|
Posted by Frank Martin on June 7, 2009, 1:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
>
>
>
> | Thanks,
> | I have used "stopZilla", "ADaware", "Spybot search &
> | destroy", "Malwarebytes Anti-malware", MS
> | "malicious-software removal tool", also "CCleaner (with
> reg
> | cleaner)", and other reg cleaners,
>
> | Also I am running the "whatslivern" software.
>
> | This happened once before but with a different Process
> Name,
> | as as I remember I fixed this by ticking and deleting
> one of
> | the lines in the "HiJack This" lists, which was:
> | "F2Reg::system.ini:
> Shell=Explorer.exe\C:\Windows\Config\csrss.exe.
>
>
> | Regards, Frank
>
>
> StopZilla - not that good aanti adware/spyware
> CCleaner - not anti malware.
> Reg Cleaners in general - snake oil
> whatslivern - is a 2007 plagiarised version of Andrew
> Aranoff's Silent Runners and if you
> are going to use such software, use the orginal from the
> real author, Andrew Aranoff,
> which was last updated Dec. '08, revision 59. --
> http://www.silentrunners.org/
>
>
>
> Usually at this point I'd have you post in an expert
> forum. However, in this case, I have
> a gut feeling.
>
> I'd like you to scan your PC using the AntiRootkit utility
> Gmer and to use the McAfee and
> Sophos modules in my Multi AV Scanning Tool.
>
>
> http://www.gmer.net/
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
> or
> http://212.98.39.7/ds/28400/28470/Multi_AV.exe
>
> http://www.pctip.ch/downloads/dl/35905.asp
> or
> http://212.98.39.7/downloads/dl/35905.asp
>
> English:
>
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
>
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default
> folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or
> allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor
> related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start
> Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should
> be executed in Normal Mode.
> This way all the components can be downloaded from each AV
> vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit
> this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download
> the needed files or you can
> download the files and perform a scan in Normal Mode. Once
> you have downloaded the files
> needed for each scanner you want to use, you should reboot
> the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which
> scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe
> Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring
> up a more comprehensive PDF help
> file.
>
>
>
> * * * Please report back your results * * *
>
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Thanks, I installed the Gmer software and ran it and it gave
a screen with 3 lines, though not in red. I no longer have
these (see below).
I downloaded and installed the MULTI_AV software into the
C:\AV_CLS as instructed and this subsequently gave the
coloured DOS-type window with the four sites.
The first one downloaded OK, but the second one, after a
while induced Windows error screens saying "Windows Files
are being replaced with other similar ones" and then the
MULTI_AV software froze up, and I then rebooted the
computer.
On startup the reboot stopped at a black-screen stage and
gave the error message "NTLDR not found" and so I was
locked out.
I then went to a Ghost12 backup and rebooted from the Ghost
disk and recovered the C Drive (only) of 12 April 09. All
my other partitions seem OK. But I seem to have lost all
the results of the Gmer software and any fragments of the
MULTI_AV.
The TCPView software shows the virus has disappeared too,
though this may be too soon to tell.
Perhaps this has fixed the virus?
How can I stop it coming back; this morning when it was
there there were about 200 sites being fed from my computer.
Regards, Frank
| ![[System Process]:0 Virus?](/images/header.jpg)
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map