68 {{ upvoteCount | shortNum }}
68 {{ upvoteCount | shortNum }}

Someone Please Help Me Remove This Thing From My PC!

by Sumit Menon
55 replies
  • OFF TOPIC
    • |
Whenever I do a search on Google and click on a link, it redirects to some fullpageags[dot]info website.

I tried almost every free Malware removal tool out there but no luck. How do I remove this stupid thing?

Sumit.
  • Profile picture of the author Kurt
    Try this next:
    Free ESET Online Antivirus Scanner
    Signature
    Discover the fastest and easiest ways to create your own valuable products.
    Tons of FREE Public Domain content you can use to make your own content, PLR, digital and POD products.
    {{ DiscussionBoard.errors[3434670].message }}
  • Profile picture of the author KimW
    Did you try malwarebyte the way I tell people to?
    Signature

    Read A Post.
    Subscribe to a Newsletter
    KimWinfrey.Com

    {{ DiscussionBoard.errors[3434682].message }}
  • Profile picture of the author Floyd Fisher
    Do an online scan at Symantec (it's free), and report your results.

    Your symptoms could be a lot of different types of malware...so I need to know which one before I can help with the removal.
    {{ DiscussionBoard.errors[3435592].message }}
  • Profile picture of the author l23bc
    Download AVG 9.0 | AVG UK the new avg software rocks
    try that
    Signature

    No Link here or Nothing to Promote Just a Old Happy Warrior User reading Topics

    {{ DiscussionBoard.errors[3435674].message }}
  • Profile picture of the author HeySal
    Sumit - the stuff people are telling you to use will get rid of the trojans but what is happening is there is a rootkit that is being dropped on computers - I'm not sure how it's getting in. I have more defense on this computer than a military base and it still got into mine. Once it is in it loads the trojans on your system so you can take them off and they are just reloaded by the rootkits. So while some of the better anti-spyware and anti-virus are getting the stuff the keyloggers are loading on your computer, they don't touch the keylogger.

    Clean off the trojans first - I used a boot scan with Avast and Malwarebytes (both free). When they continued to come back == here's what I used to get rid of the keylogger and it's also free:

    TDSSKILLER -- it's from Kapersky and was the ONLY thing I could find that would remove the keylogger. Just google "download tdsskiller" and it will take you straight there - make sure you are getting it off of Kapersky's site so you don't get a hacked download.

    HTH
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3435838].message }}
  • Profile picture of the author Patrician
    What you need is #1 a security program that has a shield so that nothing gets through it. These only work when they have automatic real-time updates because 15 minutes out of date you can be infected.

    #2 a router that blocks the ports that are not in use (which is where you are vulnerable to be infected by some of the most serious stuff). Go to Belkin - $100 and lifetime upgrades free.

    Most of the programs mentioned here are to remove something once you get it (if I am wrong forgive me I am not up to the minute either) - and they don't always work - as you can see.

    I am knock knock knocking on wood but in 25 years of having a PC at home I have never been infected with anything. I pay for security - it is not that expensive when you consider the consequences.

    For 5 years I have had very high risk behavior because I have to click all sorts of links from all over the globe to test domains and hosting for my client. In that there are many many demons who submit applications it is surprising none have been more malevolent than stalking (submitting invalid garbage once a week for two years and using a proxy so I can't block him. I will smash him with less guilt than if he was a bug if I ever find him).

    I still never caught anything so far - once in a while I get a little dialogue box that says my security just blocked something.

    So seriously you may wish to rethink your security if you catch something in spite of the fact you think you are safe. It ain't working.

    Even FireFox NO Script can protect you somewhat and in fact they are hyper-vigilant and they drive me nuts. You have to ask permission to click a link too often.

    (this is to Irony and Murphy) - this is not to say I will never have the misfortunes that seem so common around here, but of course I hope not.

    ... and of course I am sorry for your misfortune.
    Signature

    Patricia Brucoli
    Plug-In Profit Site Helpdesk

    {{ DiscussionBoard.errors[3437512].message }}
  • Profile picture of the author seasoned
    Patrician,

    I use too many things too many ways to worry about a lot of such things about ports. STILL, it sounds like sumit got at least part of a fakeantivirus program. That COULD be done with access to JUST port 80. You can't block port 80, because then you can't visit most websites.

    Sumit,

    There are 3 or 4 ways to do what is happening on your system. ONE is through vectors, and is complicated. It is likely most popular because it is the hardest to fix. ANOTHJER is to setup a proxy. Check tools/internet options/lan settings They also may have changed your start page or default search.

    Steve
    {{ DiscussionBoard.errors[3438092].message }}
    • Profile picture of the author Sumit Menon
      Originally Posted by Kurt View Post

      The page won't open. And since, I've been infected, I notice none of the pages on Anti-Virus sites open.

      Originally Posted by KimW View Post

      Did you try malwarebyte the way I tell people to?
      Yep.. Ran it twice. No luck.

      Originally Posted by l23bc View Post

      Download AVG 9.0 | AVG UK the new avg software rocks
      try that
      I already have Comodo installed. Do I switch AVs again??

      Originally Posted by HeySal View Post

      Sumit - the stuff people are telling you to use will get rid of the trojans but what is happening is there is a rootkit that is being dropped on computers - I'm not sure how it's getting in. I have more defense on this computer than a military base and it still got into mine. Once it is in it loads the trojans on your system so you can take them off and they are just reloaded by the rootkits. So while some of the better anti-spyware and anti-virus are getting the stuff the keyloggers are loading on your computer, they don't touch the keylogger.

      Clean off the trojans first - I used a boot scan with Avast and Malwarebytes (both free). When they continued to come back == here's what I used to get rid of the keylogger and it's also free:

      TDSSKILLER -- it's from Kapersky and was the ONLY thing I could find that would remove the keylogger. Just google "download tdsskiller" and it will take you straight there - make sure you are getting it off of Kapersky's site so you don't get a hacked download.

      HTH
      I tried three rootkit scanners. The Kaspersky one you mentioned, Trend Micro and AVG. Still no luck.

      Originally Posted by Patrician View Post

      What you need is #1 a security program that has a shield so that nothing gets through it. These only work when they have automatic real-time updates because 15 minutes out of date you can be infected.

      #2 a router that blocks the ports that are not in use (which is where you are vulnerable to be infected by some of the most serious stuff). Go to Belkin - $100 and lifetime upgrades free.

      Most of the programs mentioned here are to remove something once you get it (if I am wrong forgive me I am not up to the minute either) - and they don't always work - as you can see.

