Expert: Lorry - 9/3/2005

Question
-------------------------
Followup To
Question -
Hi, I was wondering if you could help me with a virus or trojan problem. I'm not sure which it is. I have windows xp pro. I don't know how I really got this virus thing. I found a lot of folders in my music folder. Within these folders contain a .exe. I didn't try to open these because I realized they were some kind of virus. Then I scanned with housecall.trendmicro.com and that got rid of them. But they just keep coming back. So I was wondering if you could help me get rid of them permanently? Thanks.
Answer -
Hi Jacques,

If you are using Windows ME or XP, disable System Restore and then run the virus scan and remove the viruses.

Hope this helps!
Lorry

Hey, sorry I didn't mention to you. I've already tried disabling system restore and ran the virus scan. The thing is that the virus keeps coming back. The files keep appearing again as well.

Answer
Hi Jacques,

Disable System Restore, then go to: http://sarc.com/  Scroll down and click on,"Free Online Virus and Security Check" and run the virus check. Write down exactly anything it finds, then return to: http://sarc.com/  and do a search for what was found. Symantec usually has a removal tool and/or directions for removing manually.

Check for spyware also. Download Ad-Aware® SE Personal Edition, a free program that you can download at:

http://www.lavasoftusa.com/support/download/

Check for updates before running program. Then follow the directions here to do a full scan:

1. In the 'General' window make sure the following are selected with a checkmark and are green:

· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)

2. Click on the 'Scanning' button on the left and select :

· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL's
· Scan my Hosts file
· Under 'Click here to select drives + folders, choose: All of your hard drives.

3. Click on the 'Advanced' button on the left and select:

· Include additional file information
· Include additional object details
· Include environment information

4. Click the 'Tweak' button and select:

Under the 'Scanning Engine' be sure a checkmark is beside:

· Unload recognized processes & modules during scanning
· Scan registry for all users instead of current user only
· Obtain command line of scanned processes

Under the 'Cleaning Engine' be sure a checkmark is beside:

· Automatically try to unregister objects prior to deletion
· Let Windows remove files in use at next reboot
· Always try to unload modules before deletion
· During removal, unload explorer and IE if necessary
· Delete quarantined objects after restoring

5. Click on 'Safety Settings' and select "Write-protect system files after repair (Hosts file, etc)"

6. Click on 'Proceed' to save the settings.

7. Click 'Start' and on the next screen choose 'Activate in-depth Scan' at the bottom of the page and then choose:

· Perform full system scan

8. Close all programs except Ad-Aware.

Click on "Next" in the bottom right corner to start the scan.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted.

After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

When you first open Ad-aware, click "Check for updates now", click Connect, if there any updates available - get them, when done click Next or Finish.

Now click Start, Next and let it run.

When it is done scanning, you will see the Scanning results window, check all of the boxes, then click Next.

The next window will say "X" number of objects will be removed - click OK.

Anything that is removed is quarantined, making the computer safe.

Hope this helps!
Lorry