it, you can go to a free tech group (a few are listed at the bottom) where they specialize in manual malware removal.
Firstly update and run your anti-virus product. You can also run a free online scan as well as some malware can actually corrupt or disable your resident security products. Here are a few online scans you can run:
Trend - http://housecall.trendmicro.com/
Panda - http://www.pandasoftware.com/products/ActiveScan.htm
Norton - http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
Second download, update and run scans using the following products:
SuperAntispyware
http://superantispyware.com/
Spybot S&D (free version requires manual updating)
http://www.safer-networking.org/en/download/
AVG AntiSpyware
http://free.grisoft.com/doc/20/lng/us/tpl/v5
Adaware from Lavasoft (free version requires automatic updating)
http://www.lavasoftusa.com/products/ad-aware_se_personal.php
(These programs can be run in Safe Mode after downloading and updating)
Third, after cleaning your system, disable System Restore, reboot and re-enable System Restore when you log back on. This will clear the malware that may still be lurking in System Restore, which could be reinstalled should you need to rollback at some point. Additionally, a reboot may be required to complete the malware removal process.
Lastly, you may also want to install the following tool. It is free and requires you to check for and enable updates manually once a week or so. It uses no system resources.
SpywareBlaster (inoculates, not a spyware removal tool)
http://www.javacoolsoftware.com/spywareblaster.html
================================
If you cannot get it removed after the above, you may want to join a tech group that specializes in providing manual instructions on malware eradication.
Free technical help forums
AumHa Forums
http://aumha.net/index.php
Bleeping Computers
http://www.bleepingcomputer.com/forums/
Spybot S&D Forums
http://forums.spybot.info/
Lavasoft Forums
http://www.lavasoftsupport.com/
Spyware Info Forums
http://forums.spywareinfo.com/index.php?showtopic=79038
GeekstoGo
http://www.geekstogo.com/forum/forums.html
2007-06-08 08:22:10 · answer #1 · answered by MLM 7 · 0⤊ 0⤋
Hit Ctrl+Alt+Del and look for the file running in your 'processes' tab. It should just say lsass.exe. What I would do also is run in cmd.exe:
tasklist.exe /svc
Which will show you a list of all operations the computer is runnning under the guise of svchost.
One note to the wise: This file CAN be a legitatite windows security file. If Spybot and Norton didn't take care of it, I would try Microsoft's Malicious Software Removal Tool here:
http://www.microsoft.com/security/malwareremove/default.mspx
To see if it is a legit version.
Otherwise, you can try and run in Safe Mode and see if the file is not loaded, and then right-click, go into properties, and uncheck the "read-only" or "hidden" attribute and see if you can delete it.
Hope this helps!
2007-06-08 08:25:29 · answer #2 · answered by jazzpiano420 2 · 0⤊ 0⤋
Boot your computer in Safe Mode. That prevents the loading of anything but the essential files needed to start Windows. Once in Safe Mode you should be able to delete the file/folder. It is probably "protected" because it is being loaded during boot up and is "in use".
You get into Safe Mode by turning on the computer and immediately pressing the F8 key repeatedly until you get the screen that has the Safe Mode option.
2007-06-08 08:21:15 · answer #3 · answered by dewcoons 7 · 0⤊ 0⤋
First try going into safe mode and running a full virus scan
( on bootup of windows tap f5 or f8)
if not then
- if you are cable broadband or behind a router boot into safe mode With Networking - you will able to get on the internet
Run a free online virus scan with trend housecall
http://housecall.trendmicro.com/
If you have dsl or dialup and cannot do that you can try the
online scan regular start
still ....
uninstall Norton ( you can only have one antivirus program at a time)
reboot
install avg
http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10695030.html?tag=lst-0-1
make sure that you do the updates
run a full virus scan in safe mode if possible
another one to try
http://www.download.com/Kaspersky-Anti-Virus/3000-2239_4-10642658.html?tag=lst-0-2
Inerestingly enough I was in a similar situation as you.
I was not a fan of avg. Avg was the only product that found and removed the last vestiges of the virus ( which were reinstalling it )
Lastly it might be a good idea to get a router even if you only have one computer
Next try nod32
http://www.download.com/NOD32-Standard-Version-Windows-NT-2000-XP-/3000-2239_4-10475647.html?tag=lst-0-1
2007-06-08 08:35:01 · answer #4 · answered by billys_office 5 · 0⤊ 0⤋
Try fighting it in Safe Mode With Networking: 1. Log out and reboot your machine. 2. When the machine starts the reboot sequence, press the F8 key repeatedly. 3. Select Safe Mode with Networking from the resulting menu. 4. Login. If the malware has changed your password, try logging in as Administrator. By default, Administrator has no password. 5. The machine will continue booting, but the Windows desktop will look different. 6. When you're finished doing what you need to do, log out and reboot back into normal mode. Good luck.
2016-05-20 01:53:00 · answer #5 · answered by ? 3 · 0⤊ 0⤋
The problem is not that the folder is "write protected" it's that you cannot delete a folder while a file that is inside the folder is currently in use.
Boot into safe mode, delete the folder, run your virus scans again.
2007-06-08 08:20:31 · answer #6 · answered by Bjorn 7 · 0⤊ 0⤋
ctrl + alt + del go to your processes and delete the virus process from there. also if you aren't sure what each process is, check them with www.liutilities.com
2007-06-08 08:21:49 · answer #7 · answered by Joe V 3 · 0⤊ 0⤋