      I am knock knock knocking on wood but in 25 years of having a PC at home I have never been infected with anything. I pay for security - it is not that expensive when you consider the consequences.

      For 5 years I have had very high risk behavior because I have to click all sorts of links from all over the globe to test domains and hosting for my client. In that there are many many demons who submit applications it is surprising none have been more malevolent than stalking (submitting invalid garbage once a week for two years and using a proxy so I can't block him. I will smash him with less guilt than if he was a bug if I ever find him).

      I still never caught anything so far - once in a while I get a little dialogue box that says my security just blocked something.

      So seriously you may wish to rethink your security if you catch something in spite of the fact you think you are safe. It ain't working.

      Even FireFox NO Script can protect you somewhat and in fact they are hyper-vigilant and they drive me nuts. You have to ask permission to click a link too often.

      (this is to Irony and Murphy) - this is not to say I will never have the misfortunes that seem so common around here, but of course I hope not.

      ... and of course I am sorry for your misfortune.
      I know, I should be using paid security. But, what do you do... Parents just don't understand.

      Originally Posted by seasoned View Post

      Patrician,

      There are 3 or 4 ways to do what is happening on your system. ONE is through vectors, and is complicated. It is likely most popular because it is the hardest to fix. ANOTHJER is to setup a proxy. Check tools/internet options/lan settings They also may have changed your start page or default search.

      Steve
      Nope.. They haven't changed any browser settings. I think I'll run a scanner in Safe Mode now. Or I'll have to do a Windows reinstall.. I Don't Wanna Do A Reinstall!
      {{ DiscussionBoard.errors[3438223].message }}
      • Profile picture of the author seasoned
        Originally Posted by Sumit Menon View Post

        I know, I should be using paid security. But, what do you do... Parents just don't understand.
        I think what she was talking about, and what she DID mention, was PREVENTION. We have a saying in the us. It goes something like "That would be like locking the barn after the cows have left." Locking the barn is a GOOD idea, and can prevent loss, BEFORE you lose anything, but after it, it doesn't solve anything. Besides, as I said, it isn't perfect. If it were, COMPANIES could prevent it, etc... THEY CAN'T!

        The problem with Windows is that you can run/load activeX objects, etc... HEY, that is used for shockwave, PDF, etc... Windows TRIED to fix this a LITTLE with XP SP2 AND, as many here can attest, MANY things BROKE! Even some executable ebook programs suddenly started FAILING! THEN they realized that they could not possibly do it, and decided, since windows VISTA, to ask the customer if it was ok. What the heck is IT? I mean windows does NOT say. So it is almost totally worthless, and it IS a nuisance, so some even disable it! APPLE made a JOKE of it in their commercials! So it WOULD have been a good idea if they made minor, for THEM, changes, and there weren't such a web of processes. But, the way they did it, it was really worthless.

        Nope.. They haven't changed any browser settings. I think I'll run a scanner in Safe Mode now. Or I'll have to do a Windows reinstall.. I Don't Wanna Do A Reinstall!
        Yeah, I said there was only a chance, They generally either use or create a vector to place their code in a certain spot. Even if they USE a vector, windows gives THEM the say over whether an uninstall feature is offered.

        If you do a reinstall, it will likeely NOT work unless you do it to another directory and THEN you will have to reinstall everything else. AND, if this IS a virus, or caused by one, running ANY program your system could have had access to could REINFECT your browser. THAT is why they are called viruses.

        Steve
        {{ DiscussionBoard.errors[3439422].message }}
      • Profile picture of the author Floyd Fisher
        Originally Posted by Sumit Menon View Post

        The page won't open. And since, I've been infected, I notice none of the pages on Anti-Virus sites open.



        Yep.. Ran it twice. No luck.



        I already have Comodo installed. Do I switch AVs again??



        I tried three rootkit scanners. The Kaspersky one you mentioned, Trend Micro and AVG. Still no luck.



        I know, I should be using paid security. But, what do you do... Parents just don't understand.



        Nope.. They haven't changed any browser settings. I think I'll run a scanner in Safe Mode now. Or I'll have to do a Windows reinstall.. I Don't Wanna Do A Reinstall!
        Summit:

        Try this for a quick fix:

        Virus Blocking Web Sites - Unable to download antivirus

        Then get your hide over to Symantec and get online scanned immediately on you find that is working.
        {{ DiscussionBoard.errors[3439777].message }}
        • Profile picture of the author tamarindcandy
          [DELETED]
          {{ DiscussionBoard.errors[3440470].message }}
          • Profile picture of the author seasoned
            Originally Posted by tamarindcandy View Post

            Back up your data and reformat. It's the only true, surefire way, and an OS reinstall doesn't take long nowadays. In the future, I'd suggest throwing on MS Security Essentials.
            OH YEAH, you're right!(SARC) The last time I reinstalled windows it only took me like two or three ******WEEKS*******! And it was never really 100%!

            The problem is NOT reinstalling the "O/S". The problem is that it is NOT really an "O/S" but a LOUSY "ENVIRONMENT". You can't just COPY the old programs, and EVEN M/S ACKNOWLEGES THAT! You have to REINSTALL THEM! What if that requires an internet connection and you hit your limit or it has failed. What if the software isn't sold anymore, and they don't support installs.

            HECK, some of the installs I have take HOURS! For ONE package! And some have an order in which they must be done. Teradata took hours, for example. There were like 15 packages that had to be installed in a certain order.

            Don't you LOVE these people that NEVER go past a few minor packages making this sound like it is NO BIG DEAL! HECK, I just upgraded, and am STILL migrating. Admittedly it has only been 5 days, and I AM reorganizing things, but like I installed apache and am still not sure why perl isn't running with it like I want. I got PHP working fine, but it is INCOMPATIBLE with some of the code, so...

            Steve
            {{ DiscussionBoard.errors[3441027].message }}
          • Profile picture of the author Floyd Fisher
            Originally Posted by tamarindcandy View Post

            Back up your data and reformat. It's the only true, surefire way, and an OS reinstall doesn't take long nowadays. In the future, I'd suggest throwing on MS Security Essentials.
            Bad advice....what if the file that started the infection is hiding in your data?

            If you must do a format and reinstall after this mess..throw everything away...and start fresh....and do this as a last resort only.
            {{ DiscussionBoard.errors[3445826].message }}
  • Profile picture of the author HeySal
    Has your government made any laws regarding limiting, blocking, or connectivity?
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3438517].message }}
  • Profile picture of the author ejb2059
    I've used Norton's live internet security for years and have had no issues .. One thing to be very careful of these days are emails and attachments .. Not long ago, I had a trojan "sneek" through my AOL account via an email I received from an old, trusted friend .. I immediately shut the account down, reset passwords, ran scans, etc..

