1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HELP!!! virus

Discussion in 'Windows - Virus and spyware problems' started by jimbo92, May 30, 2007.

  1. jimbo92

    jimbo92 Regular member

    Joined:
    Jul 22, 2006
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    26
    hey all,

    i accidentally downloaded a virus yesterday whilst trying to get hold of a code for Norton, i would usually spot if something looked dodgy but i guess i wasn't paying much attention. anyway...a message came up from Norton Anti-Virus warning me that it has detected a virus but it wouldn't let me delete it.

    i have look around loads of forums trying to do whatever i can but nothing has worked.

    i cant see my desktop neither the task-bar. i think i have found the location of the files that are causing these problems. in my c:\program files there is a folder which was created on the 29/05/07 (yesterday, when i got the virus, at about the same time as i visited the website it came from) inside it there are files with the extension .dll along with others. The name of the folder is 'CA' which i don't recognize to be anything i have installed.

    after trying everything else i have seen on the internet, including numerous virus scans with Norton, AVG and others,

    i tried deleting the files, but an error message appears telling me something like ''error: cannot delete file, access is denied'' and ''it is being used by another program'' and i don't have any programs running so?!?!?

    Is there any danger because i have deleted some of the files, that the virus will now totally destroy my computer?

    How can i get rid of the Virus?


    (I am using Windows XP home edition and I am the only person to use the computer.)
     
  2. bluecoal

    bluecoal Guest

    (Easiest way, if system restore is enabled, would be to restore to a point before download, and then hunt and delete files. First hunt technique in that scenario would be to just check files created yesterday. Be sure to show hidden files before hunting.)

    Hi,
    Thanks for stopping by.

    Don’t know without more information, but this is one possibility:

    a)This link shows links where you can download HijackThis:
    http://www.spywareinfo.com/~merijn/programs.php
    Get that program.

    b)This link has instructions for a tool called vundofix.
    http://www.bleepingcomputer.com/forums/topic18610.html
    Download that tool.

    c)Please download ATF Cleaner by Atribune
    http://www.atribune.org/content/view/25/2/
    Save it to your Desktop for later use.

    c1) We need to temporarily have hidden files and folders visible:
    Click Start > Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm. Click OK.
    You can reverse these steps after the system is cleaned up.

    d)Double-click VundoFix.exe to run it.
    Click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click OK.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

    e)Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Select the first 3 temp file lines.
    Select the temporary internet files line.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    f)Install HijackThis, run it and scan and save a log.

    g) Post the Vundofix log (C:\VundoFix.txt) and the Hijackthis log in your next reply.

    Regards,
    bc
     
    Last edited by a moderator: May 30, 2007
  3. jimbo92

    jimbo92 Regular member

    Joined:
    Jul 22, 2006
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    26
    hey thanks, the Vundofix worked right away

    thanks for your help
     
    Last edited: May 30, 2007

Share This Page