| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 43713 | 2004-03-24 09:24:00 | Troj tomadi.a =virus Advice please | supergran (108) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 224828 | 2004-03-24 09:24:00 | Hi, I got called to a friends place today, to try and get rid of a virus . Firstly, symantec said the puter didnt' have one, even though the dat files are up to date, so then I did a online scan at symantec which also said it didnt' have one, but this person had already run a scan at housecall, who said it had 4 files, infected with the troj tomadi . a virus, and they were uncleanable . After hunting, I found a fix, including editing the registry, which I followed to a t, and even time we reboot, the virus is back . I found this at Trend, just a bit of what I read "This Trojan disguises itself as an application that displays real-time stock information by connecting to the Yahoo Stock Web site at certain intervals . It drops a copy of itself in the Windows folder and adds entries to the startup folder and the system registry so that its copy runs at every Windows startup . It performs its malicious routines in the background . At certain intervals, it displays pop-ups of Web sites that points to specific Web pages . " After going through all the things I was supposed to according to the website, it is still there, replecating every time we turn on the puter . Help . Op system windows 98 . |
supergran (108) | ||
| 224829 | 2004-03-24 09:33:00 | sounds like more of a spyware/adware. give adaware/spybot a run. otherwise you need to find the file your mising which is either a BHO, temp file or startup link. |
tweak'e (174) | ||
| 224830 | 2004-03-24 09:39:00 | Everytime we reboot the puter, we have to turn off about 30 "search for shortcuts", even though we thought we had taken everything out of the registry . Dumb me never thought of ad aware . Thanks, I have it on cd, so will take it back tomorrow and try it . I thought that since trend said it was a virus, that is what I was concentrating on . Hopefully tomorrow night I will come on and say that todays 5 hours wasn't wasted, cos you gave me the solution . Even if it doesn't work, thanks, can't believe I didn't think of it, cos I use it weekly on mine . :-) |
supergran (108) | ||
| 224831 | 2004-03-24 10:02:00 | I would also download and run a trojan detector as well. The Cleaner (www.majorgeeks.com) is one that is recommended, otherwise find one here (www.majorgeeks.com). Don't forget to allow it to get the updates before scanning. | Susan B (19) | ||
| 224832 | 2004-03-25 11:08:00 | Well today we cleaned out the cache of the temp internet files, we run The Cleaner, we run adaware, and I also did all the stuff again that I did yesterday, and we are still getting all the shortcut queries as the puter boots up, all 32 of them, and also it tries to connect to the net on boot up. I have done searches for the files it is looking for, but obviously can't find them. I really appreciate the help you guys have given me, but any more info would be appreciated. There are no extra programs running, if I cont, alt delete, and wouldn't have the foggiest where to search in the registry for the shortcuts, so yes, Help. LOL Guess i could try Regcleaner, havent tried that yet. Oh well, guess that gives me tomorrows' mission. | supergran (108) | ||
| 224833 | 2004-03-25 12:22:00 | if you only getting missing short quieries then most likly just some leftover start entries. regcleaner should list them (regcleaner as in jv16). | tweak'e (174) | ||
| 224834 | 2004-03-26 13:50:00 | Thanks for the info, and about 3 this morning, I realised that the shortcut queries I was getting, were not from the trojan I had got rid of a couple of days ago, they were obviously left from a previous virus or somesuch. I don't think the person who got rid of the last virus, cleaned out the system properly. So I went back today, loaded start cop, nothing, run reg cleaner, and got rid of 31 shortcut queries, but one of the shortcuts come up twice, and that final one just keeps coming back. I run regcleaner again after reboot, still no luck, so I have given up. One shortcut query is a lot easier to get rid of on bootup, and the dialup thing as well, than the 32 that they did have. | supergran (108) | ||
| 1 | |||||