Virus removal
Started by nails, Jul 24 2006 02:19 PM
26 replies to this topic
#1
Posted 24 July 2006 - 02:19 PM
I keep getting a popup with words to the effect of -
Has you PC been running slow lately? get winfix now..
i am behind a belkin router (DMZ is not enabled thus no ping response)
antivir
windows defender
adaware
noadware
spybot search and destroy
the problem however seems to be deep within the hidden directory called `system volume restore` but how the hell can i access it when windows has it for exclusive use?
something is letting these little blighters in..
Has you PC been running slow lately? get winfix now..
i am behind a belkin router (DMZ is not enabled thus no ping response)
antivir
windows defender
adaware
noadware
spybot search and destroy
the problem however seems to be deep within the hidden directory called `system volume restore` but how the hell can i access it when windows has it for exclusive use?
something is letting these little blighters in..
#2
Posted 24 July 2006 - 02:37 PM
Right click on my computer then click properties then system restore. Turn system restore off reboot run a virus check then turn Sys Restore back on solved.
#3 Guest_altharic_*
Posted 24 July 2006 - 05:31 PM
#4
Posted 24 July 2006 - 06:01 PM
If you want some real fun with Symantecs' NAV2006, NAVAPW32.EXE
and CCAPP.EXE both want to "phone home" via port 25 (SMTP) - eff knows
what information it's sending and, of course, they don't want to provide any
form of explanation.
Also CCAPP.EXE, listed as Symantec User Session under Zone Alarm Pro,
opens port 1030.
Be wary of this pos software/look for alternatives.
and CCAPP.EXE both want to "phone home" via port 25 (SMTP) - eff knows
what information it's sending and, of course, they don't want to provide any
form of explanation.
Also CCAPP.EXE, listed as Symantec User Session under Zone Alarm Pro,
opens port 1030.
Be wary of this pos software/look for alternatives.
#5
Posted 24 July 2006 - 06:05 PM
If you want some real fun with Symantecs' NAV2006, NAVAPW32.EXE
and CCAPP.EXE both want to "phone home" via port 25 (SMTP) - eff knows
what information it's sending and, of course, they don't want to provide any
form of explanation.
Also CCAPP.EXE, listed as Symantec User Session under Zone Alarm Pro,
opens port 1030.
Be wary of this pos software/look for alternatives.
Whaaaaaaa port 1030 gulp thats the channel I use for Po
**edit..sorry for some strange reason my line was cut?**
#6
Posted 24 July 2006 - 06:25 PM
Download Spybot Search and Destroy off Download.com. It picks up all the spyware virus programmes miss and is free - I always run this every day it's very good.
J<br /><br /><br /><br />A man
#7
Posted 24 July 2006 - 08:26 PM
Whatever is tried you must do as bangkokfred said (hmmm bit similar to right said fred that!) and turn off System restore, i'd also scan offline.
Run any software you use and if your system is stable turn it back on and create a new restore point and delete all others....it's then a good idea to redo it from step One.
Run any software you use and if your system is stable turn it back on and create a new restore point and delete all others....it's then a good idea to redo it from step One.
#8 Guest_altharic_*
Posted 24 July 2006 - 08:40 PM
I always go one better and kill system restore its a good idea in theory then again in theory communism works.
alth
alth
#9
Posted 24 July 2006 - 08:53 PM
System Restore is good to make a checkpoint before you apply
those MS Beta windows updates
(Unless you have a ghost image of your box available so that you can
get running quickly)
those MS Beta windows updates
(Unless you have a ghost image of your box available so that you can
get running quickly)
#10 Guest_altharic_*
Posted 24 July 2006 - 09:18 PM
If you run beta software your asking for trouble to begin with lets be honest the released M$ aint that hot let alone the beta versions I keep a slipstream up to date here in case of f*** ups that way I can unattended install it and I am away.
alth
alth
#11
Posted 24 July 2006 - 09:50 PM
Whatever is tried you must do as bangkokfred said (hmmm bit similar to right said fred that!) and turn off System restore, i'd also scan offline.
Run any software you use and if your system is stable turn it back on and create a new restore point and delete all others....it's then a good idea to redo it from step One.
im too sexy for my shirt
#12
Posted 24 July 2006 - 10:03 PM
Bit of a long shot this but the said malware could also contain a trojan compoent which in most cases is near enough dam impossible to remove.
