Sign in with
Sign up | Sign in
Your question

Can't get rid of a worm!

Last response: in CPUs
Share
January 15, 2007 8:19:10 PM

I was on the internet when my computer said that i had a virus. Then i found out that the virus was spy trooper, a fake anti-spyware remover. I successfully removed that and then my computer was fine. After i restarted my computer, i had more trouble. everything slowed down like hell. i used kaspersky and removed a lot of spyware, adware and some viruses. My computer found 1 virus that it couldn't remove. the name is virus.Worm. VB.an. Kaspersky cannot remove it at all. i need help ASAP.!

More about : rid worm

January 15, 2007 8:35:17 PM

Quote:
I was on the internet when my computer said that i had a virus. Then i found out that the virus was spy trooper, a fake anti-spyware remover. I successfully removed that and then my computer was fine. After i restarted my computer, i had more trouble. everything slowed down like hell. i used kaspersky and removed a lot of spyware, adware and some viruses. My computer found 1 virus that it couldn't remove. the name is virus.Worm. VB.an. Kaspersky cannot remove it at all. i need help ASAP.!


Hope this helps you:
http://www.grisoft.com/doc/112/lng/us/tpl/tpl01
January 15, 2007 8:39:07 PM

Also, try installing Lavasoft's Ad-Aware. it's the best for removing stubborn spywares and malwares
Related resources
January 15, 2007 8:44:35 PM

Quote:
I was on the internet when my computer said that i had a virus. Then i found out that the virus was spy trooper, a fake anti-spyware remover. I successfully removed that and then my computer was fine. After i restarted my computer, i had more trouble. everything slowed down like hell. i used kaspersky and removed a lot of spyware, adware and some viruses. My computer found 1 virus that it couldn't remove. the name is virus.Worm. VB.an. Kaspersky cannot remove it at all. i need help ASAP.!


Once your system is hosed to that level the only way to fix it is with a clean install.
January 15, 2007 8:48:52 PM

Quote:
I was on the internet when my computer said that i had a virus. Then i found out that the virus was spy trooper, a fake anti-spyware remover. I successfully removed that and then my computer was fine. After i restarted my computer, i had more trouble. everything slowed down like hell. i used kaspersky and removed a lot of spyware, adware and some viruses. My computer found 1 virus that it couldn't remove. the name is virus.Worm. VB.an. Kaspersky cannot remove it at all. i need help ASAP.!

Try AVG or avast!....
that's what you get for looking a pr0n without a firewall :lol: 
January 15, 2007 9:01:13 PM

another tip is, going for an online enciclopedia like Norton's of Mcafee and read instructions of HOW TO REMOVE that virus
always try to run your computer in SAFE MODE with no network
and then run the antivirus, and antispyware
do it around 3 times until no virus is detected
if you're unlucky ( kernel or explorer infection ) you will have to reinstall
January 15, 2007 9:03:14 PM

Quote:
I was on the internet when my computer said that i had a virus. Then i found out that the virus was spy trooper, a fake anti-spyware remover. I successfully removed that and then my computer was fine. After i restarted my computer, i had more trouble. everything slowed down like hell. i used kaspersky and removed a lot of spyware, adware and some viruses. My computer found 1 virus that it couldn't remove. the name is virus.Worm. VB.an. Kaspersky cannot remove it at all. i need help ASAP.!


right. you are in the CPU section. go in the software section.
January 15, 2007 9:03:59 PM

I second the Avast suggestion only for the boot time scanner at start up. I have seen it work were many have failed, in removing cooties at the boot up scan before anything can be loaded. Also if you can get ahold of a retail anti-virus disk that is itself bootable and can scan outside of the OS. Some Symantec products used to do it. Also Knoppix has virus tools amongst others great for repairing outside of the windows enviroment.

Worms suck! My turtles had worms once! Once!
January 15, 2007 9:19:13 PM

i tried the ad-aware software but nothings works. Is there any way to delete everything on my computer and start over?
January 15, 2007 10:01:19 PM

If you can borrow another hardisk, install your windows there + zonealarm or any antivirus with anti spyware update it on the internet, then only then you can put your infected hardisk as slave, then you can start cleaning your hardisk. Cleaning virus and spyware must be done on a clean machine to begin with.
January 15, 2007 10:07:36 PM

what cd are you talking about? i have a dell cd which i got when i ordered the computer?
January 15, 2007 10:19:17 PM

Have you tried booting to safe mode without network, disable System Restore and run your antivirus.
January 15, 2007 10:20:31 PM

Quote:
I was on the internet when my computer said that i had a virus. Then i found out that the virus was spy trooper, a fake anti-spyware remover. I successfully removed that and then my computer was fine. After i restarted my computer, i had more trouble. everything slowed down like hell. i used kaspersky and removed a lot of spyware, adware and some viruses. My computer found 1 virus that it couldn't remove. the name is virus.Worm. VB.an. Kaspersky cannot remove it at all. i need help ASAP.!


