Jump to content


Photo
- - - - -

Virus removal


  • Please log in to reply
26 replies to this topic

#1 nails

nails

    The furniture

  • Regulars
  • 4578 posts

Posted 24 July 2006 - 02:19 PM

I keep getting a popup with words to the effect of -

Has you PC been running slow lately? get winfix now..

i am behind a belkin router (DMZ is not enabled thus no ping response)
antivir
windows defender
adaware
noadware
spybot search and destroy

the problem however seems to be deep within the hidden directory called `system volume restore` but how the hell can i access it when windows has it for exclusive use?

something is letting these little blighters in..

#2 bangkokfred

bangkokfred

    Junior Member

  • New Members
  • 12 posts

Posted 24 July 2006 - 02:37 PM

Right click on my computer then click properties then system restore. Turn system restore off reboot run a virus check then turn Sys Restore back on solved.

#3 Guest_altharic_*

Guest_altharic_*
  • Guests

Posted 24 July 2006 - 05:31 PM

Nice mal ware try this to get rid

http://www.symantec....2151-99&tabid=3

alth

#4 eddiec

eddiec

    Member

  • New Members
  • Pip
  • 214 posts

Posted 24 July 2006 - 06:01 PM

If you want some real fun with Symantecs' NAV2006, NAVAPW32.EXE
and CCAPP.EXE both want to "phone home" via port 25 (SMTP) - eff knows
what information it's sending and, of course, they don't want to provide any
form of explanation.

Also CCAPP.EXE, listed as Symantec User Session under Zone Alarm Pro,
opens port 1030.

Be wary of this pos software/look for alternatives.

#5 ady

ady

    The furniture

  • Moderators
  • 14204 posts

Posted 24 July 2006 - 06:05 PM

If you want some real fun with Symantecs' NAV2006, NAVAPW32.EXE
and CCAPP.EXE both want to "phone home" via port 25 (SMTP) - eff knows
what information it's sending and, of course, they don't want to provide any
form of explanation.

Also CCAPP.EXE, listed as Symantec User Session under Zone Alarm Pro,
opens port 1030.

Be wary of this pos software/look for alternatives.



Whaaaaaaa port 1030 gulp thats the channel I use for Po


**edit..sorry for some strange reason my line was cut?**

#6 jamesb99_1999

jamesb99_1999

    Designed Layabout

  • New Members
  • PipPipPipPipPip
  • 2176 posts

Posted 24 July 2006 - 06:25 PM

Download Spybot Search and Destroy off Download.com. It picks up all the spyware virus programmes miss and is free - I always run this every day it's very good.
J<br /><br /><br /><br />A man

#7 ady

ady

    The furniture

  • Moderators
  • 14204 posts

Posted 24 July 2006 - 08:26 PM

Whatever is tried you must do as bangkokfred said (hmmm bit similar to right said fred that!) and turn off System restore, i'd also scan offline.

Run any software you use and if your system is stable turn it back on and create a new restore point and delete all others....it's then a good idea to redo it from step One.

#8 Guest_altharic_*

Guest_altharic_*
  • Guests

Posted 24 July 2006 - 08:40 PM

I always go one better and kill system restore its a good idea in theory then again in theory communism works. ;)

alth

#9 eddiec

eddiec

    Member

  • New Members
  • Pip
  • 214 posts

Posted 24 July 2006 - 08:53 PM

System Restore is good to make a checkpoint before you apply
those MS Beta windows updates ;)
(Unless you have a ghost image of your box available so that you can
get running quickly)

#10 Guest_altharic_*

Guest_altharic_*
  • Guests

Posted 24 July 2006 - 09:18 PM

If you run beta software your asking for trouble to begin with lets be honest the released M$ aint that hot let alone the beta versions I keep a slipstream up to date here in case of f*** ups that way I can unattended install it and I am away.

alth

#11 bangkokfred

bangkokfred

    Junior Member

  • New Members
  • 12 posts

Posted 24 July 2006 - 09:50 PM

Whatever is tried you must do as bangkokfred said (hmmm bit similar to right said fred that!) and turn off System restore, i'd also scan offline.

