and the site receives a small commission
XP Security trojan/virus?
- Thread starter Janet S
- Start date
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Sorry to hijack this thread but spookily my friends' netbook has just been infected with this very same blasted virus/trojan. Thankfully I had been reading this thread yesterday and recognised the symptoms!
unfortunately I can't seem to access the safe mode to stop the process - I'm told this is because netbooks run with a cut down version of operating system and that the only option is a fresh install. Naturally the netbook wasn't sold with recovery discs (no disc drive anyway) so any suggestions would be welcome as I'm at the limit of my technical knowledge!
She only uses it for email really and doesn't really do much websurfing other than a few horsey sites so data loss isn't an issue.
Whichever browser I use gets hijacked, Task Manager doesn't seem to be showing any unusual process or files and naturally any attempt at scanning with anything else gets blocked.
I've told her it might be cheaper and a darn sight easier to get a new laptop
unfortunately I can't seem to access the safe mode to stop the process - I'm told this is because netbooks run with a cut down version of operating system and that the only option is a fresh install. Naturally the netbook wasn't sold with recovery discs (no disc drive anyway) so any suggestions would be welcome as I'm at the limit of my technical knowledge!
She only uses it for email really and doesn't really do much websurfing other than a few horsey sites so data loss isn't an issue.
Whichever browser I use gets hijacked, Task Manager doesn't seem to be showing any unusual process or files and naturally any attempt at scanning with anything else gets blocked.
I've told her it might be cheaper and a darn sight easier to get a new laptop
- Messages
- 9,438
- Name
- Andy
- Edit My Images
- Yes
Download hijackthis from: http://free.antivirus.com/hijackthis/ and run it and post the log here.
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
That was my next plan but I thought I read earlier in the thread that you needed to stop the process first or the virus would just block anything I tried - or have I got hold of the wrong end of the stick?
- Messages
- 9,438
- Name
- Andy
- Edit My Images
- Yes
Also, you can see what is starting up using the sysinternals autorun program. http://technet.microsoft.com/en-us/sysinternals/bb963902
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
- Messages
- 9,438
- Name
- Andy
- Edit My Images
- Yes
If it is the <OS> Security Tool 2011 virus, see: http://www.virusremovalguru.com/?p=6844#manual
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Hi Andy
The first thing I tried was the system restore (having read your comments in the thread) but unfortunately this had either been turned off when she originally had the netbook or the virus had somehow turned if off? Not sure if that is part of the way it works?
The first thing I tried was the system restore (having read your comments in the thread
) but unfortunately this had either been turned off when she originally had the netbook or the virus had somehow turned if off? Not sure if that is part of the way it works?
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Andy (or anyone else!)
On my own XP machine and my Win 7 laptop) I run AVAST, Zone Alarm and Win Patrol. Am I right in thinking Win Patrol does the same as Malawarebytes re blocking anything making changes to the registry/system etc? or should I install MWB in place of or as well as Win Patrol, or would that cause conflict? Also is the free MWB enough or is it better to go for the paid version? Sorry for all the questions!
On my own XP machine and my Win 7 laptop) I run AVAST, Zone Alarm and Win Patrol. Am I right in thinking Win Patrol does the same as Malawarebytes re blocking anything making changes to the registry/system etc? or should I install MWB in place of or as well as Win Patrol, or would that cause conflict? Also is the free MWB enough or is it better to go for the paid version? Sorry for all the questions!
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
I'll be trying anything and everything on my friend's netbook tomorrow evening so I'll let you know! Meanwhile downloaded Malwarebytes onto my own desktop and it found three nasties and got rid of them so that was definitely worth it! Is there any benefit in the full, paid up version over the free one, i.e does it do what it says it does?
Numpty question but what do you mean by portable versions of these programs?
Also I want to swap anti virus on my desktop, currently running AVG and planning to go to Avast as I keep hearing it's better and I'm running it on my laptop with no problem.....any views ?
Numpty question but what do you mean by portable versions of these programs?
Also I want to swap anti virus on my desktop, currently running AVG and planning to go to Avast as I keep hearing it's better and I'm running it on my laptop with no problem.....any views ?
- Messages
- 2,784
- Name
- Derek
- Edit My Images
- Yes
In reverse order.....
Go with Avast, it's much better than AVG now.
Portable versions - they don't need to be installed. They just run from a single exe file (or com file in the case of the SuperAntiSpyware I linked to above). Most of these nasties won't let you install anything, so something that runs directly off a USB stick or similar is very useful.
