PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Computer infection
From:
J Bourvic <[log in to unmask]>
Reply To:
Personal Computer Hardware discussion List <[log in to unmask]>
Date:
Mon, 26 Jul 2010 16:29:35 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (164 lines) 
I offer this tidbit as a last resort. My son's computer picked up 
something that prevented him from going to virus detection sites, took 
over IE (actually established a proxy port to prevent going places to 
eliminate it), had pop-ups all over the place and warned you that M$ 
files were infected and you should delete them.

I went to www.bleepingcomputer.com and found the type of problem I had. 
There is a program they have called rkill.zip or .exe. Anyway, they even 
offer a renamed version in case the problem program prevents it from 
being downloaded. Do everything in safe mode with networking after you 
eliminate the ie PROXY redirect. That rkill will find stuff hidden in 
the registery, system and system32 folders, etc. and kill them. They 
then recommend running the free version of malwarebytes.

It cleaned out my son's computer. Why not give it a try. Can't do any harm.

Jean Bourvic

Donald DeWitt wrote:
> Update
>
>
>
> I have tried everything that was recommended by everyone including scanning
> the hard drive with a Kaspersky rescue CD disk at least three times.
> However, some threats still remain hidden somewhere in the files that are
> resisting detection. As Don Penlington commented; if the system is too badly
> infected, a reformat may be the only practical answer. If there are no other
> options, I guess I will do a fresh install. I do have a slave drive
> installed in the computer and most of my important files are there but I
> will still have to reinstall all my programs along with the operating
> system.
>
>
>
> Thanks to everyone for their input in this matter. You really don’t know how
> much your suggestions are appreciated.
>
>
>
> Don
>
>
> On Thu, Jul 22, 2010 at 6:34 PM, David Sherman <[log in to unmask]> wrote:
>
>   
>> Look here: http://security.symantec.com/nbrt/npe.asp
>>
>> Or
>> Try this online scanner
>>
>> http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavbmh.ht
>> ml<http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavbmh.ht%0Aml>which I rub run in safe mode with networking.
>>
>> -----Original Message-----
>> From: Personal Computer Hardware discussion List
>> [mailto:[log in to unmask]] On Behalf Of Donald DeWitt
>> Sent: Wednesday, July 21, 2010 10:01 PM
>> To: [log in to unmask]
>> Subject: Re: [PCBUILD] Computer infection
>>
>> Thanks Paul for your suggestions. I have been scanning the computer all day
>> with AVG, Superantispyware and Malwarebytes in normal mode and also in safe
>> mode and these programs seem to be incapable of removing this infection. It
>> seems that every time I run a scan the infection gets worse; last count was
>> up to thirty nine separate infections. As I mentioned before, AVG and
>> Superantispyware can identify and list every one of these things but cannot
>> do a removal.
>>
>>
>>
>> My programs are not running normal, the monitor flickers and turns black
>> for
>> a few seconds, then recovers and I'm getting numerous advertisement
>> pop-ups.
>>
>>
>>
>>
>> Do you think I should try a system restore? If so, what is the best way to
>> go about this?  The last thing I want to do is a Windows reinstall.
>>
>>
>>
>> Don
>>
>>
>> On Wed, Jul 21, 2010 at 1:08 PM, David Sherman <[log in to unmask]>
>> wrote:
>>
>>     
>>> Which virus?
>>>
>>> Look at Symantec etc for removal tool.
>>>
>>> Also please install SP3.
>>>
>>> thanks
>>>
>>> -----Original Message-----
>>> From: Personal Computer Hardware discussion List
>>> [mailto:[log in to unmask]] On Behalf Of Donald DeWitt
>>> Sent: Wednesday, July 21, 2010 12:39 PM
>>> To: [log in to unmask]
>>> Subject: [PCBUILD] Computer infection
>>>
>>> Hello everyone,
>>>
>>>
>>>
>>> I'm running XP windows service pack 2 on a Dell desk top computer.
>>>
>>>
>>>
>>> I acquired an infection from the internet that has been documented and
>>> located by both Avg and Superantispyware in; Documents and
>>> Settings\Local Service\Cookies\System.
>>>
>>>
>>>
>>> There are presently twenty some variations of this infection and still
>>> growing. Avg and Superantispyware have no problem finding and listing
>>> all of these, however they cannot remove them. I tried running SDFix
>>> as recommended on PCbuild a while back but it is too complicated for
>>> me to operate.
>>>
>>>
>>>
>>> If anyone has any suggestions, I would appreciate it
>>>
>>>
>>>
>>> Don
>>>
>>>                   Visit our website regularly for FAQs,
>>>               articles, how-to's, tech tips and much more
>>>                          http://freepctech.com
>>>
>>>                  Visit our website regularly for FAQs,
>>>               articles, how-to's, tech tips and much more
>>>                          http://freepctech.com
>>>
>>>       
>>                  Visit our website regularly for FAQs,
>>               articles, how-to's, tech tips and much more
>>                          http://freepctech.com
>>
>>             Do you want to signoff PCBUILD or just change to
>>                    Digest mode - visit our web site:
>>                   http://freepctech.com/pcbuild.shtml
>>
>>     
>
>         The NOSPIN Group has added a new feature on our website,
>            web based bulletinboard for questions and answers:
>               Visit our sister website at http://nospin.com
>
>
>   

         PCBUILD maintains hundreds of useful files for download
                     visit our download web page at:
                  http://freepctech.com/downloads.shtml

ATOM RSS1 RSS2