    I've never ceased to marvel at these hackers who seemingly have nothing better to do with their lives than disrupt those of others ..

    In today's online enviroment, constant vigalence is the mantra
    Signature

    Reverend Ed
    Rev's Super Solo Ads
    Big Edz IM Safelist
    Big Edz Blue Sapphire Safe List

    {{ DiscussionBoard.errors[3439451].message }}
  • Profile picture of the author HeySal
    Steve what I was meaning was that maybe something was done externally of his computer to block surfing abilities. A lot of countries are dabbling with censorship now so that's one thing people in those countries have to consider if they can no longer access some sites. Not sure if that applies where Sumit is - been too busy watching out for what our own country's admin is trying to do.

    And I agree - prevention is always the best approach, but right now he's not needing prevention - he needs relief.

    Sumit - turn off your system restore, dump the files, then just make one restore point and turn it back off. Once you get whatever the problem is off your system, then go dump that restore point, make one more on the fixed system then turn restore off again. A LOT of these things are harboring in the system restore files and they just spread everywhere from there. Had to take care of that on my niece's computer for returning viruses just a few weeks ago. Can't figure out what the hell you might have if TDSSkiller won't remove it unless you have an open door for stuff somewhere that isn't getting shut down. Is your dcom shut off?

    If you have your OS disk can't you just do a "repair" run?

    If all else fails - you can go to Majorgeeks.com and run "Hijack This" on your computer and send them the report. They can tell you exactly what you need to do to fix it but it will take them a few days to get back to you.

    Whichever way you go, once you get that thing clean - get better security on it. I can give you a list of compatibles that will close up almost all holes on your computer and not cost you anything.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3440552].message }}
    • Profile picture of the author seasoned
      Originally Posted by HeySal View Post

      Steve what I was meaning was that maybe something was done externally of his computer to block surfing abilities. A lot of countries are dabbling with censorship now so that's one thing people in those countries have to consider if they can no longer access some sites. Not sure if that applies where Sumit is - been too busy watching out for what our own country's admin is trying to do.
      I KNOW that is what YOU were talking about. I was referring to his statement referring to patricians statement.

      And I agree - prevention is always the best approach, but right now he's not needing prevention - he needs relief.
      That was my point about the cows.

      Sumit - turn off your system restore, dump the files, then just make one restore point and turn it back off. Once you get whatever the problem is off your system, then go dump that restore point, make one more on the fixed system then turn restore off again. A LOT of these things are harboring in the system restore files and they just spread everywhere from there. Had to take care of that on my niece's computer for returning viruses just a few weeks ago. Can't figure out what the hell you might have if TDSSkiller won't remove it unless you have an open door for stuff somewhere that isn't getting shut down. Is your dcom shut off?
      A lot of this things are TOUGH! I went through using over a half dozen programs people suggested, including 2 or 3 YOU suggested, a few others, and even tried doing stuff MANUALLY. I FINALLY managed to do it, but I can take at least half the credit. It was difficult, and took days.

      If you have your OS disk can't you just do a "repair" run?
      I doubt it would work.

      If all else fails - you can go to Majorgeeks.com and run "Hijack This" on your computer and send them the report. They can tell you exactly what you need to do to fix it but it will take them a few days to get back to you.
      I DID go to majorgeeks, ran hijack this, etc.... It didn't help ME. Of course, I likely had something a bit different.

      Whichever way you go, once you get that thing clean - get better security on it. I can give you a list of compatibles that will close up almost all holes on your computer and not cost you anything.
      I had panda, and a friend had symantek, and we BOTH got infected with this garbage. He didn't have the same infection I did, but it took 1/2 a day to get his system usable.

      Steve
      {{ DiscussionBoard.errors[3441079].message }}
  • Profile picture of the author HeySal
    Steve - it's hard to tell what people are getting these days. There's a LOT of really intense garbage hitting us. The stuff I suggested works for the loaders that are being spread. They get into your system and drill a hole somehow that they can just keep downloading viruses. My computer is a virtual fortress and I got hit with one of those and for the life of me can't figure out where I left the hole, or if there is any way you even CAN patch all holes anymore.

    What I want to know is what the maniacs that are doing this to people see as their point to destroying so many home computers. They should be shot if found - anyone so sociopathic to do these kind of things is a danger to society.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3445946].message }}
    • Profile picture of the author rhinocl
      I suggest you take the compu ter to a professional. The last time I had a rootkit problem it took me 8 hours to remove it. There are computer professionals in the US who will remove viruses for $50 and give you advice on how not to get re-infected (they don't really make much money removing viruses-it is a loss leader). Viruses today can be a lot harder to remove than they used to be and some of them really require tools that only computer repair shops have. Ask yourself-can you earn $50 in less than 8 hours doing something else.
      Signature
      cheap search engine optimization
      {{ DiscussionBoard.errors[3445991].message }}
    • Profile picture of the author seasoned
      Originally Posted by HeySal View Post

      Steve - it's hard to tell what people are getting these days. There's a LOT of really intense garbage hitting us. The stuff I suggested works for the loaders that are being spread. They get into your system and drill a hole somehow that they can just keep downloading viruses. My computer is a virtual fortress and I got hit with one of those and for the life of me can't figure out where I left the hole, or if there is any way you even CAN patch all holes anymore.

      What I want to know is what the maniacs that are doing this to people see as their point to destroying so many home computers. They should be shot if found - anyone so sociopathic to do these kind of things is a danger to society.
      The stuff you suggested works for SOME of the stuff being spread. OH, your advice has been GREAT! It DOES help! I am NOT denying THAT. And THANK YOU! But it is FAR from a panacea. I can say that for a fact because I tried EVERYTHING you said and THEN some, and it FAILED! It HELPED! I managed to gain an advantage and eventually win, but it did NOT solve the problem by itself.
      {{ DiscussionBoard.errors[3446340].message }}
  • Profile picture of the author Mike Wright
    try googling for the term

    browser hijacker removal

    A couple of times lately, Avast has blocked Ebay pages with some evil PDF link
    embedded in sellers item pages.
    Did you know that in the Avast control panel, you can now specify the update
    checking frequency.