Malwarebytes is excellent, but quite pricey for the full version that scans in real-time. This is the only difference between the free and paid versions. Avast to look after files, and Malwarebytes Free (manually scan weekly with it) usually does the trick.
Go with Avast, it's much better than AVG now.
Portable versions - they don't need to be installed. They just run from a single exe file (or com file in the case of the SuperAntiSpyware I linked to above). Most of these nasties won't let you install anything, so something that runs directly off a USB stick or similar is very useful.
Malwarebytes is excellent, but quite pricey for the full version that scans in real-time. This is the only difference between the free and paid versions. Avast to look after files, and Malwarebytes Free (manually scan weekly with it) usually does the trick.
Last edited:
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Thanks guys! got the portable version of Superantispyware and all the other stuff on USB drive now ready to bash the laptop and will change my desktop to avast tonight!
Thanks for the all the advice, I'll let you know how I get on.......fingers crossed !
Thanks for the all the advice, I'll let you know how I get on.......fingers crossed !
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Well started on the netbook and first thing is superantispyware is zooming thru and found 217 ranging from some very nasty nasties to general pain in the butt cookies. Still scanning and counting!
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Ok it's finished scanning and there's one item that it has left unchecked which is
Disabled.securityCenterOption
Three registry keys which appear to be Microsoft security center notifications which have been disabled, firewall, antivirus and notifications. I assume I don't want to delete this?
Disabled.securityCenterOption
Three registry keys which appear to be Microsoft security center notifications which have been disabled, firewall, antivirus and notifications. I assume I don't want to delete this?
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Hmm threats removed but I seem unable to access the "add remove program" I want to remove norton and install avast. Her norton has run out anyway.
I get the message windows cannot openthis file. Rundll32.exe
I've not allowed access to the Internet yet as no Av installed
I get the message windows cannot openthis file. Rundll32.exe
I've not allowed access to the Internet yet as no Av installed
- Messages
- 2,784
- Name
- Derek
- Edit My Images
- Yes
I'd install, update and run Malwarebytes now before you do anything else.... you will need to give it net access to update, but don't need to open any browser windows, then restart and see how the add/remove goes. Can you run programs on the laptop? just try a few and see....
There's a Norton Removal Tool you can use to uninstall Norton without using add/remove - probably best use this anyway as it always works 100%, then you can install Avast.
Check the XP system files by going to start > run then typing sfc /scannow in the box... this will take a while, but will check the validity of the system files and replace any corrupted or missing. You might need the CD for this....
There's a Norton Removal Tool you can use to uninstall Norton without using add/remove - probably best use this anyway as it always works 100%, then you can install Avast.
Check the XP system files by going to start > run then typing sfc /scannow in the box... this will take a while, but will check the validity of the system files and replace any corrupted or missing. You might need the CD for this....
Last edited:
- Messages
- 8,025
- Name
- Bazza
- Edit My Images
- Yes
Try Microsoft Security Essentials against Avast. I used to have Avast on my WindowsXP home edition then avast went on to their 2011 version and it didn't work.
Their are also a lot of "false" viruses out their which starts bringing up hundreds of viruses so called and then they say its only their program will fix the problem. This is to get you to buy it, often system restore will put you back on track.
An easy but serious program is System Mechanic which I use occassionally if I land up with problems unable to overcome worth checking out .
You can remove Norton another way here is the walk through
go to- my computer right click - right click on open- right click on local disk (c)-right click on open- look for program files and right click on it-right click on open and you will get a load of boxes come up.
Find Norton and right click and go on the drop down list to delete. That will get rid of Norton for you. You may have to remove the short cut icon on the startup page as well as it is now redundant
Alternatively go to search - files and folders--all files and folders- type in Norton then search. This will bring up everything to do with Norton and delete whats on the list, have to say here you may be prevented from deleting every line so try the method I outlined first.
I don't think you can get rid of Norton without the disc installed and then is -Programs- Norton -uninstall
Norton is a very memory hungry program and can slow a computer right down which is why I recommend
Microsoft Security Essentials
Their are also a lot of "false" viruses out their which starts bringing up hundreds of viruses so called and then they say its only their program will fix the problem. This is to get you to buy it, often system restore will put you back on track.
An easy but serious program is System Mechanic which I use occassionally if I land up with problems unable to overcome worth checking out .
You can remove Norton another way here is the walk through
go to- my computer right click - right click on open- right click on local disk (c)-right click on open- look for program files and right click on it-right click on open and you will get a load of boxes come up.
Find Norton and right click and go on the drop down list to delete. That will get rid of Norton for you. You may have to remove the short cut icon on the startup page as well as it is now redundant
Alternatively go to search - files and folders--all files and folders- type in Norton then search. This will bring up everything to do with Norton and delete whats on the list, have to say here you may be prevented from deleting every line so try the method I outlined first.
I don't think you can get rid of Norton without the disc installed and then is -Programs- Norton -uninstall
Norton is a very memory hungry program and can slow a computer right down which is why I recommend
Microsoft Security Essentials
Last edited:
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Bugger won't run it - get the message windows cannot open this file sfc.exe, windows needs to know what program created it etc etc
Further to this - the netbook seems to be missing something! when you download the programme i.e malwarebyets and you get the setup icon etc its usually a picture (hope that makes sense). When I plug the usb into the netbook the pictures disappear and you get that logo that shows a file isn't associated with any programme (like and excel document without the .xls on the end)
Furthermore on booting up the netbook, it boots up to desktop etc but I get the mssage that windows can't find the eeonlldy.exe file. I've found something on the web to apparently fix a rundll32.exe here
http://www.restoreguard.com/p/file-...Rundll32.exe&gclid=CNTm9YHZ-acCFcod4QodPjPhrg
- is this okay or am I fighting a losing battle ?
Last edited:
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Hi, system restore hadn't been enabled as it's a netbook - that was my first course of action. tried to remove norton your first way but it denies access.
Can't access the control panel - get the message about cannot open file control.exe etc etc.:shrug:
Does MSE run on XP? I thought it was only for Win 7 ?
- Messages
- 8,025
- Name
- Bazza
- Edit My Images
- Yes
Black I didn't say open control panel go to the my computer icon on the startup screen then follow the walk through. This should work, maybe Ididn't make it clear enough.
MSE works on XP professional which is my other computer
Realspeed
MSE works on XP professional which is my other computer
Realspeed
Last edited:
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
Sorry typo with control panel and my computer! I did do it the way you said but it denied access to some of the norton files.
doing a bit of dig around on the net it would seem to fix the rundll32.exe issue (which is most probably causing the other .exe issues) I need the OS disc...........netbook, therefore no disc...........aaargh!
MSE runs on XP.
Also, due to the nature of malware, I would recommend running a couple of other scans as well.
ESET online scanner here:
http://www.eset.com/us/online-scanner
Also, due to the nature of malware, I would recommend running a couple of other scans as well.
ESET online scanner here:
http://www.eset.com/us/online-scanner
- Messages
- 540
- Name
- Sue
- Edit My Images
- Yes
That seemed to work as I could open some of the programmes on the desktop but files onthe usb (i.e malware bytes etc) still seemed unassociated. Tried to download malware from the malwarebyte site and kept getting redirected to some other sites so am giving up for tonight and starting again tomorrow! as I feel like this :bang: and a bit out of my depth.
thanks to all for your help so far! roll on tomorrow
While I'm a little biased here, being a helper at one of the tech forums listed, if you are getting redirects, and messed up file associations it would be best for someone to look over your pc in more detail.
Posting on a specialist forum where a trained helper can look over your computer is usually the best way of making sure all traces of malware are gone. Entirely up to you, but it's free specialist help if you want it.
(On the basis all of these sites offer free help and are all non commercial, pretty sure it's ok to post them - can't see anything in the rules against it.)
The following sites are part of Unite and offer expert help:
http://forums.techguy.org/
http://www.bleepingcomputer.com/forums/
http://www.techsupportforum.com/forums/
http://www.geekstogo.com/forum/
http://forums.whatthetech.com/index.php?act=idx
Posting on a specialist forum where a trained helper can look over your computer is usually the best way of making sure all traces of malware are gone. Entirely up to you, but it's free specialist help if you want it.
(On the basis all of these sites offer free help and are all non commercial, pretty sure it's ok to post them - can't see anything in the rules against it.)
The following sites are part of Unite and offer expert help:
http://forums.techguy.org/
http://www.bleepingcomputer.com/forums/
http://www.techsupportforum.com/forums/
http://www.geekstogo.com/forum/
http://forums.whatthetech.com/index.php?act=idx
- Messages
- 30,364
- Name
- Neil
- Edit My Images
- No
who says there arent professionals here?
- Messages
- 7,842
- Name
- Mike
- Edit My Images
- No
You tell him,Neil........
.......we know what size of hammer to recommend !
.......we know what size of hammer to recommend !
I'm not saying there aren't. But I have yet to see a set of logs for his PC posted, and I've seen enough people end up with wrecked PCs after getting inappropriate help from open forums.
It wasn't a criticism of anyones help here, but it was a perfectly legitimate suggestion, so please don't have a go at me for it.