Run any software you use and if your system is stable turn it back on and create a new restore point and delete all others....it's then a good idea to redo it from step One.



im too sexy for my shirt

#12 stanmarsh14

stanmarsh14

    Sado-masochist

  • Gold Supporters
  • 3120 posts

Posted 24 July 2006 - 10:03 PM

Bit of a long shot this but the said malware could also contain a trojan compoent which in most cases is near enough dam impossible to remove.

Howeither you could possibaly try a specilist trojan cleaner called: The Cleaner

http://www.moosoft.com/

Comes with a free 30 day trial & if you are like me you can probs find a cough cure if you want to use it past the 30 day trial

Also would recommend the Stinger anti-virus tool from McAfee to be used with the above:

http://vil.nai.com/vil/stinger/

#13 nails

nails

    The furniture

  • Regulars
  • 4578 posts

Posted 25 July 2006 - 12:22 AM

turning off the system restore did the trick - many thanks to all replys.

what i dont understand, is that while running with a virus killer, 3 adware removal programs, spybot, a software and a hardware firewall - the malicious software still gets through...

#14 nails

nails

    The furniture

  • Regulars
  • 4578 posts

Posted 25 July 2006 - 09:54 AM

nope - back to normal

antivir and windows defender just pickedup on `surfsidekick` trying to install itself. bummer. what next?

#15 Magz

Magz

    Senior Member

  • Regulars
  • 887 posts

Posted 25 July 2006 - 10:04 AM

You should probably check c:windowsprefetch. My guess is that it has put itself in there so that once you restart windows it re-infects (or tries to).
You can safely remove the contents of this folder.

#16 nails

nails

    The furniture

  • Regulars
  • 4578 posts

Posted 25 July 2006 - 09:55 PM

3 days later and i`ve finally removed the little blighter. i had 3 infected files in my windows/system32 that were -

stutv.bak2
stutv.ini
vtuts.dll

all 3 files were -h hidden files, and windows would not let me delete them. finally i used my xp install disk to let my use the recovery console. i listed all the hidden files and deleted them manually. job done and thread ended..

to think that subscription virus killers were unable to delete the files either, only spot them.

#17 Guest_altharic_*

Guest_altharic_*
  • Guests

Posted 25 July 2006 - 10:34 PM

Ok another approach............Nlite

In all my installs the only thing that should be on C: is an operating system.

get http://www.nliteos.com/

Backup emails (if you have to and docs if you are silly enough to leave em on C)

Integrate all drivers for your PC make the f***er bootable

check out the unattended install option and fill it all out.

Jobs a good un

alth

#18 Toddyuk

Toddyuk

  • Layout Creator
  • PipPipPipPip
  • 1279 posts

Posted 25 July 2006 - 11:23 PM

Its times like this reading this thread i realize i know fcuk all about pcs :confused:

Woooosh straight over my head ......
Posted Image

#19 mangolio

mangolio

    Member

  • New Members
  • PipPip
  • 429 posts

Posted 26 July 2006 - 08:40 PM

something is letting these little blighters in..


You dont go on any "adult entertainment" sites do you nails? lol
I used to be schitzophenic but were ok now.
http://www.myspace.com/andysquire

#20 Guest_altharic_*

Guest_altharic_*
  • Guests

Posted 26 July 2006 - 09:37 PM

A popular misconception is that you pick up viruses from porn sites there are those malicious sites but then again there are legit sites also sadly this malware is just a parasite and its shit luck he got it probably. I personally would like to go to the house of the shitbag that wrote that f*****g winfixer popup and go in dry without so much as spit for lube, somehow I managed to see that f*****g pop up even on linux I got a message to the effect of 'this site just tried to install an activex aplet and I told it to get f***ed'........ gotta love linux pity its a f***er to get 64bit drivers (more so than windows)

And to ToddyUK everyone no matter what they know now, started off as a noob, even Einstein keep a back up of your stuff and experiment if you kill it restore the back up, its the best way of learning lost count of the times I said 'f*** I aint doing that again' ;)

alth

PS If any folks do have an IT problem feel free to pm me (or post a thread) if I can help I will I've already helped a few round here in the past I aint as bigger c*** as I come across as ;)




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users