    Complacency and stupidity are your two biggest enemies. That is a fact which
    mostly is learned the hard way.
    Over a year or so ago, one of my daughters kept getting a load of viruses on
    her computer ...which "dad" had to sort out. I told her to junk whatever AV she had and get Avast installed. Then I got several more help me calls about new virus infections which puzzled me until I eventually asked if she was still using Avast.
    The answer was that she had not used it at all because one of her "expert" computer
    friends said she should continue to use AVG .... which had been letting all this crap
    through ...DOH! After a terse response from me, she then uninstalled AVG, installed
    Avast and has been safely surfing ever since ...and I have been able to have a life :0)

    If you do do a "clean" reinstall, dont rely on a Windows install to prepare your
    hard drive adequately. Use a DOS low level format utility to restore and re-initialise
    your hard drive to brand new raw manufacturer-supplied condition first. Takes a
    while but clears out crap and stuff that windows doesn't. THEN re-install Windoze.

    Take days to dig an infection out of your computer ..... or a morning to do a clean
    re-install ..... no contest imho.
    {{ DiscussionBoard.errors[3447000].message }}
    • Profile picture of the author Hesaidblissfully
      I had the search engine redirect issue going on a few weeks ago and here's what I did:

      1. Run SuperAntiSpyware (Free edition), remove any infections. Reboot.

      2. Run MalwareBytes Anti Malware, remove any infections. Reboot.

      3. Run TDSSkiller, remove any infections. Reboot.

      (All the above was done in Safe Mode, btw)

      4. Restore my computer to factory settings (wipes out all the data on your "C" drive, unfortunately).

      After the restore, everything works fine and no more rootkit infection or redirect issues.
      {{ DiscussionBoard.errors[3447234].message }}
    • Profile picture of the author seasoned
      Originally Posted by Mike Wright View Post

      try googling for the term

      browser hijacker removal

      A couple of times lately, Avast has blocked Ebay pages with some evil PDF link
      embedded in sellers item pages.
      Did you know that in the Avast control panel, you can now specify the update
      checking frequency.

      Complacency and stupidity are your two biggest enemies. That is a fact which
      mostly is learned the hard way.
      Over a year or so ago, one of my daughters kept getting a load of viruses on
      her computer ...which "dad" had to sort out. I told her to junk whatever AV she had and get Avast installed. Then I got several more help me calls about new virus infections which puzzled me until I eventually asked if she was still using Avast.
      The answer was that she had not used it at all because one of her "expert" computer
      friends said she should continue to use AVG .... which had been letting all this crap
      through ...DOH! After a terse response from me, she then uninstalled AVG, installed
      Avast and has been safely surfing ever since ...and I have been able to have a life :0)

      If you do do a "clean" reinstall, dont rely on a Windows install to prepare your
      hard drive adequately. Use a DOS low level format utility to restore and re-initialise
      your hard drive to brand new raw manufacturer-supplied condition first. Takes a
      while but clears out crap and stuff that windows doesn't. THEN re-install Windoze.

      Take days to dig an infection out of your computer ..... or a morning to do a clean
      re-install ..... no contest imho.
      Actually, a LOW level format(the type that actually realigns all block boundrys, etc... and all but obliterates all info) now often takes a ***LONG*** time, everyone recommends against it, and I don't believe there is a common interface for it. People haven't had to do it for like DECADES! I remember how long it could take with a couple dozen MEGAbytes! IMAGINE how long a TERABYTE would take. AND, if you did it, it wouldn't restore it to brand new condition, unless it were maybe perfect, which apparently FEW are. If an interblock gap falls on a bad part of a disk, you could have TWO bad blocks where you used to have one, and some have said that the format doesn't write the bad block info, at least on some drives.

      As I said before, a morning to do a clean reinstall sounds LUDICROUS in my book. For a few STANDARD office packages, like word, and games, MAYBE. For someone that has actually worked with dozens of disparate packages, some of which are GIGABYTES? ARE YOU KIDDING!?!?!? It is ESPECIALLY ludicrous when you realize that just a low level format would likely take MUCH longer than the morning.

      Steve
      {{ DiscussionBoard.errors[3448868].message }}
      • Profile picture of the author Floyd Fisher
        Originally Posted by seasoned View Post

        Actually, a LOW level format(the type that actually realigns all block boundrys, etc... and all but obliterates all info) now often takes a ***LONG*** time, everyone recommends against it, and I don't believe there is a common interface for it. People haven't had to do it for like DECADES! I remember how long it could take with a couple dozen MEGAbytes! IMAGINE how long a TERABYTE would take. AND, if you did it, it wouldn't restore it to brand new condition, unless it were maybe perfect, which apparently FEW are. If an interblock gap falls on a bad part of a disk, you could have TWO bad blocks where you used to have one, and some have said that the format doesn't write the bad block info, at least on some drives.
        Seasoned:

        Doing an actual low level format on an IDE device will destroy the hard drive. Trust me, I tried it when IDE drives first came out, and turned some into paperweights doing just that.

        That is why you don't see that in the bios anymore...low level format was for RLL devices only.
        {{ DiscussionBoard.errors[3450724].message }}
        • Profile picture of the author Mike Wright
          Originally Posted by Floyd Fisher View Post

          Seasoned:

          Doing an actual low level format on an IDE device will destroy the hard drive. Trust me, I tried it when IDE drives first came out, and turned some into paperweights doing just that.

          That is why you don't see that in the bios anymore...low level format was for RLL devices only.
          Rubbish ....I do Dos low level formats regularly ... the most recent
          being last Saturday. The days of RLL and MFM and idiosyncratic
          early IDE/ATA drives are long gone.

          @ Steve
          For the average home user, hard drives have quite a short life ...
          say a couple of years. It is useless to have a 3 or 5 year warranty
          when a drive fails after a few weeks/months taking all the vital data
          with it. It is extremely unwise to have a single terabyte drive full of
          "vital stuff" just waiting to be trashed by disk/system failure or some
          virus or whatever. Equally, having multiple drives in some RAID/mirror
          configuration is pointless if the system self destructs .... when you do
          not have another second system to move the drives to.

          My approach is simply to burn everything I wish to keep or backup
          to good DVD/CD media which has an archive life of some 10 years
          and/or upload to my cloud webspace as appropriate. Currently, I also
          have 4 laptops and 2 PCs which all have the same 25GB of proven
          OS and other software installed. In the event of any significant issue,
          I just plug in an alternative computer and am up and going in very
          little time. I also usually delete all stuff that has been backed up and
          so rarely have more than 150GB accumalate on any hard drive before
          I appropriately reduce the amount. This also much reduces AV scanning,
          disk cleanup and defragging times. These and formatting times are
          irrelevant when you can multi-task on two or more computers without
          becoming dysfunctional, off-line or suicidal.

