malware identified but can not remove

  • Thread starter Thread starter Roy
  • Start date Start date
R

Roy

Hi

Firstly thanks a lot for advises. Through various step by step advises I
have succeeded to identify the malwares in the system, rundll and in the
config, via HJT.
However the question remains how to remove them?

After the scan in HJT and going through every single one I know which are
causing me the grief. I selected them and clicked fix. And I was happy that
they were gone. But as it seems they just copied themselves. I have kept them
contained by disabling via the MSCONFIG and via spybot but that is not the
solution. I want them off my laptop.

I tried to go to the individual file through the window explorer and menus
to delete them manually but some are not showing where they supposed to be.
Either they are invisible or I am making some mistakes.

Please help.

Thanks

Roy
 
http://www.spybot.info/en/index.html

You just say "spybot". Above is the link for Spybot Search & Destroy.

To your problem; you can NOT delete files that are being used!
The malware is running, and being used!

Empty Temp internet files, cookies, etc.

Reboot, hit F8, and go into Safe Mode.
Run the scan again, and you will be able to remove them permanently.
 
Roy said:
Hi

Firstly thanks a lot for advises. Through various step by step advises I
have succeeded to identify the malwares in the system, rundll and in the
config, via HJT.
However the question remains how to remove them?

After the scan in HJT and going through every single one I know which are
causing me the grief. I selected them and clicked fix. And I was happy that
they were gone. But as it seems they just copied themselves. I have kept them
contained by disabling via the MSCONFIG and via spybot but that is not the
solution. I want them off my laptop.

I tried to go to the individual file through the window explorer and menus
to delete them manually but some are not showing where they supposed to be.
Either they are invisible or I am making some mistakes.
Click to expand...

Since you didn't tell us what the malware is that you think you've
identified, I can't give you specific removal instructions. Obviously
you have not cleaned it out and you've got something that is respawning.
This is common. Go through these general malware removal steps
systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
- download site

The site is in German but David's tool is in English so don't let that
worry you. Scroll all the way down to almost the bottom of the page and
you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
You'll see "Download von www pctipp.ch" and the live link to download
Multi_AV.

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Not all tools used will work in Vista and you will need to run them
elevated. If you are unable to remove the infection by following the
general steps, register at one of the HijackThis forums as suggested.

Standard disclaimer: I can't see and test your computer myself, so these
are just suggestions based on many years of being a professional
computer tech; suggestions based on what you've written. You should not
take my suggestions as a definitive diagnosis. If you can't do the work
yourself (and there is no shame in admitting this isn't your cup of
tea), take the machine to a professional computer repair shop (not your
local equivalent of BigComputerStore/GeekSquad). Please be aware that
not all local shops are skilled at removing malware and even if they
are, your computer may be so infested that Windows will need to be
clean-installed. If possible, have all your data backed up before you
take the machine into a shop.


Malke
 
In Folder Options>View make sure everything that enables you to see all
files is checked or unchecked as required.
 
Frank said:
Alias wrote:


...lying SPAMMING bigoted linux troll.
No more SPAM!
Frank
Click to expand...

How is he lying Frankie Boy? Roy says he has malware on his Vista box. Vista
fanboys claim that Vista is secure and its new security features will
protect ones computer from malware. Obviously both notions can't be
correct. Others have replied on how to remove malware from Vista. The liar
around here and the village idiot is YOU Frankie Boy. Do tell Roy how to
get rid of that malware if you're such a Vista expert, rather than calling
Alias a liar. This newsgroup is here to help people and you are simply a
troll.

Cheers.

--
Frank's Brain Activity Plotted (watch the red line):
http://i68.photobucket.com/albums/i4/Astronomy2/PreformanceMonitor.jpg

AlexB: "If it is Business or Ultimate open Command Prompt as administrator
and type lusrmgr.msc."
^^^^^
I must say the developers at Microsoft do have a sense of humour.
 
NoStop said:
How is he lying Frankie Boy? Roy says he has malware on his Vista box. Vista
fanboys claim that Vista is secure and its new security features will
protect ones computer from malware. Obviously both notions can't be
correct. Others have replied on how to remove malware from Vista. The liar
around here and the village idiot is YOU Frankie Boy. Do tell Roy how to
get rid of that malware if you're such a Vista expert, rather than calling
Alias a liar. This newsgroup is here to help people and you are simply a
troll.