Well I think this is on the CPU section because you need help ASAP!. Why werent u using NOD32?
Did you try ad-aware? spybot search and destroy?

If after this you dont solve nothing, reinstall windows, is the best you can do.
January 15, 2007 10:27:33 PM

It doesn't look like your installation of windows is going to see clear sky's again, your going to have to reinstall windows.

You should have received a disc with your Dell that is labbeled 'Recovery Disc', When you run this disc it will wipe absolutely everything on your hard-drive and put the normal dell build on, this means your PC will have all the same stuff on it that it did when you first got it.

If you have files that you simply must keep, boot into safe mode by repeatidly hitting F8 while your computer is starting and select safe mode. Then once you are in copy the files you need onto some kind of removable storage.

Put the recovery CD in and restart the computer, you should get prompted to 'press any key to boot of CD', the any key is usually hidden under your keyboard and is green with a leprechaun on it. Once you have booted off the cd the rest of the build should be automatic.

Once the machines rebuilt do a virus scan on the files you saved before restoring them. Make sure next time you install a good Virus scanner and Firewall and possibly get Lavasoft's Ad-Aware SE Personal and Spybot S&D (both are free).

i was joking about the green leprechaun button
January 15, 2007 10:33:14 PM

Quote:
It doesn't look like your installation of windows is going to see clear sky's again, your going to have to reinstall windows.

You should have received a disc with your Dell that is labbeled 'Recovery Disc', When you run this disc it will wipe absolutely everything on your hard-drive and put the normal dell build on, this means your PC will have all the same stuff on it that it did when you first got it.

If you have files that you simply must keep, boot into safe mode by repeatidly hitting F8 while your computer is starting and select safe mode. Then once you are in copy the files you need onto some kind of removable storage.

Put the recovery CD in and restart the computer, you should get prompted to 'press any key to boot of CD', the any key is usually hidden under your keyboard and is green with a leprechaun on it. Once you have booted off the cd the rest of the build should be automatic.

Once the machines rebuilt do a virus scan on the files you saved before restoring them. Make sure next time you install a good Virus scanner and Firewall and possibly get Lavasoft's Ad-Aware SE Personal and Spybot S&D (both are free).

i was joking about the green leprechaun button
Quote:
'press any key to boot of CD', the any key is usually hidden under your keyboard and is green with a leprechaun on it.


;) 
Anonymous
January 15, 2007 10:51:20 PM

You idiots who just say to reformat instead of giving the person some help go to the Disney forums or something cause you aren't useful here. Just cause you are too dumb to try to figure out a Virus or Trojan issue doesn't mean the poster here is.

He is asking for help and ideas to save his data and current OS setup. I know it sucks cause I have had it happen before. It was long ago and I wasn't part of a forum so I lost everything that wasn't backed up.

Now there are so many tools you can download with step by step instructions to remove them.

So please don't spread your laziness or ignorance here.

Thank you.


__________________________________________

Prevention Programs:

SpyBlaster - will prevent spyware from being installed.

Spywareguard - offers realtime protection from spyware installation attempts.

Spyware/Adware - Detection and Removal Programs:

Ad aware - If you suspect that you have spyware installed on your computer, try Ad-Aware SE

Spybot S&D - If you suspect that you have spyware installed on your computer, try Spybot S&D

Free Online Virus scanners:

BitDefender

Panda


hope some of these help
January 15, 2007 11:01:20 PM

Hmmm, Ok? :roll:

But there is always something called Dear Google to save your life :wink:
January 15, 2007 11:12:54 PM

Quote:
You idiots who just say to reformat instead of giving the person some help go to the Disney forums or something cause you aren't useful here. Just cause you are too dumb to try to figure out a Virus or Trojan issue doesn't mean the poster here is.

He is asking for help and ideas to save his data and current OS setup. I know it sucks cause I have had it happen before. It was long ago and I wasn't part of a forum so I lost everything that wasn't backed up.

