Hey,
I'm sorry, did I mention anything about HjackThis? I do not even know
what
it is or what it is good for!
However, tell me exactly what logs are required and I can get them for
you,
if that might be of any help.
Let me please clarify. The problem is not standing anymore, I had to do
a
couple of work-arounds that proved successful everytime I had to use
them.
I
managed to remove the virus and had the PC up and running again. My
post
here was just to have some insight on possible ways to regain control
over
registry values, while the virus is still alive.
Thanks
Yahya
:
Please give us a link to the forum thread where you've posted your
HijackThis log for review by an expert.
yba02 wrote:
Guys,
thank you all for the insight.
I use Panda and when it comes to viruses, it vanishes them like H2SO4
(Sulforic Acid.)
But, the problem I have is not how to remove the virus and take over
my
computer again. The problem is how could the virus keep that value
stuck
to
2?
Well, I think I now came to realize that as long as that piece of crap
is
still running in memory, it can make sure that that registry key value
stays
2 all the way through.
Back to AV combo, I won't talk about how other AVs failed, but you
might
go
to
www.pandasecurity.com and try their free online AV engine,
Totalscan.
No
matter what AV you have, you will be stunned!
Regards
yahya
:
Yup - sorry missed the line..
As PART of an overall AV Solution
in first reply.
A
I am sure that Robear took exception to the word: all. Spybot is
a good program and your comment about it being part of an overall AV
solution is good advice; however, it does not get rid of ALL the
"evil things" that the jerks put out there to screw up computers.
You still need a good AV program to run in conjunction with SpyBot.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
Well it did for me..!
All the Stuff that "Norton Online Protection Centre" had
missed and not detected while running permanently.
Guess its a personal choice through experience.
So i still recommend SpybotSD.
As PART of an overall AV Solution.
A.
SpybotSD Gets rid of all.
Hardly.
Andrew wrote:
I Recommend SpybotSD I had the same problems.
Caused by: Spyware and Malware and a Virus..
SpybotSD Gets rid of all.
<snip>
Unexplained computer behavior may be caused by deceptive
software
http://support.microsoft.com/kb/827315
Run a /thorough/ check for hijackware, including posting your
hijackthis log to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v2.0.2
(
http://aumha.org/downloads/hijackthis.exe) is the preferred
tool
to
use (in conjunction with some other utilities). HijackThis will
NOT
fix anything on its own, but it will help you to both identify
and
remove any hijackware/spyware with assistance from an expert.
**Post
your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate
forum
for
review by an expert in such matters, not here.**
If the procedures look too complex - and there is no shame in
admitting this isn't your cup of tea - take the machine to a
local,
reputable and independent (i.e., not BigBoxStoreUSA or Geek
Squad)
computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since
2002
AumHa VSOP & Admin
http://aumha.net
DTS-L
http://dts-l.net/
yba02 wrote:
Most today's viruses operate on placing an autorun.inf file in
whatever drive they could find on a system, plus another
executable
file. Once the
user double clicks a drive letter, the autorun file triggers
the
executable
and the virus detonates.
To protect themselves, they first make sure that the user won't
be
able to
see them. They do so by NAILING the registery key
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
to a value of 2. No matter how you change it, it comes back to
2
once you
refresh the page. This translates in the folder options in
such
a
way that
it is always the radio button "Do not show hidden files and
folders"
clicked. Click the other button, apply, close, open again, and
that
same "Do not show.." button chosen.
How could a virus weld a value to a key and how can I take over
my
stuff again?
Thanks
Yahya