right hello to start if ur a newb dont bother answerin my question??
right have a (type_Win32) virus
i also have zone alarm on my pc
this little bugger wont let me delete quarantine it or nothing it just comes up with an error message
i need help of the highest standard to get rid of this as i have reinstalled windows formatted hard drive de fragged the hard drive
and the b a s t a r d is still there
so please give me the best solution to get rid of this crap as i cant get rid of it
2007-12-20 07:55:45 · 8 answers · asked by nathan p 2 in Computers & Internet ➔ Security
Because you have formatted your hard drive your problem is coming from an external souce such as a CD/DVD or Flash Drive or even an External Drive. However, here is some help.
No antivirus or antispyware protection is perfect, not even the expensive ones but a good mixture will help you clean your system and hopefully keep it clean. It is advisable not to run two or more anti virus applications.
For starters, download, update and run a full scan using the following product:
http://www.superantispyware.com/
SuperAntiSpyware is exceptional and will remove the majority of difficult Trojans and Worms, not just the easy ones.
If possible it is recommended that you load the application in normal mode but run it in Safe Mode. Safe Mode can be started by continually pressing F8 during the boot sequence. However, if you are badly infected you might need to run SuperAntiSpyware more than once to help clean your system. If the only infections now being shown are in System Restore, once you are completely satisfied that you can boot normally, you can either delete the infected restore points manually, or temporarily turn off System Restore.
Next to get a grip of any snippets still left behind download & run SpyWareTerminator
http://www.spywareterminator.com
In addition download, update & run Avira. Unlike a lot of the free antivirus applications this will give you real time protection and is very quick to load at boot up.
http://www.avira.com
Assuming you have some real awkward infections and the suggestions above failed to totally clean your system I suggest you download a Smitfraud removal program from:
http://www.afterdawn.com/software/desktop_software/desktop_security/smitfraudfix.cfm
Again if possible run in Safe Mode.
And VundoFix:
http://vundofix.atribune.org/
Be advised that some infections will corrupt or disable your resident security products so for completeness I have listed a couple of online scans that may help you get started:
Panda - http://www.pandasoftware.com/products/Ac...
Trend - http://housecall.trendmicro.com/
Good luck & safe surfing.
wdw
2007-12-20 08:01:11 · answer #1 · answered by Who Dares Wins 7 · 3⤊ 0⤋
The most common type_WIN32 sector virus that is going around right now is the W32/Moridin-B virus.
It is capable of infecting Windows PE executables.
W32/Moridin-B drops a VBScript which emails the virus to all entries in the Microsoft Outlook address book. So if you are using it, do not use it for a few hours.
The virus also searches for open network shares and, if a suitable one is found, modifies the win.ini file and drops a copy of the virus.
W32/Moridin-B has limited backdoor Trojan capability, allowing some control of the infected computer across a network connection. The registry entry
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
is set to run the virus on startup. The registry entry
HKLM\SOFTWARE\CLASSES\exefile\shell\open\command
is set to execute the virus whenever an EXE file is run.
W32/Moridin-B enables autorun. Autorun.inf is dropped in the root folder and points to another copy of the virus. HTML files are modified to contain a link to another copy of the virus with the link text "Download".
HERE IS HOW TO FIX IT:
Restart the computer in Safe Mode. Go to Start|Shut Down. Select Restart from the drop down list and click OK. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu select the third option 'Safe Mode with Command Prompt'.
At the command prompt type
REGEDIT
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and remove any reference to any file that you deleted.
The virus will have added itself to this HKEY_CLASSES_ROOT entry
HKCR\exefile\shell\open\command\(default) =
delete only the path to the virus. Do not delete anything else.
After deleting the text the key should look like this
HKCR\exefile\shell\open\command\(default) = "%1" %*
Close the registry editor.
To remove the virus files, either use SAV32CLI from the Sophos CD or download an emergency copy of SAV32CLI on an uninfected computer, extract it and write it to CD.
At the infected computer, place the CD in the CD drive (D: in this example).
At the command prompt type
D:
to access the CD drive. If you are using the Sophos CD, type:
CD WIN32\I386\SAV32CLI
if you are using a SAV32CLI download disk, type:
CD SAV32CLI
Then type:
SAV32CLI -REMOVE -P=C:\LOGFILE.TXT
to remove the virus.
Edit Win.ini using SYSEDIT. Type
SYSEDIT
and bring Win.ini to the front. In the [windows] section, search for lines beginning with 'Run=' or 'Load=' and delete any references to the files you removed. Delete only that reference, not any other text.
Check the copy of Autorun.inf in the root folder and delete it if it contains a reference to the virus.
Reboot your computer.
Replace all useful HTML files that the virus infected from backups.
2007-12-20 08:02:31 · answer #2 · answered by Anonymous · 3⤊ 0⤋
You can run Trend Micro HouseCalls, and there is no conflict with your existing antivirus. You will have to download an active "X", that is 100% safe. And follow the instructions from their server and allow the server to perform a complete scan of your entire system. Can take upto one hour, depending on how many files/folders/memory,registry key and subsystem folders. The end results is that I am quite sure the virus will be found and destroyed. Plus will even destroy spyware.
http://housecall65.trendmicro.com/
Minddoctor, France
2007-12-20 08:28:06 · answer #3 · answered by MINDDOCTOR 7 · 1⤊ 0⤋
Defragging does not affect viruses it just reorganises you data on disk.
I would have thought it was impossible for a virus to survive a formatting of your hard drive, so you must have reinfected yourself. Did you copy some files back onto your hard drive after you reinstalled the OS?
The best thing to do is to Google the name of the virus and find out how to remove it.
2007-12-20 10:39:44 · answer #4 · answered by ray_diator 7 · 0⤊ 0⤋
Without knowing exactly what virus you have it's a little tricky to make suggestions, but, as has already been mentioned, you may find that the data that you are reloading on your PC is infected.
The only other thing that springs to mind is that it may be a 'boot sector' virus (that'll happily survive a format), try repartitioning the drives to sort those little suckers :)
HTH
2007-12-20 22:41:27 · answer #5 · answered by Mystery Customer 5 · 0⤊ 0⤋
Try restarting your computer in Safe Mode and run your AntiVirus program then. Formatting should have gotten rid of it, if it was done correctly.
2007-12-20 08:01:04 · answer #6 · answered by Anonymous · 2⤊ 0⤋
download Spybot Search & Destroy a free program im sure this will do the trick .....there are quite a few spybot programs so be careful it must say " Spybot Search & Destroy " good luck
2007-12-20 08:48:47 · answer #7 · answered by John de B 1 · 0⤊ 0⤋
do your scans in safe mode ,with your internet unpluged ,delete the bug ,restart he will be gone..restart again with net pluged in .this is one of these bugs that reloads with your net on boot.
2007-12-21 13:20:56 · answer #8 · answered by Anonymous · 0⤊ 0⤋