I have ESET NOD32... it's been bulletproof, until this happened. Here's what happened:


I rarely bring my laptop to work, but last week I brought it in and plugged it into the ethernet cable. I have 2 profiles on my laptop... one for when I just log on to the laptop itself, and another for when I lof on to the network at the store. In this instance, I ONLY plugged in the ethernet cable and logged on to my local profile, not the network.
As soon as I did this, this virus alert came up:
http://i82.photobucket.com/albums/j271/dreamweaver10/Stupid%20PIcs/ESETAlerts.jpg
The "Clean" function button is not activated, so I cannot clean it. When I click the "Delete" function it returns --- "Error in deleting...Try again?"
Nothing works in trying to remove the file or clean it, so it continuously pops up.
My system si starting to bog down now, and most of the time when I reboot, I have to power off and back on again 2 or 3 times because the mouse and keyboard functions are disabled.... somehow it has come back every time so far, but I have a feeling it will simply not be enabled in no time.

I have submitted the problem to ESET's online help. It is taking forever for them to get back to me. They instructed me to go online at their site --- these are the instructions they gave me:

1) Clean up temporary folders and recycle bin.
a. Open a command prompt by clicking 'Start' -> 'All Programs' -> 'Accessories' -> 'Command Prompt'.
b. Type or copy/paste the following command exactly and press 'ENTER':
del /f /q /s %temp% %systemdrive%\recycler
c. Type 'exit' and press 'ENTER'.


2) Boot your system into Safe Mode and run a virus scan.
a. Reboot into Safe Mode using the following instructions from Microsoft:

------------------------------------------------------------------------------
Microsoft Knowledgebase: A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/kb/315222

------------------------------------------------------------------------------
NOTE: The article works for Windows XP and Windows Vista.
b. Click 'Start' -> 'All Programs' -> 'ESET' -> 'ESET Smart Security' or 'ESET NOD32 Antivirus' -> 'ESET NOD32 Antivirus'.
c. Click 'Yes' when prompted to run a scan in Safe Mode.
d. When the scan completes, restart your computer regardless of the results.


3) Use the ESET SysInspector tool to create a log of vital system information.
a. Download ESET SysInspector here:
http://download.eset.com/download/sysinspector/32/ENU/SysInspector.exe
b. When prompted to 'Run' or 'Save', click 'Run'.
c. Click 'Run', 'OK', 'Continue', 'Allow', etc. on any security warnings that appear.
d. Scroll to the bottom of the license agreement and click the 'I Agree' to begin the analysis.
e. Once the analysis is finished, the SysInspector main program window will be displayed. Press CTRL + S to save the log file, then click 'Yes' to confirm.
f. Select the Desktop as the save location.
For Windows XP and earlier: click 'Desktop' on the left, then click 'Save'.
For Windows Vista: Click 'Browse folders', click 'Deskop', then click 'Save'.


4) Reply to this email and attach the SysInspector log you saved from Step 3 above. It will be located on the Desktop, and will have a filename in the following format:
SysInspector-NAME-YYMMDD-HHMM.zip


Once we receive the log file from you, we will analyze it and advise you of the best course of action. If you require further assistance with these steps, please let us know by replying to this e-mail.

I did all of that and have been waiting for a response for over 3 days. I think the company is in Croatia or something, but I can't see that as being a deterrant to a good response. I'm not only getting impatient, but am getting to the point that, if I can't get this resolved soon, I am fearful I might lose my system all together. If anyone has any ideas I would appreciate it.

KJ / Dub / Steve

Wife is on FaceBook... seems there's a You-Tube virus being spread... she got it :clonk:

I talked to her and she said you already had it before you plugged in... she's not familiar with ESET.

ESET is probably the most stable and secure anti virus / anti spyware I have installed on any machine. I have 11 systems running on it right now and, until this happened, it has run flawlessly.

I just jumped through a WHOLE bunch of hoops that their customer care sent me instructions to try to get rid of this thing... it's still there.

Just hoping someone out there has a clue what this thing is. Thanks.

I usually use www.malwarebytes.org free edition, it gets rid of alot of things

I usually use www.malwarebytes.org (http://www.malwarebytes.org) free edition, it gets rid of alot of things

I did that too.. still didn't work :mad:

Steve everything I have read seem to suggest you can go to control panel> add/remove and uninstall this trojan. The caveat is it may leave its installer behind and reinstall itself. Keep in mind trojans are not viruses that infect other programs. They are a program that carrys out instructions and not directly looked for by spyware or anti virus software.

If that doesn't work just do a "system restore" and go back to the day or week before you found the trojan. this doesn't effect any data but will remove any installed software since the restore to date... This again leaves the possibility of the trojan install file still being left on your PC and able to reinstall itself.