          Works for me


          @ Sal

          Hiya Sal ....well have been awol from here for a while. Happy to
          see you still dishing it out. Take care now
          {{ DiscussionBoard.errors[3451567].message }}
          • Profile picture of the author seasoned
            Originally Posted by Mike Wright View Post

            Rubbish ....I do Dos low level formats regularly ... the most recent
            being last Saturday. The days of RLL and MFM and idiosyncratic
            early IDE/ATA drives are long gone.
            OK, APPARENTLY, today it is PMR. SAME DIFFERENCE THOUGH!

            Hard disk drive - Wikipedia, the free encyclopedia

            Note where it says:

            HDDs record data by magnetizing ferromagnetic material directionally. Sequential changes in the direction of magnetization represent patterns of binary data bits. The data are read from the disk by detecting the transitions in magnetization and decoding the originally written data. Different encoding schemes, such as Modified Frequency Modulation (OTHERWISE known as MFM), group code recording(GCR), run-length limited(RLL) encoding, and others are used.



            @ Steve
            For the average home user, hard drives have quite a short life ...
            say a couple of years. It is useless to have a 3 or 5 year warranty
            when a drive fails after a few weeks/months taking all the vital data
            with it. It is extremely unwise to have a single terabyte drive full of
            "vital stuff" just waiting to be trashed by disk/system failure or some
            virus or whatever. Equally, having multiple drives in some RAID/mirror
            configuration is pointless if the system self destructs .... when you do
            not have another second system to move the drives to.
            A couple years? I have had FEW drives that have gone bad. I only remember about 6 personally. And THEY all lasted over 3 years! And 5 might sound like a lot, bit I am in my bedroom now. I do not have NEARLY all my hardware here! Not NEARLY! And I have 6 that I count right HERE! ALL work, and only two are less than 3 years old. One on the new system I bought a couple months ago, and one I bought maybe a year ago as a backup. I have to say, I am SHOCKED! I thought the disk drive would be the first thing to go bad in my laptops. And I AM talking about over almost 30 years! ALL except a few here have EASILY seen over 3 years of use. Admittedly, I am only using about 4 at a time now. So I have drives downstairs that have seen a LOT of use and, though they are almost 30 years old, may give a few more years of service. I had three problems:

            1. The door on a cd drive broke.
            2. A fan broke, after about 3 years or so.
            3. A display broke after about 4 years.

            No hard disk drives yet, knock wood. I had about 4 or 5 hard disk drives go bad on desk tops though. Most were old though.

            My approach is simply to burn everything I wish to keep or backup
            to good DVD/CD media which has an archive life of some 10 years
            and/or upload to my cloud webspace as appropriate. Currently, I also
            have 4 laptops and 2 PCs which all have the same 25GB of proven
            OS and other software installed. In the event of any significant issue,
            I just plug in an alternative computer and am up and going in very
            little time. I also usually delete all stuff that has been backed up and
            so rarely have more than 150GB accumalate on any hard drive before
            I appropriately reduce the amount. This also much reduces AV scanning,
            disk cleanup and defragging times. These and formatting times are
            irrelevant when you can multi-task on two or more computers without
            becoming dysfunctional, off-line or suicidal.

            Works for me
            GOOD, if you can do it.

            I have a 1TB drive I am trying to get everything up on BUT, after I do that, I WILL back it up, etc.... HECK, I think I am at a point where maybe I can do what I once planned to, and it would allow me to quickly back this stuff up.

            BTW when I say hard drive, I mean the old fashoined winchester type. I HAVE had poor luck with the open removable media type but then, WHO HASN'T? With those, it was about maybe 2 years, and the media AND the drive get destroyed. BTW most here have probably never even seen a removable media hard drive. I WILL say though, that decks RL01/RL02, etc... were lauded as great drives AND, while they could have been smaller and cheaper, I have to agree. I had some of those work for about 16 years, when I left.

            Steve
            {{ DiscussionBoard.errors[3453932].message }}
          • Profile picture of the author Floyd Fisher
            Originally Posted by Mike Wright View Post

            Rubbish ....I do Dos low level formats regularly ... the most recent
            being last Saturday. The days of RLL and MFM and idiosyncratic
            early IDE/ATA drives are long gone.
            Mike:

            That's not low level formatting. At best (depending on which setting you use) all you're doing is overwriting existing sectors on the disk with zeroes.

            Low level formatting is actually creating sectors on the track....which is something you can't do anymore (it's been removed since the 1990's and it's now only done at the factory)...and it's not recommended (unless you care to turn your hard drive into a paperweight...which I've done lol).

            These two articles explain it the best.

            Low Level formatting an IDE hard drive

            Using DEBUG to Start a Low-Level Format
            {{ DiscussionBoard.errors[3457830].message }}
            • Profile picture of the author seasoned
              Originally Posted by Floyd Fisher View Post

              Mike:

              That's not low level formatting. At best (depending on which setting you use) all you're doing is overwriting existing sectors on the disk with zeroes.

              Low level formatting is actually creating sectors on the track....which is something you can't do anymore (it's been removed since the 1990's and it's now only done at the factory)...and it's not recommended (unless you care to turn your hard drive into a paperweight...which I've done lol).

              These two articles explain it the best.

              Low Level formatting an IDE hard drive

              Using DEBUG to Start a Low-Level Format
              EXACTLY, which is why it takes SO long! You see, for whatever reason, disks have primarily used soft sectoring since like the 70s. One reason might be that the old system lost effectiveness as the platters got larger. I got into the industry around 1979 or so, and NONE of the systems I have ever had, made by DOZENS of manufacturers that represent about maybe 98% of the market, have EVER had HARD sectoring. And I don't think it has EVER been used on a winchestor drive. It's only been used on like floppies and SOME weird CDs. Anyway, softsectoring requires things to be formatted so the systenm can determine where it is. A low level format makes reading old info off the drive itself IMPOSSIBLE! NO software on the planet could read it because the drive simply CAN'T read it! PERIOD! Supposedly some can take the platters OUT of the drive and use SPECIAL equipment to pull some data off.