Now there are so many tools you can download with step by step instructions to remove them i love balls.

So please don't spread your laziness or ignorance here.

Thank you.



hope some of these help



Shut-up before i show you my Pimp hand, not everyone has the time to run fifty fkn programs it's just easier to reformat sometimes and we didnt say reformat was the only option. stop trying to be a hero.
January 15, 2007 11:15:08 PM

5 stars to that :D 
January 15, 2007 11:25:54 PM

The best offense is a good defense with PC's. Once you get a serious virus your either going to waste a heap of productive time (something valuable to me) removing it or you'll spend a heap of productive time finding out that it's not going anywhere.

Get a good virus scanner and firewall, run detection programs regularly, use and alternate web browser, and be carefull what sites you visit. This should reduce your chances of getting in the sh.t.

If you do get a virus, as slim said, google it and find out how serious it is and act on that.
January 15, 2007 11:34:56 PM

If it is an spyware that you have, google it and see how people got rid of it. Thats how I got rid of a stupid spyware that got into my system.

Forums will not always be the best way to get a solution for your problem.
a b à CPUs
January 16, 2007 12:14:21 AM

Quote:
You idiots who just say to reformat instead of giving the person some help go to the Disney forums or something cause you aren't useful here.


I had one of those types of worms once, it was darned near impossible to remove. I actually had to download some tools to do it, some of the tools listed as hazards by my virus scanner. The tools were needed to remove some protected files that most programs can't even see, that were modified by the worm, and rewrite the registry on a fairly massive scale. Windows restore points were even corrupt. Eventually I got the system clean, but could never roll back again. Once the system was working somewhat normally, AVG removed the affected restore points, etc.

And other than not being able to roll back, the system worked normally for several months. But it wasn't worth the effort. Better would have been to save my files to a removable disk, wipe the drive, reinstal everything included antivirus, and scan the saved files to remove contaminants before restoring them.

Once your hard drive is completely "hosed" you can't completely "go back" to the way things were. When this is the case, formatting is the better option.
Anonymous
January 16, 2007 1:10:34 AM

Quote:
Once your hard drive is completely "hosed" you can't completely "go back" to the way things were. When this is the case, formatting is the better option.


Hey if it is toast beyond toast, then possibly yes, a reformat is the way to go. But at the beginning of the post here, some people just said reformat before trying alternatives. Plus trying to fix the issue rather than just wipe and reinstall is part of a learning process. Also you learn a good deal of things to prevent this from happening again or to even fix it faster the next time if it does happen.

Reformatting is the LAST option
January 16, 2007 2:32:34 AM

Well, you have two options here.

1) you may want to pull your drive out of your box and find a friend with a properly protected system. Install your drive in your buddy's system as a slave and have his AV and spyware programmes scan your drive and hopefully remove the invader. This would also be a good way to back up any files you need to keep without also infecting your backups. If the AV and spyware removal stuff doesn't woark, but does prevent infection of your backups you are OK for option 2, which will be your only remaining choice.

2) boot your system from a secure source and format your drive, then reinstall everything from scratch. You can also use your buddy's sytem to format your drive

Any other suggestions are a waste of time and effort. Given that it may not be possible to remove the invader without destroying your data anyways, if option 1 fails, don't waste your time.

And, once you have a clean system again, make sure you install appropriate and current protection before you go surfing again. You should also stop using Internet Explorer as your web browser. Use Netscape, or Mozilla or Firefox instead.
January 16, 2007 2:58:27 AM

When your system is hammered like this the only solution is to rebuild after a recreating the drive partitions.


Good luck
January 16, 2007 3:01:58 AM

Quote:

Hey if it is toast beyond toast, then possibly yes, a reformat is the way to go. But at the beginning of the post here, some people just said reformat before trying alternatives. Plus trying to fix the issue rather than just wipe and reinstall is part of a learning process. Also you learn a good deal of things to prevent this from happening again or to even fix it faster the next time if it does happen.

Reformatting is the LAST option


You are so wrong it isn't funny. I have lots of experience with this exact problem, from my days as a computer consultant.

Reformatting is the second option, and not too long after the first one either.

As much as possible, it is preferrable to try and fix the problem. But the question you neglect to address is "How long is it going to take to fix it, and how much is my time worth?". A second and related question is "What happens if the best efforts I am capable of fail to fix the problem, never mind in a reasonable time frame?". I note that you didn't say a word about pulling the infected drive and instaling it as a slave in a properly protected system and scanning / cleaning it that way.