Howeither you could possibaly try a specilist trojan cleaner called: The Cleaner
http://www.moosoft.com/
Comes with a free 30 day trial & if you are like me you can probs find a cough cure if you want to use it past the 30 day trial
Also would recommend the Stinger anti-virus tool from McAfee to be used with the above:
http://vil.nai.com/vil/stinger/
Howeither you could possibaly try a specilist trojan cleaner called: The Cleaner
http://www.moosoft.com/
Comes with a free 30 day trial & if you are like me you can probs find a cough cure if you want to use it past the 30 day trial
Also would recommend the Stinger anti-virus tool from McAfee to be used with the above:
http://vil.nai.com/vil/stinger/
#13
Posted 25 July 2006 - 12:22 AM
turning off the system restore did the trick - many thanks to all replys.
what i dont understand, is that while running with a virus killer, 3 adware removal programs, spybot, a software and a hardware firewall - the malicious software still gets through...
what i dont understand, is that while running with a virus killer, 3 adware removal programs, spybot, a software and a hardware firewall - the malicious software still gets through...
#14
Posted 25 July 2006 - 09:54 AM
nope - back to normal
antivir and windows defender just pickedup on `surfsidekick` trying to install itself. bummer. what next?
antivir and windows defender just pickedup on `surfsidekick` trying to install itself. bummer. what next?
#15
Posted 25 July 2006 - 10:04 AM
You should probably check c:windowsprefetch. My guess is that it has put itself in there so that once you restart windows it re-infects (or tries to).
You can safely remove the contents of this folder.
You can safely remove the contents of this folder.
#16
Posted 25 July 2006 - 09:55 PM
3 days later and i`ve finally removed the little blighter. i had 3 infected files in my windows/system32 that were -
stutv.bak2
stutv.ini
vtuts.dll
all 3 files were -h hidden files, and windows would not let me delete them. finally i used my xp install disk to let my use the recovery console. i listed all the hidden files and deleted them manually. job done and thread ended..
to think that subscription virus killers were unable to delete the files either, only spot them.
stutv.bak2
stutv.ini
vtuts.dll
all 3 files were -h hidden files, and windows would not let me delete them. finally i used my xp install disk to let my use the recovery console. i listed all the hidden files and deleted them manually. job done and thread ended..
to think that subscription virus killers were unable to delete the files either, only spot them.
#17 Guest_altharic_*
Posted 25 July 2006 - 10:34 PM
Ok another approach............Nlite
In all my installs the only thing that should be on C: is an operating system.
get http://www.nliteos.com/
Backup emails (if you have to and docs if you are silly enough to leave em on C)
Integrate all drivers for your PC make the f***er bootable
check out the unattended install option and fill it all out.
Jobs a good un
alth
In all my installs the only thing that should be on C: is an operating system.
get http://www.nliteos.com/
Backup emails (if you have to and docs if you are silly enough to leave em on C)
Integrate all drivers for your PC make the f***er bootable
check out the unattended install option and fill it all out.
Jobs a good un
alth
#19
Posted 26 July 2006 - 08:40 PM
something is letting these little blighters in..
You dont go on any "adult entertainment" sites do you nails? lol
I used to be schitzophenic but were ok now.
http://www.myspace.com/andysquire
http://www.myspace.com/andysquire
#20 Guest_altharic_*
Posted 26 July 2006 - 09:37 PM
A popular misconception is that you pick up viruses from porn sites there are those malicious sites but then again there are legit sites also sadly this malware is just a parasite and its shit luck he got it probably. I personally would like to go to the house of the shitbag that wrote that f*****g winfixer popup and go in dry without so much as spit for lube, somehow I managed to see that f*****g pop up even on linux I got a message to the effect of 'this site just tried to install an activex aplet and I told it to get f***ed'........ gotta love linux pity its a f***er to get 64bit drivers (more so than windows)
And to ToddyUK everyone no matter what they know now, started off as a noob, even Einstein keep a back up of your stuff and experiment if you kill it restore the back up, its the best way of learning lost count of the times I said 'f*** I aint doing that again'
alth
PS If any folks do have an IT problem feel free to pm me (or post a thread) if I can help I will I've already helped a few round here in the past I aint as bigger c*** as I come across as
And to ToddyUK everyone no matter what they know now, started off as a noob, even Einstein keep a back up of your stuff and experiment if you kill it restore the back up, its the best way of learning lost count of the times I said 'f*** I aint doing that again'
alth
PS If any folks do have an IT problem feel free to pm me (or post a thread) if I can help I will I've already helped a few round here in the past I aint as bigger c*** as I come across as
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users