virus ??!??!?!?!?

Question

ok i cleaned this virus before now it came back i keep sscaneing my computer and removeing everything it keeps comeing back i think its some kind of malware and everytime i try 2 disable system restore it says the operation has been canccelled due to restrictions on effect on this computer please contact computer adminstrator wat should i do

Answer 1

You may have a rootkit virus. They can regenerate themselves because they are embedded IN YOUR OPERATING SYSTEM.

This is an answer I previously posted to a similar problem.

- - - -
Best Answer - Chosen by Asker

The first question is, how do you know you have Hacktool?

Most rootkits are stealthy; they only get active when you access a secured website such as online banking. Then, surreptitiously, they transmit you login ID and password to someplace like Russia. Goodbye bank account.

If you think you have a rootkit AND if you used the internet recently to access secure websites, then examine your HISTORY.

For IE, click the icon which looks like a sundial. For other browsers try Ctrl-H.

When you roll your mouse cursor over a history link, you should see the complete path. A path could even show the URL for the secure website, your login ID, and your password, all embedded in one big link.

Copy the offending link. Use Tools > Internet Options > Security > Restricted Sites to block access to that web address.

Notify your banks or credit cards that your security has been hacked and CHANGE YOUR PASSWORDS.

I developed my own rootkit blocking system.

The problem is that you kill it, then it reappears everytime you boot. You can never completely kill it.

I'll break it down.
1) Whenever a virus emerges, it creates specific files, usually in the Windows\System32 directory but they could be in several places.
2) Run a program like Spybot. Carefully log the complete file name and path of the files that Spybot removes.
3) CREATE A FAKE FILE TO OCCUPY THE EXACT LOCATION OF EACH INFECTED FILE. Take a word processor such as notepad. To illustrate, make a file called FakeFile.txt with a line of text like "This is my rootkit blocking system".
4) Copy the Fakefile to each subdirectory where the infected file was located. Example: c:\Windows\System32\Fakefile.t...
5) Make as many copies of Fakefile.txt as you need.
6) RENAME each Fakefile.txt to the exact name of the infected file. Example: Rename Filefile.txt to BadVirus.exe .
7) Change the properties to Read Only.

You may need to unlock the infected file before you can delete, rename, etc. I use a shareware program called Unlocker.

http://www.softpedia.com/get/system/syst...

You may have better results by Safe Booting, I prefer Unlocker.

Why does this system work? Because most rootkits create the same file names in the same locations, over and over.
When they see an existing file, they don't think to write over it or create an alternate file name

Simple and effective, BUT you may need to go one step farther. Find a program called HijackThis and find a website that will analyze the HijackThis log.

You post the log. They tell you how to fix the problem. You may have to remove registry keys.

Here's a simple tip for using my blocking system. Rename the fakefile using a distinctive combination of upper and lower case characters. Your blocking version might be named bAdViRUS.eXE . That way, you will know it's yours and not the original.

Good luck.
- CarlD

Answer 2

That used to be scareware urging you to hit its internet site. Since you went there, it is going to now have downloaded a few truly malware. It's now time for a few truly scans. If you could have an anti-virus, ensure it has the trendy virus definitions and run a test with it in Safe Mode or Safe Mode with Networking. That probably prevents malware from protective itself. If you don’t have one, many persons right here swear through AVG (it’s unfastened). I propose you additionally down load Ad-Aware Free and Spybot S&D (they’re unfastened), set up them, replace them and run them, once more in Safe Mode With Networking. Also, flip off System Restore to evict any copies of dangerous stuff that perhaps lurking there. To get into Safe Mode or Safe Mode with Networking: one million. Log out and reboot your desktop. two. When the desktop begins the reboot series, press the F8 key routinely. three. Select Safe Mode or Safe Mode with Networking from the ensuing menu. four. Login. If the malware has transformed your password, take a look at logging in as Administrator. By default, Administrator has no password. five. The desktop will retain booting, however the Windows computer will appear one of a kind. 6. When you are completed doing what you have got to do, sign off and reboot again into average mode. Note that although the anti-malware methods do away with the malware, they might not be capable to opposite the results. Search the Web for feasible fixes. Update and run the whole thing generally, now not simply whilst you feel you have already got malware. Good success.

Answer 3

delete temp internet files try to delete virus in safe mode try add / remove in control panel first then try looking in the registry but be carefull
Try a site called hijack this it may help you find what you have to see what it calls itself to help you find it. Only disable system restore for a trojan as a last resort.

Answer 4

When that happens to me I restore to an earlier date. Hope this helped.

Answer 5

Try http://tipsfromruby-internetsecurity.blogspot.com/ for further help to keep your computer protected with regular virus protection and other related updates and news .