Virus removal

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
It looks like I've got a virus.

Boot.ini gone
Just about everything deleted from my desktop
Start menu links not working
etc

My ISP provides Norton Protection Centre which I have tried to reinstall
(after unistalling my original broken install) and I'm going round in
circles downloading, installing only to be told it's not installed.

I've tried installing Avira Antivirus from a recent coverdisk but it comes
up as 'not a Win32 application'.

I intend to format and install a disk image I have from my last install but
I'd like to back up some stuff to an external drive first. It would be nice
to run a virus scanner first but installing one looks like it is not a
possibility.

Are there any online virus scanners that will actually remove viruses rather
than just tell you you have a virus? Alternatively, with the assistance of a
comuter savvy friend, would it be possible to create a CD I could run a
virus scanner with recent virus definitions from?

Regards



Re: Virus removal


| It looks like I've got a virus.
|
| Boot.ini gone
| Just about everything deleted from my desktop
| Start menu links not working
| etc
|
| My ISP provides Norton Protection Centre which I have tried to reinstall
| (after unistalling my original broken install) and I'm going round in
| circles downloading, installing only to be told it's not installed.
|
| I've tried installing Avira Antivirus from a recent coverdisk but it comes
| up as 'not a Win32 application'.
|
| I intend to format and install a disk image I have from my last install but
| I'd like to back up some stuff to an external drive first. It would be nice
| to run a virus scanner first but installing one looks like it is not a
| possibility.
|
| Are there any online virus scanners that will actually remove viruses rather
| than just tell you you have a virus? Alternatively, with the assistance of a
| comuter savvy friend, would it be possible to create a CD I could run a
| virus scanner with recent virus definitions from?
|
| Regards
|


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free /

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus removal


Quoted text here. Click to load it

Snipped


Snipped again

Thanks for the comprehensive reply. I have a cunning plan.......
May or may not be one of my brightest ideas but I'm making a bootable DVD
with the Drive Image files on it. Hopefully that will let me create a clean
install on a spare HDD. Then I'll set up as you have suggested and scan my
hard disks one by one.



Re: Virus removal


Quoted text here. Click to load it
but
nice
rather
a
You might want to try this:     http://avptool.virusinfo.info/en /



Re: Virus removal


Quoted text here. Click to load it


Gave that a try and it came up with 15 viruses and loads of infected files.
Now to try and get rid of them.  :-)



Re: Virus removal



|
Quoted text here. Click to load it
| Gave that a try and it came up with 15 viruses and loads of infected files.
| Now to try and get rid of them.  :-)
|

Are you saying that AVPTool detects but doesn't remove ?

If yes, the Kaspersky module in my Multi AV Scaning Tool does.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus removal


Quoted text here. Click to load it
Very quick reply before I go to work.

I used the Kaspersky online scan just to see what it came up with. I assumed
I then have to pay to get rid. (Not that I mind paying).

I thought a fresh install on a formatted hard disk with no other hard disks
installed would then give me the best chance of cleaning up the infected
hard disk before I try and back anything I might want to keep.
Regards.



Re: Virus removal


Quoted text here. Click to load it

Ran it for 12 hours and then another user logged off and it quit scanning
but reported 16 trojans which 'could not be cleaned'. Then it left a folder
on my destop named "Kaspersky Lab Tool" which I can't get rid of. I've tried
removing it directly, through the Control Panel's 'Add or Remove' and from
the Desktop folder itself. The Control Panel shows the tool as deleted but
the folder persists. Any idea how to get rid of this 204Mb intruder? I'm
going to reload the tool and see if I can get rid of the folder in some way.
Won't use this tool again you can bet. Help! ;-)

Bud

Re: Virus removal


Quoted text here. Click to load it

In the desktop folder you should see unins000.exe. Double click on it
and it should fully and cleanly uninstall.

The "could not be cleaned" report for Trojans is normal. They must
be deleted.

AVPTool is probably the best on-demand and emergency scanner
available for general malware. It's unfortunate that they don't
yet make it obvious to users how to uninstall it. You don't have
to uninstall it each time you want to update it, BTW. Simply
download the latest build and run its setup again.

Art



Re: Virus removal

Art wrote:
Quoted text here. Click to load it

Tried that but the proggy was already uninstalled through the Control Panel
'Add or Remove' and the Desktop folder remained. Further search found it was
present, checked and loading in msconfig Startup as "Start 71'. Unchecked it
and then the desktop folder deleted without problem.

Quoted text here. Click to load it

That option wasn't seen but a link to dll a trial version of Kaperski was.

Quoted text here. Click to load it

If you say so butI am a bit leery of Kapersky as all the free scans I've run
have found items not found by any of my other proggys and no cleaning has
ever been offered (other than to load Kaspersky) that I could find. Color me
dumb but...

Bud

Re: Virus removal


< snip >

|
| If you say so butI am a bit leery of Kapersky as all the free scans I've run
| have found items not found by any of my other proggys and no cleaning has
| ever been offered (other than to load Kaspersky) that I could find. Color me
| dumb but...
|
| Bud

The Kaspersky module in my Multi AV Scanning Tool will detect and remove malware.

It uses the same signatures as AVPTool.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free /

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Virus removal


Quoted text here. Click to load it

I have used your tool in the distant past. Will it auto-update the sigs or
do I need to re-download and install new from your provided link? Thanks.

Bud

Re: Virus removal


|
Quoted text here. Click to load it
|
| I have used your tool in the distant past. Will it auto-update the sigs or
| do I need to re-download and install new from your provided link? Thanks.
|
| Bud

It will always check for and download the latest signatures in the Kaspersky
module and in
the Sophos, McAfee and Trend Micro modules it will always check for and download
the latest
engines and signature files.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline