| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 55470 | 2005-03-11 08:07:00 | trojan horse startpage.16.m | drcspy (146) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 333040 | 2005-03-12 05:42:00 | LOL YEP i love that view Metla.........and yes i agree ....deciding when to cut the losses is the key....anyway Im running some other prog now.....damn I've forgotten what it is....probably the couple of bourbons I've had hehehe......so we'll see what happens..........ah as for 'disable system restore'.....those who suggest it ....................WHY ?.... | drcspy (146) | ||
| 333041 | 2005-03-12 05:51:00 | ah as for 'disable system restore'.....those who suggest it ....................WHY ?....FAQ #19 - How do I get rid of a virus in the Restore Directory? (pressf1.pcworld.co.nz 19): Read the explanation. | FoxyMX (5) | ||
| 333042 | 2005-03-12 06:26:00 | and who said the virus was in the restore directory ?..........in other words ......unless you KNOW it's in there WHY disable system restore and wipe it. ?......of course it likely is in there, (not now cause i have wiped the restore files) but the other VERY VALID point is...............what damage can a virus do when it's just sitting in the restore directory unless the user chooses to restore that particular date ?.............again......theres NO point in just deleting yoru restore files as many tend to suggest just because there MAY be a virus in there and even if there is it wont remove the ACTIVE virus on the system ........so.......why do a couple of the previous posters seem to suggest that deleting the restore folders may help the situation with the ACTIVE virus ?..........this often annoys me .....folks give out suggestions without any real knowledge of the reasons/consequences............. | drcspy (146) | ||
| 333043 | 2005-03-12 06:43:00 | i just got rid of one of those trojans today. It was "trojan horse startpage.17.u" (without the quotes". I got rid of it like this......, Scan with adaware, spybot..... Scan with AVG so you can find out where the trojan is hiding. Write down the trojans name and address. Turn off system restore. Restart in "Safe Mode" Open Windows Explorer. Find trojan and delete. Empty rubbish bin. Scan with AVG. Turn on System retore and that was it.... It's probably an arse about face way of doing it but seems to have worked for me. Give it a try, lazydog |
lazydog (148) | ||
| 333044 | 2005-03-12 06:49:00 | and who said the virus was in the restore directory ?..........in other words ......unless you KNOW it's in there WHY disable system restore and wipe it. ?......of course it likely is in there, (not now cause i have wiped the restore files) but the other VERY VALID point is...............what damage can a virus do when it's just sitting in the restore directory unless the user chooses to restore that particular date ?.............again......theres NO point in just deleting yoru restore files as many tend to suggest just because there MAY be a virus in there and even if there is it wont remove the ACTIVE virus on the system ........so.......why do a couple of the previous posters seem to suggest that deleting the restore folders may help the situation with the ACTIVE virus ?..........this often annoys me .....folks give out suggestions without any real knowledge of the reasons/consequences............. Because any infection on the machine IS going to be in there,rendering any cleanup a complete waste of time,Flushing the system restore is a 100 percent nesercary step. Plus it halves the scan time,removing the need to go through quite a few gig of bloat. |
Metla (12) | ||
| 333045 | 2005-03-12 08:23:00 | thanks lazydog however I've done all that and still it keeps reappearing...... | drcspy (146) | ||
| 333046 | 2005-03-12 10:55:00 | WHAT have I done so far ?.....slaved it run a scan with norton....no virus (lol) same with avg picked up a couple.....run cws.....run hijack this and removed almost everything in the list (lol) ......run adaware.......run ccleaner.......run stinger .......run vcleaner.........run trojan remover...no virus......(grrrr).......run process explorer and identified that its rundll32.exe thats causing the probs......gone thru the reg as per norton instructions and found bugger all.....and done several other things I cant even remember.......I kinda like Metlas suggestion but it's gonna be a real pain in the ass to do that cause it's a business pc and I've no idea wether they 've got the cd's for their original apps etc .......probably dont.....then it'd need to be reset up on their network etc etc......real annoying.....run a few other things.....cant remember now done a LOT and still it comes back........oh yep run about:buster......installed spyware blaster and tried to lock the system down.....run rapid blaster killer......installed spybot1.4 with teatimer reg protection........GRRRRRRRRRRRRRRGah! Do you have any idea how hard that is to read? Please for the love of God paragraph - it'd be quicker to hit enter than .............. and make it a crapload easier to read. A lot of docs point to CWShredder being able to get rid fo it. Have you made sure you've updated CW Shredder? www.intermute.com Apparently AVG can get rid of it if run in safe mode. I'd also try a Trend housecall. Tried MSConfig and unticking rogue items? Also go through add/remove programs and remove crap like nCase, MyWebSearch, 180 Search etc etc. Definitely disable system restore. This computing.net Suggests removing se.dll in safe mode (along with other stuff). An HJT log wouldn't go astray. Make sure it has FireFox on it before they get it back. |
ninja (1671) | ||
| 333047 | 2005-03-12 11:01:00 | A quick check of hits on the web shows this to be quite a hard issue to resolve. I found an interesting post that seems to deal with WinMe as well as XP. computing.net Good luck. |
Harry (854) | ||
| 333048 | 2005-03-12 11:01:00 | why do a couple of the previous posters seem to suggest that deleting the restore folders may help the situation with the ACTIVE virus ?..........this often annoys me .....folks give out suggestions without any real knowledge of the reasons/consequences.............Because the files can be executed from in there by other processes, called by startup entries and often are what cause reinfections every reboot. People wouldn't tell you to do it if it wasn't relevant and helpful. At any rate what is there to lose by clearing the system restore? Nothing of any real value. Almost every Norton walkthru I've ever read suggest turning off system restore before doing anything. The first few links here cover it: www.google.co.nz |
ninja (1671) | ||
| 333049 | 2005-03-12 21:15:00 | ok think i've got the B*stard.......mainly due to a program called Gpo@moveonboot set it to remove any suspicious files before they get active also used a prog called 'restrictapp' which stops undesirable apps from running......grrrr....... | drcspy (146) | ||
| 1 2 3 | |||||