In my experience, if a system is as seriously compromised as the OP's there is absolutely no point in attempting to "fix" it. Save whatever you can in terms of data files, downloads you know are clean and say sayonara to the rest. Reformat the drive and reinstall everything from scrtatch. One will save lots of aggravation and time that way. And guarantee a clean system.

Your approach guarantees a lot of wasted time and effort, unnecessary aggravation and utterly unacceptable risk of a continued infection.

If you are going to give technical advice, keep your ego and attitude out of it. Your comment calling the other posters whose advice didn't agree with your ideas and I quote "idiots" makes your posts utterly irrelevent.

There's more than one approach to a problem, and time is money.

Your approach is expensive, does not guarantee success and a clean system as a result and you don't even raise the issue of backing up files. Some expert advisor you are.
January 16, 2007 10:26:38 PM

Nothing ambiguous about virus / malware removal.

Either your anti-virus /spyware /malware software gets rid of it completely and relatively quickly or you reformat and reinstall.

It is important to remember that many of the current viruses, trojans and other malware out there include sub-routines to either disable protective software completely or have mechanisms to bypass it. And if your system is infected by something that has such a feature before your particular manufacturer of Anti-virus etc software has a detector and fix for the problem, downloading the fix after the fact will not help.

In such a case, you can do one of two things: first, pull the infected drive and connect it to another machine that is more current than yours, scan it and hope the invader(s) are removed successfully. If this fails, on to option 2: second, back up any files you need / want to keep, ensuring they aren't infected and then reformat the drive and reinstall everything. Anything else is both a waste of time and socially irresponsible.

Seperate partitions for assorted classes of applications and data files become increasingly attractive.

In today's environment of botnets consisting of multiple compromised zombie systems, you as an individual have a duty to the rest of the community to protect your system and use appropriate remedial measures when your system gets compromised. Note that in many cases, your system was compromised by a zombie in a botnet.
January 17, 2007 2:56:19 PM

Removing a virus or other malware is conceptually simple. Nothing ambiguous about it.

If you are running appropriate software that is curent you will be able to deal with the problem quickly and easily, assuming that the malware you are trying to deal with hasn't disabled your software.

If the malware has disabled your protective software, you can do one of three things:

Before doing any thing, make sure that you have backed up or are able to back up your data etc.

1) pull the drive(s) and attachthem to another machine with more current capabilities and scanm your drive and hopefully clean it up.

2) gather information about the malware and attempt to remove it manually. This can be a very difficult and tedious process. And, if like the SONY/BMG rootkit software, the malware makes itself invisible to the standard tools in Windows, you wont be able to find and remove it. It may be possible to find tools on the web to deal with something like this, but odds of success are very low. If you have the time and tools to use this approach, fine. But it is useful to remeber that this is one of those, to quote Yoda, "Do, Not Do! there is no Try!" situations.

3) reformat the drive and reinstall. Works every time to get rid of the garbage.

So, where exactly is the ambiguity here? Perhaps you should explain how you define ambiguous and ambiguity first.
January 17, 2007 5:46:41 PM

I love it when people attempt to intimidate and bully other posters by using specific medical terms. Usually incorrectly to boot. As you have done.

The full term you are using when you say I am "anal" is "anally retentive". This has a specific meaning and application to certain behaviours and approaches to life situations. Given that I have siblings who are doctors and sociologists, you can be sure that I know what the term means and how it really applies. And, bucko, you don't have it right. Stop trying to intimidate andd bully me because I show that both your terminology and approach to the problem the OP has asked for help with is incorrect and inadequate.

In any case, removing any kind of malware (virus, trojan, spyware, you name it) is a technical prpocess that involves a limited number of steps and proceedures, none of which are especially obscure. It is a cold, hard fact that the steps should be done in a particular order and that if all the "easy" steps fail, the only option is a format and re-install. In some very extreme cases where the MBR on a hard disk has been compromised, it becomes necessary to delete partitions and restart installation by re-creating partitions, and then formatting the new partitions and then re-installing the OS, apps etc.

The only real question here is how much time and effort it is reasonable and appropriate to spend on the manual clean-up process by scanning all directories on the hard dive(s) and manually editing the registry. While making sure that assorted files are backed up as required. The majority of the population doesn't have the expertise to edit the registry and even relatively small errors in doing so will render the system unbootable, making a reformat and reinstall the only viable option. Funny how we keep cooming back to that option.