Steve everything I have read seem to suggest you can go to control panel> add/remove and uninstall this trojan. The caveat is it may leave its installer behind and reinstall itself. Keep in mind trojans are not viruses that infect other programs. They are a program that carrys out instructions and not directly looked for by spyware or anti virus software.

If that doesn't work just do a "system restore" and go back to the day or week before you found the trojan. this doesn't effect any data but will remove any installed software since the restore to date... This again leaves the possibility of the trojan install file still being left on your PC and able to reinstall itself.

Dennis,

Thanks for the tips, but I had already tried both of those to no avail :sad: - It is not in the control panel add/remove to take out, and I tried a system restore... it remains everpresent.

I have had ESET send me 4 "fixes" --- none of them work... this thing is seemingly immune :mad:

Take a look at this. As a recomendation for the future I would get HijackThis and keep it operational. It has prevented any root keys being dumped into my registry or unwanted crap.

http://icrontic.com/forum/showthread.php?p=693897

Steve...The registry needs to be cleaned also! Try stuff in this link...

http://www.exterminate-it.com/malpedia/remove-ursnif



Kev

The thing I'm concerned about is dumping too many programs onto the laptop that either might conflict with what I already have, or slow the system down. This machine is pretty free and clear of unneeded and unwanted programs, and I would like to keep it that way to the greatest extent possible.

This has been an ongoing headache. I have had either 3 or 4 email conversations with the software company (ESET), and the instructions starting to get redundant. I'm beginning to think there isn't a solution :(. I could post the email communications if anyone thinks they might be able to gleen something from them?

I have used this with good results.

http://www.moosoft.com/

Try this website...they will offer you personalized one on one instructions specific to your system and your problem...and it's free!

http://spywarehammer.com/

The have certified Microsoft MVP-Consumer Security professionals there to get you going again. They rock!:thumbsup:

They'll probably have you install a few different programs...but they have a program that will clean all but a few out of your system when you are "clean"...

The others that you still have can simply be uninstalled...

Good luck...and let us know how it goes!

The thing I'm concerned about is dumping too many programs onto the laptop that either might conflict with what I already have, or slow the system down. This machine is pretty free and clear of unneeded and unwanted programs, and I would like to keep it that way to the greatest extent possible.

This has been an ongoing headache. I have had either 3 or 4 email conversations with the software company (ESET), and the instructions starting to get redundant. I'm beginning to think there isn't a solution :(. I could post the email communications if anyone thinks they might be able to gleen something from them?

Steve..the link I posted is INFO not a program. Follow the instructions and edit the registry and remove the lines posted there.
Kev

Format/S

Sometimes, the best thing you can do is to reformat the drive and do a clean reinstall. It is a pain, but it's kinda like tenting your house for termites, at least you know you nuked 'em.

Kelcy wasn't on your computer was he?

l:)l:)l:)l:)

alan

I usually use www.malwarebytes.org (http://www.malwarebytes.org) free edition, it gets rid of alot of things


WORD! It kills ALOT of stuff the others can't touch.

If all else fails, it's time to format and reinstall.

I have had to do this on a couple of client machines where it was more hassle than its worth to track down and kill the infestation.

Still workin' on it:

Tried Malwarebytes... no go
Tried restore point ... no go
I'm not skilled enough to edit the registry... I've read where a lot of bad things can happen when you play there

I've had 5 different email ping pong matches with the support staff... they keep giving me different things to try (Restore and Malwarebytes were tow of them)... gonna run it out 'til the end with them and, when all is said and done:

Try the rest of the suggestions here
Reformat if nothing else works

I was hoping someone here had a magic wand they could wave over my system :p

A Win32 Hack occurs when a Windows OS detects that a Protected OS File or Version has changed. This detection works through the Windows Firewall (DEP) if it's a Net Working (TCIP) Stack File. Other Scanners are Windows Defender, MS Malicious Tool, Ad-Aware and Anti-Virus Programs

SFC (System File Checker) if run on occasions and UpDated can Identify and keep you aware of UpDated Changed, Added and Deleted System files.

VISTA is notorious for Nagging the user and you usually loose your DeskTop until you have replaced the file with the recognized MS Version of the DLL OCX ...whatever.

Personally, I don't care for some MS File Versions that MS designates as Protected because they can be too restrictive or NAG with commercial, patent rights... etc; so I will intentionally do a Win32 Hack - that is Modify a Protect System File or replace it with a GPU version to accomplish what I want my OS to do. Of course the System will recognize the change and complain; so you have to 1/ Disguise the File, 2/ Instruct the System or Scanning Program to accept the file or 3/ Remove the file from the protection List of the program that is complaining. I've came across many MS Certified Files that Windows Defender will reject as a Win32 Hack- I don't load Defender - LOL.

