Expert: Keith Davis - 10/28/2008

Question
QUESTION: a virus has deleted my control panel and task manager and also seems to have effected my norton symantex as it's managed to exclude itself from virus scans by administration approval.
I run complete scan with norton, spybot and adaware, but nothing is touching this. wont even allow me to start in safe mode and keeps displaying system alert and opening lots of IE sessions....any ideas how to remove this without doing a complete re-install of XP?.
please try not to be to techny with reply.
hope you can help...

ANSWER: It is hard to even try and do a fix if we don't know what the name of the infection is or a name of a file that is infected.

If I were guessing it is probably this new worm that is very recent. Microsoft put out patches for numerous operating systems.

It tells about it and offers links to patches in this link http://WindowsSecrets.com/comp/081024

I'm sorry to say that if you already have this worm, it is a little too late for the patch.

The only hope of fixing it without a complete reformat and fresh install of XP is to try and find out a name for what you have. Keep trying to update Spybot and Adaware. They should have at least a detection update for what you have soon.

AVG anti-virus may detect it. It will detect trojans that Norton cannot and is free. Look for the latest version at www.snapfiles.com

Let me know if you find anything out and I will do my best to help further.

Keith

---------- FOLLOW-UP ----------

QUESTION: Ok, here come the dumb questions...sprry in advance.
How do I find this out, where will i get these details.
norton seems to be excluding this from its scans it keeps opening fake messages saying system alert, and has placed the words system alert next to the clock on my desktop. it's has also put 3 icons on my workspace for privacy tools and malware. No take Manager, No Control Panel, No safe mode
I will try the spybot and adaware tonight.
can you suggest any other programes that might get rid of this..
sorry for the dumb questions, but this virus has me very confused.

ANSWER: None of your questions are dumb.

See if you can right click on the icons that were added and see what they say. A name or anything. What are the fake messages saying? Sometimes even the name of the programs are a clue to what type of trojan or malware it is.

Have you tried AVG anti-virus free edition? I am almost certain it will detect whatever you have. I wish I could help you further but I need as many details as you can give me.

One other thing. Go to this link. It has a lot of information and links about removing malware. I helped write a lot of it.

Keep me updated on anything you find out.

Keith

---------- FOLLOW-UP ----------

QUESTION: thanks Keith, but there was no link as you mentioned.
I cannot seem to find the name for this, if you hold over the cursor you get nothing. it's also deleted my windows validation cert, so can't even get any updates down. it's showing in norton as 'dowloader' and it's been ignored by norton at administrators request. i am going to try running registry mechanic tonight, and although i managed to get access to control panel and task manager it's not showing there but as soon as I log out i lose Control Panel and task manager again and have to get to them via regedit.exe
cannot even boot from my XP disk to repair. this is a clever virus and i'm running out of ideas personally.
if you could send me that link I will work through it and hopefully get rid of this.
why do these people do this to home users...argh !!
thanks for your help, really appreciate it.
sorry i'm not giving you much to go on.

Answer
I'm sorry I forgot to add the link. Here it is.
http://forums.majorgeeks.com/showthread.php?t=35407

I could have sworn I put the link in. If the one above doesn't work, go to www.majorgeeks.com go to the search box and type in malware.

Let me know what happens. I want to stay up on all of the latest malware.

Keith