| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56373 | 2005-04-03 05:50:00 | How do we grab/destroy sneaky virus? | sunhawk (7788) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 341076 | 2005-04-03 05:50:00 | I've always been able to hunt down and dispatch any virus/trojan etc that has moved in on my granddaughter's PC. But this one is different. I've tried every trick I know in order to 1) identify it, and 2) get rid of it, but every move I make is blocked. I thought I may out-wit the toe rags that programmed this one. I've loaded a few programs (eg CWShredder etc) onto one of my own floppys and tried to snuck in the back door as it were, but not a chance. Every time I call up a site that deals with viruses and/or trojans (using IE) their home pages flash onto her screen before disappearing and reverting back to the desktop. Mr Merijn of "HijackThis" fame even gives an IP address presumably to fool the blocking commands, but once again --- checkmate! If I only knew what I was supposed to be hunting. Like looking for a cockroach in a blacked-out room. I've wondered whether it's "CoolWebSearch" or a variant thereof. I understand they can be extremely sneaky and elusive. Would it be a "hijacker" if there is such a thing? The infected PC runs XP Home/IE6/ SP1/ZoneAlarm, but she's addicted to MSN chat rooms and downloads lots of data (jpg & mp3 etc). I'm not going to install SP2 yet for obvious reasons. Is there any glimmer of light at the end of our long black tunnel? I'm not quite sure what to try next. Any clues anyone? |
sunhawk (7788) | ||
| 341077 | 2005-04-03 06:09:00 | You could try an online scan http://housecall.trendmicro.com/ or www3.ca.com or Get Stinger vil.nai.com or Get Trojan remover www.simplysup.com not free. BUT it may pick something up. Or Post a log of what Hijackthis scans, back in this post. Or try Spybot or Ad-aware 1.05 SE. Adware or spyware can hijack a browser. And there's quite a few that do this. |
Speedy Gonzales (78) | ||
| 341078 | 2005-04-03 06:32:00 | Try running spybot, adaware, stinger, A2 or your antivirus in safe mode. Safe mode I have found somtimes stops the little beasties from becoming a active running process on startup. Look out for the self repairing virus. I came across one the other day ie stop the process, delete the file, and couple minutes later its back, there was a monitor process that I missed, that monitored the status of both the file and the main process and this monitoring process did not show on task manager it took a lot of detective work in safe mode to find the file responible for this hidden monitoring process. Oh I found the hidden process thanks to spybot, one of spybots plugins shows running processes and a comparson between that and task manager revealed a few suspects, hijack this is also handy. happy hunting |
beama (111) | ||
| 341079 | 2005-04-03 08:17:00 | If all else fails, download, unzip, and run this cleaner from Trend (homepages.slingshot.co.nz). Although, it is quite large, being about 9megs. Also, it is wise scan/clean in safemode, which will stop any startups such as trojans. |
pheonix (36) | ||
| 341080 | 2005-04-03 11:41:00 | okay the first thing to do is try to prevent the offending program loading in the first place. Firstly disconnect from the internet/LAN 1) Start->Run->msconfig->Startup tab and uncheck everything 2) Check the services tab while there but it can be tricky if you don't what the genuine services are. Reboot. Download Hijack this using Firefox (i.e. stop using IE) Post the output somewhere like this forum Once you have identified it then find a removal tool (Symantec has many for viruses/worms). If getting desparate (and you don't have any good System Restore restores) then you can repair system files with the command: sfc /scannow You will have to reapply service packs and updates (and have your xp CD handy). Probably you should really: reinstall XP after formatting drive and restore data from backup. |
gibler (49) | ||
| 341081 | 2005-04-03 11:53:00 | Thanks guys. Your suggestions noted. This "thing" seems to have all bases covered. Even in safe mode. I'll keep on trying to out-wit it though. I'll let you know if I come up with anything. Cheers. | sunhawk (7788) | ||
| 341082 | 2005-04-03 11:57:00 | Do give the MS Spyware scanner a go. | Rob99 (151) | ||
| 341083 | 2005-04-03 12:15:00 | Yes Gibler ... I wondered about doing something similar to what you suggest. Bit drastic, but maybe it's my only option. A non-destructive reinstall would be preferrable. Part of my problem though is that the PC in question came with a partitioned HDD with Windows data preinstalled on drive D. No CD. Pain in the butt actually. I've used the scannow facility. Took me a while to work out how to bypass the need for the CD ... But first I have to identify and dispatch this "thing" don't I. Thanks anyway. | sunhawk (7788) | ||
| 341084 | 2005-04-04 00:33:00 | try webroot spy sweeper, and if its xp then try xp antispy, both of those seem to rate very high. Spybot is still good but its really a one man band. And lavasoft seem to be a bit slack of late, not that they dont do a great job too. | Budda (2736) | ||
| 341085 | 2005-04-04 00:50:00 | see if you can identify what process it is, or may be by opening taskmanager in 'ordinary windows' and taking a screen shot or other note of what processes are running......then goto safe mode and compare the processes........then....use this program...... windowsxp.mvps.org .........to restrict whatever you are suspicious of from running..........it'll block stuff from running at startup and is possibly the MOST effective at this that i have found you can use it to block .dll's and anything pretty much......... | drcspy (146) | ||
| 1 | |||||