Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
0 user currently in Hardware/Software. |
Acmlm's Board - I2 Archive - Hardware/Software - Virus on computer, can't get it off! | | | |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
KsoftFusion Paragoomba Level: 15 Posts: 56/71 EXP: 13389 For next: 2995 Since: 06-19-04 From: I don't know, gimme a map. Since last post: 25 days Last activity: 1 day |
| ||
Whenever I boot up Windows, I get a message from my virus scanner that C:\XZ.EXE was infected with "W32/Sdbot.worm.gen.h". It comes up every time I start the computer-- seeming to make the file again and again on every boot. I looked it up, but it's hard to find info to remove it. McAfee says it makes two registry keys: # HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run "Services Host" = scchost.exe # HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\RunServices "Services Host" = scchost.exe But they are not there. It also says it will copy itself to the Startup folder in the start menu, but it's not there. I don't know what to do, help!! |
|||
ExKay Somebody set up us the bomb! Level: 50 Posts: 736/1114 EXP: 908268 For next: 39049 Since: 03-15-04 From: Hannover, Germany Since last post: 14 hours Last activity: 1 hour |
| ||
Start you computer in safe mode, make a virus check and remove all files related to this virus, then check again and restart in normal mode. | |||
KsoftFusion Paragoomba Level: 15 Posts: 57/71 EXP: 13389 For next: 2995 Since: 06-19-04 From: I don't know, gimme a map. Since last post: 25 days Last activity: 1 day |
| ||
Sure, that'd be great, but apparently this virus has over 4000 variants, and each one uses a different name. I don't know what files could be if I don't know which variant it is (all the variants have the same name in virus databases) | |||
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 1480/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
They're non-existent you say? It could be hidding... and that's basically what a rootkit is. They're very hard to remove without formatting the hard disk. You can run ClamAV from SystemRescueCd. Tell me what filesystem you use on your computer and I'll go through checking your system for you. |
|||
KsoftFusion Paragoomba Level: 15 Posts: 58/71 EXP: 13389 For next: 2995 Since: 06-19-04 From: I don't know, gimme a map. Since last post: 25 days Last activity: 1 day |
| ||
Crap. Reformat the drive? I'd have to back up 100 GB of data!!! I just noticed that I can't see my SYSTEM32 directory any more. Viewing hidden files and folders is on, but it's not there. I run NTFS, BTW. EDIT: I found out I can get to the SYSTEM32 directory using the command prompt. It just won't appear in Explorer. EDIT2: I just found out this virus was dropped into a file as C:\XZ.exe by "Win32.Alcan.B". Im going to try removing it. EDIT3: I got rid of the virus by deleting C:\Program Files\Winupdate. It's the Win32.Alcan.B virus. I'm not getting the virus alerts any more, but one of the symptoms of the virus is that it creates fake .com files in SYSTEM32 that keep me from running those apps unless I type the full path (typing regedit in run would open regedit.com, which is fake, so I must type C:\windows\regedit.exe) I went into command prompt and tried deleting the COM files, but it claims they do not exist. Also, I still can't see my SYSTEM32 directory. (edited by KsoftFusion on 06-08-05 03:06 AM) (edited by KsoftFusion on 06-08-05 03:24 AM) (edited by KsoftFusion on 06-08-05 03:50 AM) |
|||
Tanookirby Bullet Bill Level: 30 Posts: 61/509 EXP: 152637 For next: 13232 Since: 05-09-05 Since last post: 2 days Last activity: 2 hours |
| ||
Have you ever considered using Norton Antivirus? It's a good program to use to scan for viruses. | |||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 4917/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
AVG has always worked for me. Also, make sure you delete all those .COMs and scan again, because no doubt running them will re-infect you. | |||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 846/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
And if this helps, try removing the hard drive, and running it on another computer. I've found that normally the viruses add something to the startup sequence, but if the drive is accessed by another computer, the viruses remain dormant. You could also try running msconfig.exe, then going to the startup tab. | |||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 4929/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
If you have another computer (or even another OS), yes, that's definetely a good way to do it. Some viruses like to nest in the boot sector or OS kernel. Just make sure you don't accidentally infect that OS too. (Plus, since your OS wouldn't be running off that drive, you would have unrestricted access; the system won't be hiding files or not letting you tinker with it.) | |||
Sukasa Boomboom Error 349857348734534: The system experienced an error. Level: 57 Posts: 850/1981 EXP: 1446921 For next: 39007 Since: 02-06-05 From: *Shrug* Since last post: 6 days Last activity: 1 day |
| ||
Oh, and those methods will both have a good chance of working, I've had to use them both a couple of times. Unrestricted access is a plus, definitely. The only thing is, be careful NOT TO LET THE VIRUSES BEGIN EXECUTION!!!!! That happened to me.. Damn I hated having to deal with that. The problem was, when I tried to delete the virus, it executed before it was deleted, and infected my system. thank god for system restore. |
|||
KsoftFusion Paragoomba Level: 15 Posts: 62/71 EXP: 13389 For next: 2995 Since: 06-19-04 From: I don't know, gimme a map. Since last post: 25 days Last activity: 1 day |
| ||
I fixed it a few days ago. Those .COM files were officially dummy files that did nothing. I had to go into safe mode and turn on system file viewing to delete them. Rescanned and got nothing. |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Hardware/Software - Virus on computer, can't get it off! | | | |