              HIGH level formatting simply writes a empty file directory, and VTOC(originally called FAT), and maybe a bootstrap segment. ALL the data is STILL there and INCREDIBLY easy to read. DOS or windows won't actually use it, because the file directory points to the first block of the file, which points to the next. And THAT is why "formatting" a 1PB drive takes about as long as a 1MB drive! HECK, VTOCS are sometimes chained like directory entries are. If they are, a 1PB(1000TB) drive would require NO more writing than a 32MB drive! Of course, with a LOW level format, a drive that is 10 times as large will take 10 times as long!

              http://en.wikipedia.org/wiki/Disk_formatting

              Look at "disk formatting process".

              Steve
              {{ DiscussionBoard.errors[3457951].message }}
        • Profile picture of the author MerlynSanchez
          I got one of these infections last year and was able to remove it from my laptop. It took a lot of time and several tries but I did it.

          About a month ago I was hit by a similar virus and I wasn't able to remove it. I finally broke down and took it in to BestBuy.

          I'm going to read through this thread to make sure that I have the necessary preventative measures set up because I don't want to go through that again!
          {{ DiscussionBoard.errors[3451573].message }}
        • Profile picture of the author seasoned
          Originally Posted by Floyd Fisher View Post

          Seasoned:

          Doing an actual low level format on an IDE device will destroy the hard drive. Trust me, I tried it when IDE drives first came out, and turned some into paperweights doing just that.

          That is why you don't see that in the bios anymore...low level format was for RLL devices only.
          Yeah, it COULD hurt some drives. BTW MOST drives today, at least last I heard, are RLL! RLL is the method used between the controller and the basic disk drive. It handles things on the sub BIT level. There were about 4 different standards but the only two that seemed to catch on were the tolerant MFM and the more demanding but greater density RLL.

          OH, And I DID format a number of MFM drives in my day. You really HAD to, if you wanted to use them. The RLL were about 30% faster, due to 50% more density, but similar. EVEN the latest drive on the market NOW couldn't format any faster. SIMILAR, and maybe WORSE rotational speed, SAME encoding mechanism, SIMILAR track to track, etc....

          With SCSI, to emphasize that they did NOT really use an interface, they called it an HBA(host bus adapter). Host adapter - Wikipedia, the free encyclopedia In any event, they are now accessed between the computer and interface on the DRIVE via commands. The same sort of thing was true with many graphics printers before the "winprinters".

          What this means is that a lot of the early block mapping, addressing, and even ENCODING LOGIC, is on the drive ITSELF, unlike that known as MFM or RLL. Because the encoding is all on the drive, they can format it knowing that it can be used as is.

          Steve
          {{ DiscussionBoard.errors[3453710].message }}
          • Profile picture of the author Floyd Fisher
            Originally Posted by seasoned View Post

            Yeah, it COULD hurt some drives. BTW MOST drives today, at least last I heard, are RLL! RLL is the method used between the controller and the basic disk drive. It handles things on the sub BIT level. There were about 4 different standards but the only two that seemed to catch on were the tolerant MFM and the more demanding but greater density RLL.

            OH, And I DID format a number of MFM drives in my day. You really HAD to, if you wanted to use them. The RLL were about 30% faster, due to 50% more density, but similar. EVEN the latest drive on the market NOW couldn't format any faster. SIMILAR, and maybe WORSE rotational speed, SAME encoding mechanism, SIMILAR track to track, etc....

            With SCSI, to emphasize that they did NOT really use an interface, they called it an HBA(host bus adapter). Host adapter - Wikipedia, the free encyclopedia In any event, they are now accessed between the computer and interface on the DRIVE via commands. The same sort of thing was true with many graphics printers before the "winprinters".

            What this means is that a lot of the early block mapping, addressing, and even ENCODING LOGIC, is on the drive ITSELF, unlike that known as MFM or RLL. Because the encoding is all on the drive, they can format it knowing that it can be used as is.

            Steve
            Thanks for the refreshment on MFM vs RLL...amazing what you can forget in almost 30 years.

            What I do remember is making the mistake of doing a low level format (which was done via the bios back in the day) on a then new IDE type hard drive and turning the poor thing into a paperweight. I learned the hard way that IDE drives have factory set synch bits....and low level formats erase those sans rewriting...thus they become rather expensive paperweights (ouch)....and I got screamed at by WD tech support when I told them what I did.

            I can laugh now, but back then, my butt hurt for months after that fiasco.
            {{ DiscussionBoard.errors[3457993].message }}
  • Profile picture of the author asteria
    Download Norton and run a complete scan of your comp. then try malwarebytes, on safe mode. worked for me every single time i get those. Ever since i had norton installed I never had that problem though.
    {{ DiscussionBoard.errors[3447279].message }}
    • Profile picture of the author Floyd Fisher
      Originally Posted by asteria View Post

      Download Norton and run a complete scan of your comp. then try malwarebytes, on safe mode. worked for me every single time i get those. Ever since i had norton installed I never had that problem though.
      Again...bad advice. The Norton itself may get infected upon download.

      Best option is to run the online scan....second best option is to download antivirus on a known clean machine, burn to bootable CD rom, and run that on the infected machine.

      Jeez...no wonder you guys get infected so often.
      {{ DiscussionBoard.errors[3450668].message }}
  • Profile picture of the author HeySal
    Mike - you'll never know how thankful I am that you and your buds were on my side when I first got online. I firmly believe I wouldn't even have a computer if it weren't for your expert guidance.

    As you can see from my security posts -- I paid very close attention, too.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3447314].message }}
  • Profile picture of the author Rikki_Fawkes
    After getting the Whitesmoke virus (very nasty indeed) a professional family member of mine spent several hours cleaning my computer. TDSSKiller eventually cleaned a good portion of it off, but it took quite a bit of time and frustration.

    After that harrowing experience, I now use Virtual Box for almost all of my browsing. So unless I know the site is really safe and I've never had problems with it, I use Virtual Box for absolutely anything unknown.

    I know, that's only after you've gotten rid of the problem, but it might help you after you get it straightened out.
    Signature

    Learn how you can get paid writing online with NO startup money! I will help you make part-time or full-time income as a freelance writer at http://getpaidwriting.org. No previous writing experience necessary!


    {{ DiscussionBoard.errors[3447335].message }}
  • Profile picture of the author seasoned
    I don't know if it is what rikki is talking about, but a virtual machine that is isolated IS a good way to protect your system, if you transfer programs only after you know they are safe. I guess an image/incremental backup could give you a lot of the benefits of installs, etc... without having to go through that garbage. Of course, that doesn't solve the problem of removing the problems.

    I was once tricked into reinstalling thee O/S in annother directory, by MICROSOFT! NEVER trust microsoft in such areas! NEVER! Look what Hesaidblissfully did. All that work, and only the lengthy process in #4 did anything. And Rikki is right.

