Need help removing a virus.

[Zinnq]

Long story short I wanted to play runescape again after 1 year, tried downloading the RSBuddy client, downloaded it from the wrong site (orionclient.net), now I have a virus.

This page shows a ton of information on the exe. http://

Stupid me excluded it from Norton future scans (don't ask why).

I did a full scan with Norton and it took like 5 hours. It didn't find anything related to this virus. Then I downloaded Malware Bytes and once again it didn't find anything related to the virus.

I ended a background process called Tramonto which was associated with it, and I deleted a file in my second harddrive that was associated with it. Now I have a startup program that I know is related and the only thing I can do is disable it.

http://imgur.com/a/yWS1O

I tried a system restore and it failed, now I'm stuck and have no idea what to do. I'm 99% sure its a keylogger since it's connected with a RS download.

 

[basroil]

If it's anything but pure ad malware, time to back up and reformat. No sense in risking your security!

 

[Zinnq]

If it's anything but pure ad malware, time to back up and reformat. No sense in risking your security!

What if it's in my second harddrive as well?

 

[Paul NZ]

Get trojan remover update it then scan. Then reboot if it tells you to. Then select all options under the utils menu

 

[Shaun o]

Well you could delete the two files you say are part of the suspected virus Zinnq.

Click on start of windows, then in the search box type regedit.

In windows regedit.

Click on the edit option, and then find.
Type in the name of the file you suspect is part of the virus

Press enter to do a search of windows registry.
If you get a search result, delete the registry key that will currently be hi lighted zinnq.
press the F3 key on the keyboard to continue the search for the file name you typed.
Deleting each registry key the search finds.

Until you reach the end of the windows registry.
What ever file is auto running as part of the virus where you have deleted the registry key will stop running once you re set windows after the changes you have made to windows registry.

That will include if the virus can self replicate, or produce and apply duplicates of the auto run for the file in question.
As a tip your best off doing this if you can to start off with.
With windows running in safe mode.

And editing the windows registry that way.

Also do a search for RS Buddy and delete any registry keys for that if they show up also Zinnq.

The same goes for any anti virus software you may run.
Always run it in safe mode for windows if you can as again it will stop the virus or key logger from replicating when the file is deleted from windows and the windows registry.

 

[Paul NZ]

If its a trojan or something trojan remover can find, it'll delete whatever from the registry

 

[Zinnq]

Well you could delete the two files you say are part of the suspected virus Zinnq.

Click on start of windows, then in the search box type regedit.

In windows regedit.

Click on the edit option, and then find.
Type in the name of the file you suspect is part of the virus

Press enter to do a search of windows registry.
If you get a search result, delete the registry key that will currently be hi lighted zinnq.
press the F3 key on the keyboard to continue the search for the file name you typed.
Deleting each registry key the search finds.

Until you reach the end of the windows registry.
What ever file is auto running as part of the virus where you have deleted the registry key will stop running once you re set windows after the changes you have made to windows registry.

That will include if the virus can self replicate, or produce and apply duplicates of the auto run for the file in question.
As a tip your best off doing this if you can to start off with.
With windows running in safe mode.

And editing the windows registry that way.

Also do a search for RS Buddy and delete any registry keys for that if they show up also Zinnq.

The same goes for any anti virus software you may run.
Always run it in safe mode for windows if you can as again it will stop the virus or key logger from replicating when the file is deleted from windows and the windows registry.

I found the registry and deleted it and that removed it from my startup menu. Is there any way of being sure the virus is gone?

 

[Zinnq]

If its a trojan or something trojan remover can find, it'll delete whatever from the registry

I'm probably just being paranoid, but that website doesn't look right to me.

 

[Paul NZ]

I'm a registered user of it. But if you dont want to use it your loss

 

[basroil]

I found the registry and deleted it and that removed it from my startup menu. Is there any way of being sure the virus is gone?

Not without reformatting!

Seriously, just reformat and don't connect your backup drive until you have proper antivirus installed. After that scan the drive before copying back any files