And, as I noted earlier, some malware does a very good job of hiding itself and the odds of either discovering it or finding appropriate tools to remove it are very low. The only reason the Sony/BMG issue came out was a fluke. I wonder on what basis you are assuming in this day and age that there aren't many more of the same sort of malware out there. And how you propose to deal with a problem you can't see. And if you can't see it, it will still be there after you have "finished" manually cleaning your system. Not what I would call a successful or desireable conclusion.

"Anal" indeeed.
January 26, 2007 12:30:28 AM

Uh Huh.

Whatever you say.

I have just one question for you:

What is it that you have against the OP that you you are spending so much time and energy attacking me and my experience and the reasonable advice given?

What has the OP done to you to warrant such loathing and consequent misdirection of resources on your part?
January 26, 2007 12:34:48 AM

First off, don't speak down to anyone. Second, if this tirade isn't answering the original question, I'll request a lock.
January 26, 2007 1:07:51 AM

First off, download and install the following programs from download.com:

Spyware Prevention:

Spyware Blaster
Windows Defender

Anti-Virus:

AVG Free

Firewall:

ZoneAlarm

Spyware Removal:

AdAware Personal SE
HijackThis

Browser:

IE7
Firefox 2

Browser Extensions for IE7:

McAfee SiteAdvisor

Browser Extensions for Firefox:

Adblock Plus
Flashblock
FoxyProxy
McAfee SiteAdvisor
NoScript
ShowIP

Secondly, get all Windows updates and all other program updates.

Thirdly, disconnect from the internet and scan for viruses/spyware (repeat until infestation is gone)

Fourthly (if needed), if infestation won't go away, reinstall Windows and start from scratch.

Finally, let this be a lesson to you and all others that one needs to be more wary when surfing the net.
Anonymous
January 26, 2007 1:27:14 AM

Quote:
The full term you are using when you say I am "anal" is "anally retentive".


NO, he had it right. I just think he was politely calling you an A$$
Anonymous
January 26, 2007 1:28:35 AM

Quote:
What is it that you have against the OP that you you are spending so much time and energy attacking me and my experience and the reasonable advice given?


Just the same as you. Attacking everyone else's advice. Don't call the kettle black.
Anonymous
January 26, 2007 1:30:04 AM

Quote:
And if your system is infected by something that has such a feature before your particular manufacturer of Anti-virus etc software has a detector and fix for the problem, downloading the fix after the fact will not help.


Yes another sign of your ignorance and stupidity.
January 26, 2007 2:26:18 AM

Not replying to/commenting you in particular, but as always, too lazy to scroll up...

Here's what I thought. Some posters suggest to attach the drive to other well/better protected pc and have a scan or two. Iv'e done something like that, sometimes it worked, some not.If it didn't work, before you backup everything important and format your hd, I would like to suggest something

Try installing KillProcess and Unlocker. use KillProcess to stop/kill process that's currently running (make sure it's not essential system process).Go to my computer,right click on any hd partition(s), use Unlocker.Unlock each and every instance(s) of possible malware/spyware/virus that are currently running. Scan using latest update antivirus of your choice

But well,as some of you have already posted, may be formatting the hd is the best option, time and economically wise.

Please correct me if I'm wrong/not very accurate,TQ
January 27, 2007 2:02:48 AM

Quote:
Not replying to/commenting you in particular, but as always, too lazy to scroll up...

Here's what I thought. Some posters suggest to attach the drive to other well/better protected pc and have a scan or two. Iv'e done something like that, sometimes it worked, some not.If it didn't work, before you backup everything important and format your hd, I would like to suggest something

Try installing KillProcess and Unlocker. use KillProcess to stop/kill process that's currently running (make sure it's not essential system process).Go to my computer,right click on any hd partition(s), use Unlocker.Unlock each and every instance(s) of possible malware/spyware/virus that are currently running. Scan using latest update antivirus of your choice

But well,as some of you have already posted, may be formatting the hd is the best option, time and economically wise.

Please correct me if I'm wrong/not very accurate,TQ


Good suggestions, but dependant on the specific OS version in use. - I am assuming some flavour of Windows here. You would be amazed at how many people are still running Win 95 out there.