    Even a PROFESSIONAL can only get like 90% of some viruses if he or she is lucky. And that can take HOURS!

    Steve
    {{ DiscussionBoard.errors[3448955].message }}
  • Profile picture of the author KimW
    Actually Steve, Hesaidblissfully could have skipped his steps 1,2,and 3 and just did step 4 and would have gotten the same results.
    I actually wrote a possible WSO on virus removal a couple years back. I maight send it to a couple of you guys that I know and trust to critique it for me.

    Sumit, have you gotten it resolved yet? Haven't heard from you lately.
    Signature

    Read A Post.
    Subscribe to a Newsletter
    KimWinfrey.Com

    {{ DiscussionBoard.errors[3449213].message }}
    • Profile picture of the author seasoned
      Originally Posted by KimW View Post

      Actually Steve, Hesaidblissfully could have skipped his steps 1,2,and 3 and just did step 4 and would have gotten the same results.
      I actually wrote a possible WSO on virus removal a couple years back. I maight send it to a couple of you guys that I know and trust to critique it for me.

      Sumit, have you gotten it resolved yet? Haven't heard from you lately.
      Yeah, I DID say "only the lengthy process in #4 did anything.". My point was that he spent SO much time and the first 3 steps did NOTHING! In fact, even if they solved 99% of his problems, it didn't help step #4 at all. This computer is a little netbook and apparently has a sequence to set everything back like it was when it was shipped. I doubt I'll ever dare run it.

      Steve
      {{ DiscussionBoard.errors[3449250].message }}
      • Profile picture of the author KimW
        Originally Posted by seasoned View Post

        Yeah, I DID say "only the lengthy process in #4 did anything.". My point was that he spent SO much time and the first 3 steps did NOTHING! In fact, even if they solved 99% of his problems, it didn't help step #4 at all. This computer is a little netbook and apparently has a sequence to set everything back like it was when it was shipped. I doubt I'll ever dare run it.

        Steve
        Yes Steve,you did. that was just my roundabout way of agreeing with you.
        Signature

        Read A Post.
        Subscribe to a Newsletter
        KimWinfrey.Com

        {{ DiscussionBoard.errors[3449280].message }}
    • Profile picture of the author Hesaidblissfully
      Originally Posted by KimW View Post

      Actually Steve, Hesaidblissfully could have skipped his steps 1,2,and 3 and just did step 4 and would have gotten the same results.
      Actually, no I couldn't. Running a factory restore was one of the first things I tried, but the particular infection that I had was preventing me from running it. Whenever I tried to run the restore to factory settings, I'd get error messages saying that one of the .DLL files couldn't be loaded. In my case, I HAD to clear out the infections first in order to even be able to run the factory settings restore.

      In retrospect, it was probably the rootkit infection that was preventing me from running the factory settings restore (which if that was the case, then I would've only needed to do steps 3 and 4 above), but I wasn't sure, and I did have other infections, so I ran the other two malware removers as a precaution.

      Edit: You're right though, in general, just running a factory restore should normally fix the problem, but in my case I wasn't able to at first.
      {{ DiscussionBoard.errors[3450253].message }}
      • Profile picture of the author KimW
        Originally Posted by Hesaidblissfully View Post

        Actually, no I couldn't. Running a factory restore was one of the first things I tried, but the particular infection that I had was preventing me from running it. Whenever I tried to run the restore to factory settings, I'd get error messages saying that one of the .DLL files couldn't be loaded. In my case, I HAD to clear out the infections first in order to even be able to run the factory settings restore.

        In retrospect, it was probably the rootkit infection that was preventing me from running the factory settings restore (which if that was the case, then I would've only needed to do steps 3 and 4 above), but I wasn't sure, and I did have other infections, so I ran the other two malware removers as a precaution.

        Edit: You're right though, in general, just running a factory restore should normally fix the problem, but in my case I wasn't able to at first.
        We may have different definitions of what a "factory restore" is.
        Signature

        Read A Post.
        Subscribe to a Newsletter
        KimWinfrey.Com

        {{ DiscussionBoard.errors[3451595].message }}
      • Profile picture of the author seasoned
        Originally Posted by Hesaidblissfully View Post

        Actually, no I couldn't. Running a factory restore was one of the first things I tried, but the particular infection that I had was preventing me from running it. Whenever I tried to run the restore to factory settings, I'd get error messages saying that one of the .DLL files couldn't be loaded. In my case, I HAD to clear out the infections first in order to even be able to run the factory settings restore.

        In retrospect, it was probably the rootkit infection that was preventing me from running the factory settings restore (which if that was the case, then I would've only needed to do steps 3 and 4 above), but I wasn't sure, and I did have other infections, so I ran the other two malware removers as a precaution.

        Edit: You're right though, in general, just running a factory restore should normally fix the problem, but in my case I wasn't able to at first.
        OK, THAT was even WORSE! But YEAH, I've been there. That guy I told you about that I helped? He BEGGED me to help him because his BUSINESS was on the system and he couldn't run ANY programs! One of the symptoms of it was that trying to run ANY program triggered the virus to say the program was infected, and would prompt you to buy their antivirus program. So BASICALLY they held your system HOSTAGE to get like $30 or more.

        Steve
        {{ DiscussionBoard.errors[3453600].message }}
  • Profile picture of the author KimW
    While this is a nice discussion, I still want to know if Sumit has solved his problem.
    Between the 6 of us that I know are knowledgable that are posting in this thread I would think we could get him up and running!
    Signature

    Read A Post.
    Subscribe to a Newsletter
    KimWinfrey.Com

    {{ DiscussionBoard.errors[3458010].message }}
    • Profile picture of the author seasoned
      Originally Posted by KimW View Post

      While this is a nice discussion, I still want to know if Sumit has solved his problem.
      Between the 6 of us that I know are knowledgable that are posting in this thread I would think we could get him up and running!
      When I get into discussions like this, it is often because the problem is nebulous, etc....

      If I were him, and didn't have the time, knowledge, etc... I would probably try to see if someone really COULD do this for $50. the programs are nice, but often WON'T work these days.

      Steve
      {{ DiscussionBoard.errors[3458096].message }}
  • Profile picture of the author Sumit Menon
    Thanks for the help everyone. On Tuesday, my Windows crashed. Then we had to do a reinstall. After that, the first site I opened contained a malware... lol. So, had to reinstall again. But, it's working okay now. Plus the engineer (also our neighbor) convinced Dad that we need a paid anti-virus solution. So, we got it. So, all is well now.

