Completely Remove Virus Process

Toggle sidebar Toggle sidebar
Fungalberry

Fungalberry

Distinguished
Feb 27, 2006
224
0
18,680
OK:
I have identified a certain process (NvCpl) as the W32.SpyBot.S Worm.
http://www.liutilities.com/products/wintaskspro/processlibrary/nvcpl/

Now, I'm trying to figure out how to get rid of it. When I disable it in msconfig, or even delete it in Regedit, it starts anyway. Personally, I was a little skeptical about this thing actually being a virus; However, I'm pretty sure it is now, since generally happy programs don't force themselves on you (with the exception of any Dell products...I could write an encyclopedia about all the things that frustrate me about Dell's prebuilt computers). I also experience the spontaneous shut down mentioned in the above article, as well as noticeable performance losses. I wasn't able to fry it with Adaware SE Personal, Spybot Search & Destroy, Hijackthis, or Windows Malicious Software Removal Tool. I would have scanned with Rootkit Remover, but the device won't even install on my computer. If I forgot any important info let me know. :wink: Thanks for all help in advance.
 
D

dokk

Distinguished
Mar 6, 2006
154
0
18,680
Whoa there MR Berry!!! IS NOT,,,,, NVCpl ===== the NVIDIA Control Panel widget /applet for your NVIDIA video card's setup panel.
I am not sure if you CAN delete/remove it manually as I usually use System Mechanic to do it for me,any how it is only a control panel applet...
I cannot believe that Spybot S&D cannot remove it???????
 
Fungalberry

Fungalberry

Distinguished
Feb 27, 2006
224
0
18,680
Whoa there MR Berry!!! IS NOT,,,,, NVCpl ===== the NVIDIA Control Panel widget /applet for your NVIDIA video card's setup panel.
I am not sure if you CAN delete/remove it manually as I usually use System Mechanic to do it for me,any how it is only a control panel applet...
I cannot believe that Spybot S&D cannot remove it???????
Click to expand...

Well, it turns out that NvCpl was a valid nVidia file, and simply represented the task bar nVidia icon. What was keeping it from being disabled was the nVidia Driver Helper Service (nvsvc). Once disabled, I was able to disable NvCpl with no adverse effects. The utility I used to do this was Autorun, a Sysinternals program for monitoring startup programs and such. Which was quite helpful, by the way.

However, my question was valid; it is possible for absolutely any process to be imitated by a malicious one. Seen in the below link is a process very similar to the valid NvCpl, which could be mistaken as safe if not studied prodigiously.

http://www.bleepingcomputer.com/startups/NvCplDaemon-13247.html

What made me think that the safe process on my computer could be adverse was due of the fact that it reinserted itself in the registry after being removed. This is generally done only by viruses, Trojans, and such, which make themselves very hard to remove.

I still experience spontaneous shut down, though. Probably my over clocking or something; it's not important.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom