Help! Can't get rid of viruses!

Discussion in 'Windows - Virus and spyware problems' started by 7KiNgPiN7, Dec 26, 2005.

  1. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    Hi, i scanned my computer with the latest versions of ad-aware and avg free edition and they both found viruses in the restore temp folder. I told both programs to delete the files but they couldn't. Avg says it healed all 31 files and that i have to restart the computer. I pressed 'yes' but everytime it never restarts and it freezes. I don't know what to do. Can someone help me please? Thanks. P.S. I also put my hijacktis log file and somebody told me there was only one thing i needed to fix, so i can't do that either.
     
  2. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    hi, yeh as jjssj said ewido is a brillaint program and will find spyware, hijackers,trogans, dialers and loads more its graet and its been graet for me, this is the free trial, after the trial you can still use it the only loss is realtime protection it has all the other features http://www.ewido.net/en/download/ , should clean up a bit.

    oh yeh, make sure you disable system restore for a while start>controll panel>performance and miantanence>system>click systme restore tab and disable it.

    then restart.

    theese will help sort it too.

    ccleaner http://www.ccleaner.com/
    cwshredder http://www.intermute.com/products/cwshredder.html
    ad-aware se http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-...
    spybot s&d http://www.majorgeeks.com/download2471.html
    download, update & run in safemode for the above in this order
    online virus scan http://housecall.trendmicro.com/housecall/start_corp.asp

    thoose are very usefull too,all that is provided by ddp kindly posting it on other threads itll realy help, make sure you do the online virus scan very good.

    theese will help sort it,post back here is still no luck, im sure me and jjssj are more than capable of sorting you out so no worrys ok.
     
    Last edited: Dec 26, 2005
  3. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Just simply shut down the system restore program ( don´t know the name of it in english ). Reboot, and then turn it back on. That´ll kill the viruses that are on older restore points. After this you can´t ofcourse restore your system, but it´ll start making new restore points after you turn it back on. I´m totally sorry for my English, but I hope you understood what I was trying to say =)
     
    Last edited: Dec 26, 2005
  4. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    thanks for all your help. I'll do some of the scans and then get back to you. But i can't get ewido because i use a windows me system.
     
  5. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    By the way, i have some trojans, worms and a couple of generics.
     
  6. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    have you tryed what i told you to try yet?
     
  7. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    @jjssj

    oh i see your sig moves, i couldnt see that in firefox as javascript was disabled, thats a clever sig btw but i prefere theese ones.

    i disagree with you there jjssj when you say you should not use freebeis for anti viurs, i went from bitdefender pro to avg free and escan and ive been much beter.

    ps, this is the only exception as escan and avg free are top programs and are brilaint freebies, i dont think anything else comes close, maybe avast free.
     
    Last edited: Dec 27, 2005
  8. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    i've been using avg on my system & about 100 customers for the past 3yrs.
     
  9. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    yh, i know jjssj but it's only for temporary use because my norton antivirus subscription ran out and now I am thinking about getting ez etrust antivirus as my main antivirus protection; is it good? And by the way, what's wrong with avg free edition? I think it's a great product and finds more than many non-free products.
     
  10. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    AVG free is fine use it all you want,why dont you try trend micros products they are top or kaspersky.

    that is is you want a new anti virus, anyway try what i told you to and then post back.

    i think youll love bitdefender, its got all you need and a excelent anti virus maybe the best.

    i hope it works
     
    Last edited: Dec 28, 2005
  11. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    I done what rav009 said but with no results. They can't be deleted. Escan came up with the most results for me. This is the log file:

    File C:\_RESTORE\TEMP\A0104170.0 tagged as not-a-virus:AdWare.Win32.PowerScan.d. No Action Taken.
    File C:\_RESTORE\TEMP\A0115186.0 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115187.0 infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115188.0 infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115189.0 infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115190.0 infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115191.0 infected by "Trojan-Downloader.Win32.Agent.ro" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115192.CPY infected by "Trojan-Downloader.Win32.Apropo.ag" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115193.CPY infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115194.CPY infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115195.CPY infected by "Trojan-Downloader.Win32.Apropo.ag" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115197.CPY infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115198.CPY infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115199.CPY infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115200.CPY infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115202.0 infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115204.0 infected by "Trojan-Downloader.Win32.IstBar.jm" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115205.0 tagged as not-a-virus:AdWare.Win32.SideFind. No Action Taken.
    File C:\_RESTORE\TEMP\A0115206.0 tagged as not-a-virus:AdWare.Win32.SideFind. No Action Taken.
    File C:\_RESTORE\TEMP\A0115207.0 infected by "Trojan-Downloader.Win32.IstBar.ms" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0115213.CPY tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
    File C:\_RESTORE\TEMP\A0119771.CPY tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
    File C:\_RESTORE\TEMP\A0120837.CPY infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121587.CPY infected by "Trojan.Win32.VB.aad" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121611.CPY infected by "Trojan.Win32.VB.aad" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121612.CPY infected by "Trojan.Win32.VB.aad" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121616.CPY infected by "Trojan.Win32.VB.aad" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121618.CPY infected by "Trojan.Win32.VB.aad" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121619.CPY infected by "Trojan.Win32.VB.aad" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121620.CPY infected by "Trojan.Win32.VB.aad" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121625.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121629.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121630.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121634.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121636.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121637.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121638.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121919.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121923.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121924.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121928.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121930.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121931.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0121932.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0122635.0 infected by "Trojan-Downloader.Win32.IstBar.lu" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0124934.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0124935.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0124939.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0124941.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0124942.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0124943.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0124962.1 infected by "Trojan-Downloader.Win32.IstBar.lu" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0126521.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0126522.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0126526.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0126528.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0126529.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0126530.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0130754.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0130755.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0130759.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0130761.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0130762.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0130763.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0137384.CPY tagged as not-a-virus:AdWare.Win32.Altnet.e. No Action Taken.
    File C:\_RESTORE\TEMP\A0143849.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143850.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143851.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143856.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143858.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143859.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143860.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143863.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143864.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143868.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143870.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143871.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0143872.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0144093.CPY infected by "Trojan-Downloader.Win32.PassAlert.c" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0144100.CPY infected by "Trojan-Downloader.Win32.PassAlert.c" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0144101.CPY infected by "Trojan-Downloader.Win32.PassAlert.c" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0144105.CPY infected by "Trojan-Downloader.Win32.PassAlert.c" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0144107.CPY infected by "Trojan-Downloader.Win32.PassAlert.c" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0144108.CPY infected by "Trojan-Downloader.Win32.PassAlert.c" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0144109.CPY infected by "Trojan-Downloader.Win32.PassAlert.c" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146150.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146154.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146155.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146159.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146161.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146162.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146163.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146632.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146636.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146637.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146641.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146643.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146644.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0146645.CPY infected by "Email-Worm.Win32.VB.an" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0149467.CPY infected by "Trojan-Downloader.Win32.IstBar.ns" Virus. Action Taken: File to be deleted on reboot.
    File C:\_RESTORE\TEMP\A0149468.CPY infected by "Trojan-Downloader.Win32.IstBar.ns" Virus. Action Taken: File to be deleted on reboot.

    I rebooted and they still weren't deleted, as i scanned again with ad-aware to find them still there. I don't know what to do! Please help.
     
  12. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    That's the problem, i can't get ewido, because I use a windows ME system and it's only compatible with windows 2000 or xp. Any other ways?
     
  13. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Start a new thread, where you post a hjt-log. Instructions here ( steps 3 and 4 )http://forums.afterdawn.com/thread_view.cfm/263784.
     
  14. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    i posted a log a couple of days ago and i was told to only fix one line. Shall i do it again and can't i post it here?
     
  15. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Don´t post a new one. Your log is fine. Have you tried to run eScan in safe mode?
     
  16. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    i don't see what the difference is and anyway i can't because i downloaded it on my log in profile of the computer and safe mode only boots in to the first main log in profile of the computer. Are you sure there's no other solutions?
     
  17. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    It could remove those files it says it removes on reboot if you run it in safe mode. Sure we can try something else, but thats what I would do first =) Can´t you save it for the other user, and then run it in safe mode?
     
  18. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    thanks for the comment spertti and i understand what you're saying but can you first post the other options, as i don't prefer to go into safe mode and do this stuff.
     
  19. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
  20. 7KiNgPiN7

    7KiNgPiN7 Regular member

    Joined:
    Dec 10, 2005
    Messages:
    234
    Likes Received:
    0
    Trophy Points:
    26
    which one would you say is the best online scanner out of those, apart from trend micro?
     

Share This Page