I also think that some sort of root-kit detection software is necessary.
January 27, 2007 2:11:08 AM

Quote:
What is it that you have against the OP that you you are spending so much time and energy attacking me and my experience and the reasonable advice given?


Just the same as you. Attacking everyone else's advice. Don't call the kettle black.

You really should learn to read. It would also be good if you actually remembered what it was that you yourself wrote previously.

Your previous advice was niether complete nor ultimately useful. And, as I recall, you made some extremely intemperate and disparaging remarks about other posters yourself. Speaking of kettles calling pots black.]

And, unlike your "solutions", the progression I outlined will guarantee a clean system.
January 27, 2007 2:49:19 AM

Quote:
First off, download and install the following programs from download.com:

Spyware Prevention:

Spyware Blaster
Windows Defender

Anti-Virus:

AVG Free

What about Kaspersky?

Firewall:

ZoneAlarm

There have been reports that this particular programme has conflicts with XP's firewall and other security features. This may have been fixed in the meantime. You may want to specify the version you are recommending.

Spyware Removal:

AdAware Personal SE
HijackThis

Are these freeware? What about SpyBot SD? A very good package. That not only removes spy/ad-ware, but can be set up to prevent its installation.

Browser:

IE7 This is a joke, right?
Firefox 2

What about Mozilla and Netscape?

Browser Extensions for IE7:

McAfee SiteAdvisor

Browser Extensions for Firefox:

Adblock Plus
Flashblock
FoxyProxy
McAfee SiteAdvisor
NoScript
ShowIP

Secondly, get all Windows updates and all other program updates.

These may not help with an existing infestation, since many malware applications include sub-routines that disable protective features of updates etc if they are already present on the system. I could be wrong. Mind you, this doesn't address the issue of rootkits that are by default hidden from the OS.

Thirdly, disconnect from the internet and scan for viruses/spyware (repeat until infestation is gone)

Good advice, but in the wrong order. In any case, how is one supposed to apply step two without being connected to the web?

Fourthly (if needed), if infestation won't go away, reinstall Windows and start from scratch.

And how exactly will this solve the problem given that re-installing Windows will not actually remove the malware that is already present on the HD? Sormat and reinstall is looking more attractive, assuiming I want a clean system.

Finally, let this be a lesson to you and all others that one needs to be more wary when surfing the net.


Last year, CERT was recommending that one should use any other browser than Internetr Explorer when surfing the web. So far, I have seen nothing to indicater that this advice is no longer valid.
January 27, 2007 3:38:19 AM

I like wizardoz's option. If you know someone with a proper install of, say Norton AV, with fresh updates, that should be able to remove the virus. But it will not undo the damage done, which if this the virus I think, will be considerable and not worth your time to try to repair.

If you get the virus removed, copy off your data and then do a fresh re-install.

A plan b might be to just copy the data off, infected or not, re-install, get some good av, then scan your backed up data before restoring.

Confirm my guess.... Do you have any valid restore points?
January 27, 2007 3:49:10 AM

Quote:
And if your system is infected by something that has such a feature before your particular manufacturer of Anti-virus etc software has a detector and fix for the problem, downloading the fix after the fact will not help.


Yes another sign of your ignorance and stupidity.

Perhaps you could be very kind and explain to the OP (and myself, along with the rest of the good readership here) how downloading an updated fix / upgrade to a protective application that has been de-activated by a previously installed and running piece of malware will actually work.

Just so we are clear on the scenario:

1) I have a set of protective applications, that are as up to date as possiible running in the background full time.

2A) Somehow I get my system infected with malware (of whatever sort) that is able to disable the most current versions of any protective software I am running.

2B) I go to the appropriate manufacturer web-sites and download more recent patch / sigmnature files and attempt to install them.

2C) In order to successfully install the updates, normally the protective software must be running. And, even if it is possible to patch the software when it isn't running, the changes won't take effect until the system is re-booted and the software is actually running.

2D) Even if the system is re-booted with the patches applied, but the malware is still present on the system, it will load itself prior to the protective software - that's how this garbage works- and it will still disable the patched software from doing its job.

3) Given how Windows works and how some malware works, on what basis do you suggest that merely downloading and installing patches is enough to deal with the problem at hand?

4) Can you say: SONY/BMG Rootkit? Can you say: deliberately hidden from ALL tools? Can you say: On what basis do I assume this is the only example of such garbage?