Cheers.
Click to expand...

Frank can't help himself. He sees my name, doesn't read what I wrote and
posts his usual troll crap. Frank has never helped anyone here because,
well, he isn't capable of anything but lies, insults, profanity and bluster.

Alias
 
Alias said:
Frank can't help himself. He sees my name, doesn't read what I wrote and
posts his usual troll crap. Frank has never helped anyone here because,
well, he isn't capable of anything but lies, insults, profanity and
bluster.

Alias
Click to expand...

Still having to lie I see.
Figures!
Loser.
Frank
 
Alias said:
I'm not hiding. Oops.



To figure and Frank is an oxymoron.



What have I lost, troll?

Alias
Click to expand...

You have lost any and all semblance of any good karma you ever had or
hoped to have because of your classless, clueless arrogant lying,
trolling, spamming and bigoted postings.
Now try lying your way out of those truths you ignorant sorry sack of
sh*t for a human being!
That is what you've lost you idiot.
Frank
 
Roy said:
Hi

Firstly thanks a lot for advises. Through various step by step advises I
have succeeded to identify the malwares in the system, rundll and in the
config, via HJT.
However the question remains how to remove them?

After the scan in HJT and going through every single one I know which are
causing me the grief. I selected them and clicked fix. And I was happy
that
they were gone. But as it seems they just copied themselves. I have kept
them
contained by disabling via the MSCONFIG and via spybot but that is not the
solution. I want them off my laptop.

I tried to go to the individual file through the window explorer and menus
to delete them manually but some are not showing where they supposed to
be.
Either they are invisible or I am making some mistakes.

Please help.

Thanks

Roy
Click to expand...
 
My policy is not to use any 3-rd party anti-malware except Spybot S&D.
Windows Vista offers sufficient protection against malicious software
writers some of them I am sure watch this forum very carefully.

Download Microsoft Windows Baseline Security Analyzer. It is Beta 2.1 for
Vista and I think it is safe to download. Run it.

<http://www.microsoft.com/downloads/...AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en>

It will give you all your vulnerabilities, especially in your firewall
settings. You should read the report and if it suggests any changes, you
should consider them.
Your Windows firewall setting will be analyzed.

Download Microsoft® Windows® Malicious Software Removal Tool (KB890830). It
will want to run upon install. Choose the FULL scan although it may give you
a threatening message that it might take a few hours. It will scan your
entire computer in about half an hour or less if you do not have a lot of
stuff in it.

<http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en>

Some reassuring information: Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/default.mspx>
The Microsoft Windows Malicious Software Removal Tool helps remove specific,
prevalent malicious software from computers that are running Windows Vista,
Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/?kbid=890830

You can also go to Protection Center (Microsoft)
<http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt>
and click "Protection Scan." There will be a dropdown menu and a button:
"Launch Full Scan or Vista." You can do it if you wish.

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees. You may be asked
for donations but it is up to you. It is very up to date and every week you
will have to download new updates, sometimes even more often. You should
check for updates every time you run it. It will give you all su*kers
leached into your registry and ask you if you wanted to remove them. Many of
them have masqueraded themselves under MS Windows names like
Windows.something. Do not hesitate to kill them all. You can trust SB S&D.

http://www.spybot.info/en/index.html

It also allows you to IMMUNIZE your system. It means that when you go to a
website and they try to download some kind of a Trojan to you SB S&D will
either kill it silently, or ask you if you want to do it or will kill it and
give you a notice. It is better to let it kill them all in silence.

Listen to Mark Russinovich's (MS) webcast: Advanced Malware Cleaning

<http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359>

Downloading any 3-rd party "free" anti-spyware program is an invitation for
disaster.

The AV (antivirus industry) is on the way to the cemetery:
The slow death of AV technology
http://www.theregister.co.uk/2007/06/08/death_of_av/
Vista did it in.
 
AlexB said:
My policy is not to use any 3-rd party anti-malware except Spybot S&D.
Windows Vista offers sufficient protection against malicious software
writers some of them I am sure watch this forum very carefully.
Click to expand...
More bullshit from a right-wing paranoid lunatic. WTF would malware writers
watch this group of misfits who haven't figured out how to tie their own
shoes yet? What could they possibly learn from the likes of you or others
having problems running Solitaire and Minesweeper? Geez, talk about feeling
self-important. And why do so many around here report having problems with
malware in Vista if it's so damn secure?
Download Microsoft Windows Baseline Security Analyzer. It is Beta 2.1 for
Vista and I think it is safe to download. Run it.
Click to expand...
Are you sure it's safe to download? I mean, really sure? Probably written by
some communists.
It will give you all your vulnerabilities, especially in your firewall
settings. You should read the report and if it suggests any changes, you
should consider them.
Your Windows firewall setting will be analyzed.
Click to expand...
Gawd, all a firewall does is block ports. That needs to be analyzed?
Download Microsoft® Windows® Malicious Software Removal Tool (KB890830).
It will want to run upon install. Choose the FULL scan although it may
give you a threatening message that it might take a few hours. It will
scan your entire computer in about half an hour or less if you do not have
a lot of stuff in it.
Click to expand...
Like more than Solitaire and Minesweeper?
Some reassuring information: Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/default.mspx>
The Microsoft Windows Malicious Software Removal Tool helps remove
specific, prevalent malicious software from computers that are running
Windows Vista, Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/?kbid=890830
Click to expand...
Why would this stuff need to be removed if Vista is MickeyMouse's most
secure o/s ever?
You can also go to Protection Center (Microsoft)
<http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt>
and click "Protection Scan." There will be a dropdown menu and a button:
"Launch Full Scan or Vista." You can do it if you wish.
ditto

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees. You may be asked
for donations but it is up to you. It is very up to date and every week
you will have to download new updates, sometimes even more often.
Click to expand...

Pretty good when one considers that malware is being produced at the rate of
10 new ones an HOUR. Nothing like updates that are a week old.
You
should check for updates every time you run it. It will give you all
su*kers leached into your registry and ask you if you wanted to remove
them. Many of them have masqueraded themselves under MS Windows names like
Windows.something. Do not hesitate to kill them all. You can trust SB S&D.
Click to expand...
Are you really sure? Where's your paranoia? Maybe there's a communist under
your bed?
http://www.spybot.info/en/index.html

It also allows you to IMMUNIZE your system. It means that when you go to a
website and they try to download some kind of a Trojan to you SB S&D will
either kill it silently, or ask you if you want to do it or will kill it
and give you a notice. It is better to let it kill them all in silence.
Click to expand...
More bullshit. IMMUNIZE your system, indeed.
Listen to Mark Russinovich's (MS) webcast: Advanced Malware Cleaning
Click to expand...
Why? Just move on to a SECURE o/s rather than put up with this bullshit.
<http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359>

Downloading any 3-rd party "free" anti-spyware program is an invitation
for disaster.
Click to expand...
Oh, finally, there's your paranoia showing. Sure, only shit you have to pay
for is any good. You sure are sucked into the American-way, called:
marketing.
The AV (antivirus industry) is on the way to the cemetery:
The slow death of AV technology
http://www.theregister.co.uk/2007/06/08/death_of_av/
Vista did it in.
Click to expand...
Hehehe. You been smoking dope again? What a top posting moron.


Cheers.

--
Frank's Brain Activity Plotted (watch the red line):
http://i68.photobucket.com/albums/i4/Astronomy2/PreformanceMonitor.jpg

AlexB: "If it is Business or Ultimate open Command Prompt as administrator
and type lusrmgr.msc."
^^^^^
I must say the developers at Microsoft do have a sense of humour.
 
Frank said:
You have lost any and all semblance of any good karma you ever had or
hoped to have because of your classless, clueless arrogant lying,
trolling, spamming and bigoted postings.
Now try lying your way out of those truths you ignorant sorry sack of
sh*t for a human being!
That is what you've lost you idiot.
Frank
Click to expand...

Projection will get you nowhere with me, Frank. I see through like I see
through the water that runs down my drain. So does everyone else.

Alias
 
Alias said:
Projection will get you nowhere with me, Frank. I see through like I see
through the water that runs down my drain. So does everyone else.

Alias
Click to expand...

hehehe...thanks for once again proving my point to all the ng...LOL!
What a fool you are.
Frank
 
Back
Top