📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

All kinds of virus problems

Options
24

Comments

  • closed
    closed Posts: 10,886 Forumite
    edited 11 November 2010 at 7:15PM
    reboot, update again, then another full scan

    keep scanning with everything you have until all clean

    http://www.avira.com/en/support-download-avira-antivir-rescue-system
    !!
    > . !!!! ----> .
  • ok, doing that now, thanks
  • GunJack
    GunJack Posts: 11,837 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    HAng on, think we're overlooking the obvious here - look at the filepath for the detections....all temp files. First things to do would be to would:-

    1. Turn off system restore (to delete all restore points, as there's probably elements hiding in there)

    2. Do a full disk cleanup (open (My) Computer, right-click on hdd, Properties, disk cleanup - make sure all the element's tick-boxes are ticked, and let it clean. This will bin all temp files.

    3. run ccleaner (cleaner part) to be sure.

    Then:-

    a. continue with full mbam scan (remember to UPDATE it again immediately before scanning). Post the log after deleting all it finds.

    b. do a new hijack this run, and post the log.

    Rootkits are nasty, but a combination of hitman, combofix and dr web is more often than not powerful enough to sort them, if mbam can't do it alone :)
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • closed
    closed Posts: 10,886 Forumite
    edited 11 November 2010 at 8:29PM
    If they are active (open files), they won't be deletable with ccleaner (does no harm to try though), and if they are true rootkit's cloaked with mbr code, won't be visible with hijackthis.
    !!
    > . !!!! ----> .
  • malware has stopped and i had a blue screen with Stop: C00000892 hard error, unknown hard error???
    so have had to start again. ( takes about 3 hours)

    I will try and do all the points above and come back and let you know how i get on

    thanks for the help so far
  • GunJack
    GunJack Posts: 11,837 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    closed wrote: »
    If they are active (open files), they won't be deletable with ccleaner (does no harm to try though), and if they are true rootkit's cloaked with mbr code, won't be visible with hijackthis.

    Agreed, but I tend to find that a good clearout before starting does generally help, especially if the nasties are re-activating even after supposedly being deleted by av/mbam. Hitman is good in this respect too, as it'll kill most of those processes before scanning.
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • have tried twice to run full scan but get blue screen with hard error as above, did do a clear up but had not ticked all the boxes so just doing that now.
    how do I do step 3? (from gun jack) what is ccleaner? do you have a link or is it on the computer somewhere?
    when i was last doing to full scan before computer went to blue screen it had found 2 things. but was unable to to do anything about them although avira did have a pop up that they had found something as well
  • DCFC79
    DCFC79 Posts: 40,641 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    have tried twice to run full scan but get blue screen with hard error as above, did do a clear up but had not ticked all the boxes so just doing that now.
    how do I do step 3? (from gun jack) what is ccleaner? do you have a link or is it on the computer somewhere?
    when i was last doing to full scan before computer went to blue screen it had found 2 things. but was unable to to do anything about them although avira did have a pop up that they had found something as well

    ccleaner link
  • GunJack
    GunJack Posts: 11,837 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    are you still working in safe mode with networking?? If not, I would re-boot into it and work from there. There is always the possibility that a nasty has corrupted mbam (had this with some recently), so you may need to uninstall and download it again...link

    http://www.filehippo.com/download_malwarebytes_anti_malware/
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • right, have done steps 1-3 just trying to run a full scan now, managed to run a quick scan which showed 2 trojans which it is supposed to have got rid of just got to wait for the full one to hopefully run. have also deleted mbam and downloaded a new one. so fingers crossed for now
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.