5) Assuming that the previous point rang any bells, perhaps you could be kind enough to expalin the procedure(s) you propose to remove malware that is both hidden from the user at very deep levels and not documented on the web. Keep in mind that the existance of the SONY/BMG Root-Kit became known largely by accident. On what basis do you assume that this was an isolated incident, especially in the context of current DRM and copy-protection efforts and inititives by various groups? Or are you going to claim ignorance of the various, spurious copy-right infringerment law-suites by the RIAA, among others?

Speaking of "Ignorant and Stupid", look who is talking. You may wish to review your assumptions and attitude.
Anonymous
January 27, 2007 4:50:48 AM

Quote:
3) Given how Windows works and how some malware works, on what basis do you suggest that merely downloading and installing patches is enough to deal with the problem at hand?

5) Assuming that the previous point rang any bells, perhaps you could be kind enough to expalin the procedure(s) you propose to remove malware that is both hidden from the user at very deep levels and not documented on the web. Keep in mind that the existance of the SONY/BMG Root-Kit became known largely by accident. On what basis do you assume that this was an isolated incident, especially in the context of current DRM and copy-protection efforts and inititives by various groups? Or are you going to claim ignorance of the various, spurious copy-right infringerment law-suites by the RIAA, among others?

Speaking of "Ignorant and Stupid", look who is talking. You may wish to review your assumptions and attitude.


Ok, here it is an a small nutshell for you.

There are tools that you can download that make changes to your system after it has been infected and you have a good idea what the problem is. If an anti-virus company didnt have a fix or preventative update yet on its software they may release a stand-alone patch or fix very soon after the threat is known. You can download these and execute some of them from within Windows or you maybe have to boot to a cmd prompt if your system is in really bad condition.

You might even have to print some instructions from thier website and follow them step by step.

These "fixes" we will call them, will run scripts that will make registry changes, delete and replace certain files that may have been compromised.

As I stated in my very first post to this thread, of course Formating and starting fresh is an option. But if this OP has time to do a little web surfing, find out some information, learn a bit about trojan/virus protection it could be a nice learning experience.

Learn from mistakes or mishaps is a great thing and like they say only makes you stronger.

Take this as a learning experience and perhaps a lesson to
1) protect your system better
2) keep up-to-date on all your virus/spyware definitions
3) be cautious of files that you open or programs you install and website that you visit.

I'm not accusing you of any of the above, but these are usually how you get infected.

Also if you read my 1st post on the thread it had some very useful info and links to some good utilities to help the OP out.
January 27, 2007 4:57:43 AM

Quote:
First off, don't speak down to anyone. Second, if this tirade isn't answering the original question, I'll request a lock.


Not that long ago, I worked for a computer consulting shop for about a year and a half. I had many opportunities to deal with virus, worm and other malware infestations on client systems. Indeed, it was quite entertaining, in a bleak sort of way, to observe systems being cyclicly re-infected as Outlook was opened while an infected e-mail message remained in the in-box.

I learned very quickly how to deal with such issues. Not to mention recognizing and removing viruses and worms and other "popular" malware common at the time. And that is before we get into discussions of situations where a system had been infected and data recovery and retention was a huge concern and priority before we got into any discussion of malware removal / system clean-up.

The OP described a serious problem they were experiencing. I posted a reasonable approach and solution, based on both personal and professional experience. I legitimately criticized the approach and commets of thecompukid, who was less than temperate in his remarks about other posters. See also his comments to me. The issue of "ambiguity" raised by StrangeStranger and subsequent remarks he/she made are bogus. There is zero ambuiguity here - either the malware is removed or it isn't. Specific order of / steps in a stage of the process are irrelevent noise.

I am sorry that you feel that I have been "talking down" to people here. That is an incorrect assumption on your part. I have been trying to address the question raised by the OP and give the benefit of my professional experience in the business. Your suggesstion that that my attempts to pass along my own real-world, professional experience is nothing more than a tirade, requireing a lock by the mods is extremely unfortunate.

If the technical and procedural comments I have made were based on anything other than cold, hard facts and reality, based on direct experience do you really believe that:

1) I would have been paid?

2) I would not have been fired for negligence and incompetence?

3) My boss would have told me that the clients I worked with on his behalf had praised my performance and attitude?

Keep the following in mind:

If I had not performed satisfactorily and had sufficient technical and social skills, I would have not been able to:

pay my rent

pay my utilities

pay my bills

eat - as in pay for my groceries

etc.


