07 Sep 10
If you ran an AV in safe mode in XP and it says (Superantispyware and Trojan hunter in this case) it found XYZ trojan and the like and it says you need to reboot to complete the removal, will it complete the job if you reboot back into safe mode or do you need to reboot into normal windows to complete the job?
07 Sep 10
Originally posted by darvlayIt was, I thought, a simple question about the operation of anti virus stuff, not the origin of the problem. Since you asked, the problem seems to have come from facebook and myspace, I have both, for instance, facebook has a new trojan that says something like 'hi, my name is Donnie and I want to be your friend' but it's not really Donnie, its a link to a nasty scumware. Its called koobface something like that. So I ran in safe mode but after it clears most of the junk they say to reboot to finish. The only thing I need is to know if I have to reboot normally or can I reboot into safe mode to finish the job.
Good Loard. How do you end up with so many problems on your compooper?
07 Sep 10
Originally posted by sonhouseIt really WAS Donnie, you know.
It was, I thought, a simple question about the operation of anti virus stuff, not the origin of the problem. Since you asked, the problem seems to have come from facebook and myspace, I have both, for instance, facebook has a new trojan that says something like 'hi, my name is Donnie and I want to be your friend' but it's not really Donnie, its a link to a ...[text shortened]... eed is to know if I have to reboot normally or can I reboot into safe mode to finish the job.
P-
08 Sep 10
2 edits
Originally posted by jimslyp69No tissy this time. I was in the middle of typing a response just a minute ago and got hit with a redirect. I thought I had it but using trojan hunter, antimalware, and superantispyware, all in safe mode, rebooting, etc., I still have this one leftover bastid.
Is this another thread where Sonhouse asks an IT related question in the GF, gets flamed and then has a hissy fit?
De ja vu!
I would hazard a guess that you would reboot back into normal mode. But I know fa. It all depends on what AV you're running and a lot of other things.
It comes out as a window claiming to be MS security essentials alert but of course if it was really from MS, you could X it out or close it but it has three features, it won't X out, has a close button but that does nothing, and it stops the task manager from coming up, well, four counting the fact it won't let you go to ANY site.
I am typing this on my wife's machine, it wasn't hit because we mostly use this comp for graphics. So I am off to goog what the heck MS Security essentials alert is, see if there is a manual kill from Regedit. Anyone with an idea would be helpful. Right now I can't download squat because of the redirect. To add insult to injury, it actually SAYS redirect. Just so you know.
One consolation prize, in safe mode you can X it out. It still won't let you go to anything, like home page. It sucks big wieners actually.
08 Sep 10
1 edit
Well, this one sucks a lot worse than I first thought. I loaded hijack this and once found a reference to what a techie site said was in the registry, showed up on the hijack this log but disappeared. It's not in the log now. The instructions say to download 'RKill' which stops the trojan from running long enough for malwarebytes to kill it permanently.
As it is, I can't download anything, or get FF or IE to run. (And I am in safe mode!) So I went to the other computer and tried downloading Rkill there and loading it on a thumb.
Put that in the other comp and tried to open it, but this dam trojan gets there first and kills Rkill from running also.
I tried to get Word to run so I could at least print the hijack this log. The only thing that would open was Excel for some reason. But printing it out cut off the edge of the lines so I couldn't read it and trying to read it from Excel itself, the scrolling was so slow it took several minutes to go from top to bottom.
Presumably because this virus or whatever is using so much CPU time nothing else can get a word in edgewise, so to speak🙂 Can't load the task manager to see. This is beginning to sound like HD format time.
08 Sep 10
1 edit
Originally posted by sonhouseI recommend you back up the registry entries up before doing below.
Well, this one sucks a lot worse than I first thought. I loaded hijack this and once found a reference to what a techie site said was in the registry, showed up on the hijack this log but disappeared. It's not in the log now. The instructions say to download 'RKill' which stops the trojan from running long enough for malwarebytes to kill it permanently.
As peak🙂 Can't load the task manager to see. This is beginning to sound like HD format time.
If you can identify what process is causing the problem (in Task Manager), go to these paths in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
You might then be able to remove the offending value causing the problem. After a reboot, it shouldn't start up any more.
