I scan with Avast Anti-virus, Spybot, and Spyhunter. Avast always finds the trojan and supposedly fixes the problem... but it keeps coming back. Every time I restart the computer I get a warning about it. It does this even when I restart the computer without even going on any websites, so I know I'm not getting it from any sites, Is it just hanging around? Is something else making it come back? Please help... I've had to restore my computer TWICE in the last two months because of trojans. All of my security settings are on 'high', so I don't know why I keep getting these things!
2007-06-30 06:37:31 · 3 answers · asked by piratewench 5 in Computers & Internet ➔ Security
Try the following
Turn off SYSTEM RESTORE
Run Spybot AND Adaware (links below)
Run a FULL AV Scan too
Only once system is clean and the trojan does NOT return do you re enable system restore.
Also make sure you have DELETEED the files from the Avast chest.
- - - -
I'd reccomend these 2, run each in turn
ADAWARE fro www.lavasoftusa.com (Free personal version)
also SPYBOT S&D from www.spybot.org (Again free for home use)
Also worth having in toolbox is CCLEANER from www.ccleaner.com again a free download, and a good general windows tidyup utility.
2007-06-30 06:42:10 · answer #1 · answered by stu_the_kilted_scot 7 · 1⤊ 0⤋
You are probably reinstalling the virus each time you do a System Restore. See below:
Malware may still be lurking in your system restore volumes so it would be in your best interests to disable system restore, reboot then re-enable system restore when you log back on. What this does is protects you from reloading the malware should you ever need to do a system restore.
Many anti-virus products cannot remove viruses from system restore thus the reason for clearing out possible infected points. For reference to this, see the link below:
Problems with System Restore
There are some problems associated with System Restore when it comes to viruses. When restore points are created they are stored in a directory that is accessible only to the System account and not to a user. This keeps the restore points safe from misuse and tampering. Unfortunately this also means that any virus scan software you may have installed can not scan the files located there as well. This causes a problem if a file that is infected with a virus gets backed up into a restore point because now the anti-virus software can not clean it. Now if you ever restore from a restore point, that file that is infected will be introduced back into your system.
http://www.bleepingcomputer.com/tutorials/tutorial56.html#problems
==================
If you do a system restore, you could lose a lot of information, not to mention that it is no guarantee of ridding yourself of malware. See the article below (first link) from a Microsoft MVP.
"System Restore should only be used after trying less comprehensive methods of troubleshooting. System Restore changes many files and registry entries, and in some cases might replace more files than you want restored."
The second link below is also from Microsoft. If you look through the Q&A, you'll see reference to the following
"System Restore does not completely uninstall any program if restoring to a point prior to the program installation. As System Restore is based on an inclusionary model, any files added or modified by the installation (which is not monitored by System Restore) or added to or modified in a non-monitored drive will not be tracked. To remove all changes an installation may have made to the system, the user should first use the Add/Remove option in the control panel to remove the application prior to using System Restore. System Restore will undo all recorded changes made to the registry and monitored files caused by the application install, including:
• Deleted or monitored files added to the system from the program installation
• Undo modifications to monitored files made by the installation
• Replacement of the current registry with the registry snapshot taken at the chosen restore point (some current values may persist)"
http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx
http://www.microsoft.com/technet/community/en-us/management/sysrestore_faq.mspx
2007-06-30 06:40:54 · answer #2 · answered by MLM 7 · 0⤊ 0⤋
Looks like a keylogger, it records everything you do on your computer then send that information to an email address. Reboot in safe mode and run a full system scan again. If you're getting infected a lot then you may want to get better antivirus, avast is good but there are better. I recommend NOD32, it's not free but it will keep your system clean. FYI on running system restore, it really doesn't do anything in terms of getting rid of viruses, because most of them copy themselves to your restore points. I would do a fresh install of windows, start over from scratch, install NOD32, and you'll be in better shape.
2007-06-30 06:47:11 · answer #3 · answered by Anonymous · 1⤊ 0⤋