Mr. Ninja

You and I have had a number of conversations, both public and private. You should have some idea by now of where I stand and who I am. Your use of the term "tirade" to describe my legitimate, technically correct and accurate responses to the OP and selected posters is a gross disappointment. Or are you suggesting that my raising reasonable technical questions and issues, based on professional experience, is somehow loathesome enough to be described as "talking down to people" and worthy of having the mods lock the discussion?
January 27, 2007 5:26:48 AM

I am saying that even though you may be correct, you stand the risk of coming off arrogant and flippant. Its important to note that even though you may not mean it, specific word choice can provoke or inflame opinion, especially in a medium which cannot convey tone or facial expressions, hence the emoticons. By no means am I in anyway advocating a shift from being technical or precise, since this is a technical site, but all that I saw was a page of arguments not even touching on the subject at hand. In those cases, I have a responsibility to ask for a lock. There are times when things must be, "nipped in the bud". If the discussion is back on track, I have no reason to call for a lock.
*Shrugs*
Its what I do. I'm not a mod but I've got no problem calling one in if I feel the need to prevent things from getting out of hand.
January 27, 2007 5:31:45 AM

Quote:
3) Given how Windows works and how some malware works, on what basis do you suggest that merely downloading and installing patches is enough to deal with the problem at hand?

5) Assuming that the previous point rang any bells, perhaps you could be kind enough to expalin the procedure(s) you propose to remove malware that is both hidden from the user at very deep levels and not documented on the web. Keep in mind that the existance of the SONY/BMG Root-Kit became known largely by accident. On what basis do you assume that this was an isolated incident, especially in the context of current DRM and copy-protection efforts and inititives by various groups? Or are you going to claim ignorance of the various, spurious copy-right infringerment law-suites by the RIAA, among others?

Speaking of "Ignorant and Stupid", look who is talking. You may wish to review your assumptions and attitude.


Ok, here it is an a small nutshell for you.

There are tools that you can download that make changes to your system after it has been infected and you have a good idea what the problem is. If an anti-virus company didnt have a fix or preventative update yet on its software they may release a stand-alone patch or fix very soon after the threat is known. You can download these and execute some of them from within Windows or you maybe have to boot to a cmd prompt if your system is in really bad condition.

You might even have to print some instructions from thier website and follow them step by step.

These "fixes" we will call them, will run scripts that will make registry changes, delete and replace certain files that may have been compromised.

As I stated in my very first post to this thread, of course Formating and starting fresh is an option. But if this OP has time to do a little web surfing, find out some information, learn a bit about trojan/virus protection it could be a nice learning experience.

Learn from mistakes or mishaps is a great thing and like they say only makes you stronger.

Take this as a learning experience and perhaps a lesson to
1) protect your system better
2) keep up-to-date on all your virus/spyware definitions
3) be cautious of files that you open or programs you install and website that you visit.

I'm not accusing you of any of the above, but these are usually how you get infected.

Also if you read my 1st post on the thread it had some very useful info and links to some good utilities to help the OP out.

Give it a rest, already,

Although the links in your first post may be useful, the contents of that post, and all of your posts prior to the last one, clearly show that you are incapable of either acknowledging or dealing with reality. And even your last post reeks of denial and failure to address legitimate concerns.

Come back when you are ready and able to act as an actual adult.
January 27, 2007 5:36:21 AM

(sigh)... I'm afraid that with all of the yelling and screaming, the OP has given up in disgust and gone elsewhere to ask for advice. Seems to happen a lot on Tom's these days. Too bad.
January 27, 2007 5:38:46 AM

Ehh. True. *Goes to sleep*
January 27, 2007 5:45:29 AM

G'night...
January 27, 2007 6:43:15 AM

What upsets me off the most about the legitimate issue you have raised is that some individuals are either unable or unwilling to acknowledge that their approach / solution to a particular problerm is either incorrect or inadequate.

Almost as bad is the fact that my attempts to address fundamental factual issues and concerns and suggestions re appropriate solutions to the problem the OP raised, based on professional experience, result in hijaking of the thread and my coming accross as some sort of arrogant SOB.

That was neither my intent nor desire. I was just trying to help.

Mea Culpa.

Any suggestions as to how I can improve my performance would be welcomed.

Thank you for your time and assistance.
January 27, 2007 7:10:54 AM

Learn to seek the level of the OP, and give up the aggro... My 2p.
!