08 Sep 10
Originally posted by lauseyI went there, only found one entry listed in the instructions to kill it, I did but that wasn't the one apparently. Rkill is supposed to stop it from running which will allow malwarebytes to work on it, malwarebytes won't kill it when it's actively running. I am going to try another tact, using a thumb drive with malwarebytes loaded on it and run from there, I'll see if that helps.
I recommend you back up the registry entries up before doing below.
If you can identify what process is causing the problem (in Task Manager), go to these paths in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
You might then be able to remove the offending value causing the problem. After a reboot, it shouldn't start up any more.
It appears if I restart in safe mode, and don't open something that cues up this virus, I can run malwarebytes, I know I was able to run trojan hunter that way. TH does not kill it however. I am running malwarebytes right now, which shows at least that it can run, so far anyway, but not expecting much.
The instructions to kill it in registry all were in HKEY_CURRENT_USER\software area
but so far have not found the right one to delete.
08 Sep 10
Originally posted by sonhouseJust keep deleting them. Seems you know what your doing.
I went there, only found one entry listed in the instructions to kill it, I did but that wasn't the one apparently. Rkill is supposed to stop it from running which will allow malwarebytes to work on it, malwarebytes won't kill it when it's actively running. I am going to try another tact, using a thumb drive with malwarebytes loaded on it and run from there ...[text shortened]... ere in HKEY_CURRENT_USER\software area
but so far have not found the right one to delete.
P-
08 Sep 10
1 edit
Originally posted by sonhouseRun in normal set up. Go to 'run' in your start menu and type 'services.msc'
You think the same registry entry is being fed back in? Kricky, that sucks.
Let me know what you get..... in a pm, of course.
Also, you need to view this: http://www.technibble.com/rkill-repair-tool-of-the-week/
Cos it aint as bad as u think! Unless you shut something, thinking that RKill was a baddie. Your malware AV is the baddie. Invest in a good runner!
08 Sep 10
4 edits
Originally posted by mikelomOk, will try that when Malwarebytes finishes it's inevitable failure run🙁
Run in normal set up. Go to 'run' in your start menu and type 'services.msc'
Let me know what you get..... in a pm, of course.
Isn't that services list a humungus thing? Is there anything I should be on the lookout for or do you want me to just log the whole thing, if you can do that, not sure if you can, maybe cut and paste?
Are you saying you can't see that list in safe mode? never tried it there.
BTW, you can really see the power of having two computers tied to a data switch, this one takes two scroll lock presses and it switches between the two computers, otherwise I would have to use my amateur radio computer downstairs or the recording computer in the music room, also downstairs.
Well I did a test run on this computer, the only problem there is this one is *ugh* Vista and the other one XP Pro SP3. On this computer there is no 'select all' in the toolbar but there is an 'export' button. Will find out if it's the same on the XP box when MWB finishes. I can see where you are going with this. If I can find a reference to some virus, maybe I can shut it off there and do another anti run.
A buddy of mine who is deep into network apps said the way to kill it is to take the HD to another comp, log it in as secondary, that way this virus isn't actively running, then run an anti on THAT computer from its primary HD. Does that sound like a plan?
That sounds like not quite the same thing as running an anti from a thumb drive, right? I would assume the HD in this case being primary, would still have an active virus which is what is preventing MWB from killing right now. The two are fighting one another and the virus wins I guess. Maybe if you just go into safe mode and don't fire anything up on that HD, the thumb drive anti could do it's thing and nail it, maybe?
08 Sep 10
Originally posted by sonhouseYou know what you see in normal processes run in task mgr. The baddies are generally in Capital letters completely, or misspellt ars*acronyms with a small or CAPS .exe. I believe your anitmalware is infected, to be honest, and would remove it from programs, and then restart. I think if you do that, you can then control what is running in processes from task mgr, and shut down one by one the ones you don't trust. List them. Restart, and if one that runs after you have closed it from auto start, then you have identified the little git.
Ok, will try that when Malwarebytes finishes it's inevitable failure run🙁
Isn't that services list a humungus thing? Is there anything I should be on the lookout for or do you want me to just log the whole thing, if you can do that, not sure if you can, maybe cut and paste?
Are you saying you can't see that list in safe mode? never tried it there.
...[text shortened]... n find a reference to some virus, maybe I can shut it off there and do another anti run.