| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57578 | 2005-05-06 11:27:00 | Help Virus | G-Boy (6793) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 352806 | 2005-05-06 11:27:00 | Help Please..i went to a site to look at some wallpapers and have got a virus and am unsure what to do. It has highjacked my browser and i cant change my homepage it just keeps changing back to "ABOUT:BLANK: It also adds files to my favourites even after i delete them, Ive run Adaware avg and spybot and cleand it up but as soon as i open the web or a windows folder it puts the virusus back again. Ive noticed a IEXPLORE.EXE In my WINDOWS/VCM. im not shure if that ones all ways been there, it is the same size as the one in my Programe files. Everytime i go to search for a file or open a window it seems to create two new virusus. MSNP32.EXE SDKNA.EXE CRMI.EXE ADDKZ32.EXE MSIJ.EXE are but to name a few of the 30 or so two new viruses it creates each time i open a window. it seems to have a different virus name each time. The viruses are all Trojan downloaders with 11q or 12d at the end of the "exe" in the virus name. Please what do i do :help: | G-Boy (6793) | ||
| 352807 | 2005-05-06 11:36:00 | Have you looked at the FAQs? Between Register and Member's List on the top toolbar. Thrash through them. Ones on Spyware and homepage hijackers. Then I'd try CWShedder | mark c (247) | ||
| 352808 | 2005-05-06 11:41:00 | You sure it isn't this?? mspn32.exe? www.trendmicro.co.jp You'll have to remove it manually. Xoftspy says it'll remove it, BUT I think u haveta register this before it'll remove anything. Or go here http://housecall.trendmicro.com/ See if this site scans and removes it. I would also update your system if I were u, once u remove this. |
Speedy Gonzales (78) | ||
| 352809 | 2005-05-06 11:55:00 | You sure it isn't this?? mspn32 . exe? . trendmicro . co . jp/vinfo/virusencyclo/default5 . asp?VName=WORM_RBOT . AVL" target="_blank">www . trendmicro . co . jp You'll have to remove it manually . Xoftspy says it'll remove it, BUT I think u haveta register this before it'll remove anything . Or go here http://housecall . trendmicro . com/ See if this site scans and removes it . I would also update your system if I were u, once u remove this . Yea no it says i have a trojan downloader, not a worm, I dont have any odd enteries in my reg CURRENT USER/SOFTWARE/MICROSOFT/WINDOWS/CURRENT/RUN . . . RUNONCE . . OR RUN SERVICES . The virus creates its self even if i unplug the modem |
G-Boy (6793) | ||
| 352810 | 2005-05-06 13:47:00 | Use Ccleaner (www.ccleaner.com) first, with all boxes ticked , then run About buster (http:) , depending on the version should clean it up, although it is an insidious beggar. | pheonix (36) | ||
| 352811 | 2005-05-06 21:15:00 | I've found you often have to remove it manually. Hijackthis is good too as well as the others mentioned. Download the lot and run them all. Hijackthis will tell you if it's gone or not. | pctek (84) | ||
| 352812 | 2005-05-06 23:18:00 | I've found you often have to remove it manually. Hijackthis is good too as well as the others mentioned. Download the lot and run them all. Hijackthis will tell you if it's gone or not. Hey thanks for your reply, Ive downloaded and run every program in the FAQ but i still cant get rid of this thing. I made a Highjack this log, can u tell me where i post them for help. This virus is trying to make registry every time i open a window. |
G-Boy (6793) | ||
| 352813 | 2005-05-06 23:21:00 | Post the hijackthis log in here. And we'll see what needs removing. | Speedy Gonzales (78) | ||
| 352814 | 2005-05-07 01:00:00 | Post the hijackthis log in here. And we'll see what needs removing. DO i make the log with spybot stopping the reg changes as it is now, or do i let the virus make the changes to the reg, and then make the log |
G-Boy (6793) | ||
| 352815 | 2005-05-07 01:08:00 | No. Spybot has nothing to do with the hijackthis log. Download HJT do a scan and copy and paste what it brings up. Might as well do it now.... We'll see what we can do. |
Speedy Gonzales (78) | ||
| 1 2 | |||||