    Thanks again everyone for the help. Really appreciate it.

    Sumit.
    {{ DiscussionBoard.errors[3476585].message }}
  • Profile picture of the author Sumit Menon
    There's a limit to giving Thanks? LOL! Didn't know about that!
    {{ DiscussionBoard.errors[3476595].message }}
  • Profile picture of the author Sumit Menon
    Okay.. I commented too early! NO! I'm not fine.. I'm still infected. It doesn't take me to another page while searching now but whenever I restart my PC, the DEP closes the Explorer (and then explorer restarts). And the AV shows that it has blocked me from accessing the website xppclapgirl.com/<somename>.exe. The reinstall did no good (Like you guys mentioned).

    {{ DiscussionBoard.errors[3477006].message }}
    • Profile picture of the author Floyd Fisher
      Originally Posted by Sumit Menon View Post

      Okay.. I commented too early! NO! I'm not fine.. I'm still infected. It doesn't take me to another page while searching now but whenever I restart my PC, the DEP closes the Explorer (and then explorer restarts). And the AV shows that it has blocked me from accessing the website xppclapgirl.com/<somename>.exe. The reinstall did no good (Like you guys mentioned).

      Found your problem....here's instructions to remove it...I'm going to quote the article so you can print this...and get going.

      Originally Posted by SARC


      Discovered: July 23, 2009 Updated: July 23, 2009 8:28:29 PM Type: Worm Infection Length: 98,304 bytes Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 CVE References: CVE-2003-0352, CVE-2005-0059, CVE-2005-1983
      The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
      1. Disable System Restore (Windows Me/XP).
      2. Update the virus definitions.
      3. Run a full system scan.
      4. Delete any values added to the registry.
      For specific details on each of these steps, read the following instructions.

      1. To disable System Restore (Windows Me/XP)
      If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

      Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

      Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

      For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

      For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article: Antivirus Tools Cannot Clean Infected Files in the _Restore Folder (Article ID: Q263455).

      2. To update the virus definitions
      Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
      • Running LiveUpdate, which is the easiest way to obtain virus definitions.

        If you use Norton AntiVirus 2006, Symantec AntiVirus Corporate Edition 10.0, or newer products, LiveUpdate definitions are updated daily. These products include newer technology.

        If you use Norton AntiVirus 2005, Symantec AntiVirus Corporate Edition 9.0, or earlier products, LiveUpdate definitions are updated weekly. The exception is major outbreaks, when definitions are updated more often.
      • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them.
      The latest Intelligent Updater virus definitions can be obtained here: Intelligent Updater virus definitions. For detailed instructions read the document: How to update virus definition files using the Intelligent Updater.

      3. To run a full system scan
      1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.

        For Norton AntiVirus consumer products: Read the document: How to configure Norton AntiVirus to scan all files.

        For Symantec AntiVirus Enterprise products: Read the document: How to verify that a Symantec Corporate antivirus product is set to scan all files.
      2. Run a full system scan.
      3. If any files are detected, follow the instructions displayed by your antivirus program.
      Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.


      After the files are deleted, restart the computer in Normal mode and proceed with the next section.

      Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:

      Title: [FILE PATH]
      Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

      4. To delete the value from the registry
      Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
      1. Click Start > Run.
      2. Type regedit
      3. Click OK.

        Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
      4. Navigate to and delete the following registry entries:
        • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionpoliciesExplorerRun"Microsoft Driver Setup" = "%Windir%msddrv42.exe"
        • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun"Microsoft Driver Setup" = "%Windir%msddrv42.exe"
      5. Exit the Registry Editor.

        Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.
      Writeup By: Mario Ballano
      Technical Details

      {{ DiscussionBoard.errors[3477170].message }}
  • Profile picture of the author Floyd Fisher
    One more thing....tell your dad to stop surfing porn sites.
    {{ DiscussionBoard.errors[3477185].message }}
    • Profile picture of the author Sumit Menon
      Originally Posted by Floyd Fisher View Post

      One more thing....tell your dad to stop surfing porn sites.
      Porn sites? Dad doesn't use the PC! Only I do. And I don't surf them either... I thought I got infected when I visited firefox.org site (which is some fake site). A window popped up and said click here. The dialog box wouldn't close. So, I really did click! (I'm embarassed. ) It took me to some other page and the AV started ringing like crazy!

      But, thanks for the help Floyd. You have really been helpful. I'll do what you have posted.

      Sumit.
      {{ DiscussionBoard.errors[3479876].message }}
    • Profile picture of the author olamilekan2
      Thanks for this thread, very useful, Now can some pls help, My PC got infected with Trojan Virus, after remiving the virus with SuperantiVirus software, I can not use any programs installed on my PC with extension .exe, What can i do.
      Signature
      Morando Stores
      {{ DiscussionBoard.errors[3606447].message }}
  • Profile picture of the author daddykool
    Hey Sumit

    Try this for size, had a lot of emails from warriors that have *at last* got rid of scumware on their pcs / laptops, using some of our pointers!

    http://www.warriorforum.com/main-int...ans-guide.html

    Hope it helps you (anyone!)
    Signature
    LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
    {{ DiscussionBoard.errors[3493172].message }}
  • Profile picture of the author Sumit Menon
    Thanks @daddykool. But, it's already fixed thanks to Floyd.
    {{ DiscussionBoard.errors[3493273].message }}
  • Profile picture of the author deanameske
    First clear your cache and temporary internet files.
    Then run disk clean up and then use AVG antivirus.
    This will do remove all the threats from your PC.
    {{ DiscussionBoard.errors[3498920].message }}
    • Profile picture of the author KimW
      Originally Posted by deanameske View Post

      First clear your cache and temporary internet files.
      Then run disk clean up and then use AVG antivirus.
      This will do remove all the threats from your PC.

      Did you read the post above yours?
      Signature

      Read A Post.
      Subscribe to a Newsletter
      KimWinfrey.Com

      {{ DiscussionBoard.errors[3499447].message }}
  • Profile picture of the author seasoned
    Originally Posted by deanameske
    First clear your cache and temporary internet files.
    Then run disk clean up and then use AVG antivirus.
    This will do remove all the threats from your PC.

    Did you read the post above yours?
    The sad part is deana is TOTALLY wrong anyway! clearing out the temporary files, INTERNET cache, and the disk cleanup won't do ANYTHING, and AVG is NOT perfect. NOTHING is!

    Steve
    {{ DiscussionBoard.errors[3499637].message }}

Trending Topics