Virus Scanners will identify a legitimate Win32 file as a Hack, Back Door Trojan or Virus ...whatever if the programmers have not included the Updated file in their current DAT Files; in which case, the file has to be designated as an exception in the Program so that it will not conflict with the Operating System - HINT - this works both ways; in other words, what is the purpose of the system you are programming.

I never run Scanners in the back ground and do not use System Restore. I will UpDate my Scanners once a Month at the same time MS Releases System Hot Fixes then Manually Scan the System and run SFC to keep it UpDated (I review the file list and most likely instruct SFC to accept all Changed and Deleted Files). If I have to make a change in the Registry or Modify a System File I will at this Time and make both a Registry and GHOST Image BackUp. A good registry Cleaner like RegVAC is Essential. There are plenty of File Compliers out there and not that difficult to use. Resource Hacker is one of the least damaging tools and can accomplish most of the basic requirements to Modify the version information of a Win32 EXE or DLL.

I've about forgotten when I last run a Windows Installation, Restore or System Over-Write or did a Defrag. I am running the same XP installation when XP was introduced and really don't care if my system crashes for what ever the reason, Corrupt System or Hardware Failure, I can Dump an Image and be up running with in minutes.

Imaging is very useful to protect your Software (Programming) when loading or experimenting with various Trial Programs you may be interested in as you can always dump a clean image and be back to square one if things get out of hand or get corrupted whether or not it's caused by a virus.

MS may consider Disk Imaging a DOS attack to which NTFS and Linux File Systems are NOT Immune - All you have to do is execute the DOS Version (7 or Newer) of Ghost.exe after booting to Command Prompt on a FAT Location (a Bootable Floppy or Optic Disc) and have a Fat Partition Formated to receive the Image - You may not be able to view files on NTFS or a Linux System but the Partitions are recognized and they can be Imaged. You can also Burn the Images to Bootable CD or DVD to reload your system within minutes - Who needs that Nasty Resource Eating MS RESTORE feature that is subject to Attack; after all, I DOS Attack my Win OS once a month in order to protect it ;o)

If you want to learn about Windows, Download and Install mIRC, log onto to Windows#95 Channel on Dalnet Servers and say SafeMode sent you.

I would do a few things

1. go to start then click on run then type "msconfig". Next click on the startup tab and uncheck anything that doesnt have a valid file path or looks bs.

2. Right click on my computer and go to properties. from there go to the system restore tab and disable system restore. some of the really nasty malware out there likes to ride those files because AV programs and adware programs can't delete them.

3. Go to add/remote programs and get rid of anything that was installed around the time you started seeing problems that you dont recognize.

4. Reboot then go google superantisypware and download and install it. Then update and run it doing a complete scan.

5. Delete everything it finds and reboot and run once more.

6. If your operating system comes back up just update your AV and do one last scan and you shoudl be good to go. If you still have problems after that, I would really consider a rebuild of the OS and ghost it afterwards to make sure you have a quick restore point.

7ish... if the OS doesnt come back up then put your install disk in and run a windows repair.

Hope this helps....

Thanks for all the replies everyone! Much appreciated.

Here is the latest "fix" they have for me:

An ESET Customer Care Representative has updated this case with the following information:
Hello,

To clean this threat from your system you will have to boot from a different drive or source. There are three options.

The first would be to boot from the original installation disk and use the Recovery Console. This would be the quickest and would require very little technical knowledge.

The second would be to create a SysRescue disk,

http://kb.eset.eu/esetkb/index?page=content&id=SOLN2103&

and boot from it. This will take a little time as you would have to download and install an application over 1 GB in size, and it requires a good deal of technical savvy.

The final way would be to remove the drive from this computer and "slave" it to another. As that machine will be booting from it's own system and not this one it can then be scanned and cleaned. If another computer weren't available a shop would be an option.

Thank you,
Eset Tech Support


I'm not really an IT guy, but I think I could probably do it with a little coaching. The problem is that this company is somewhere over in Europe and I don't even know how to get technical help on the phone. The first way to fix the problem sounds pretty easy, but it is not very clear to someone (like me) who doesn't understand the "lingo" ---

The first would be to boot from the original installation disk and use the Recovery Console. This would be the quickest and would require very little technical knowledge.

It says to use the recovery console,,, can someone explain exactly what that means and, if it's not too much to ask, how to actually do it?

Here's what my msconfig startup looks like... any suggestions?

http://i82.photobucket.com/albums/j271/dreamweaver10/Computer/Startup.jpg


http://i82.photobucket.com/albums/j271/dreamweaver10/Computer/Startup1.jpg

Before you slave your HDD to another OS you must Run FDisk and temporarily remove the Active feature on whatever partition you have assigned as Bootable (Usually the Primary DOS Partition) or the other PC's Bios will Poll and attempt to boot both OS's and amalgamate the 2 Operating Systems destroying both OS's. There can only be ONE Active Partition on the System. After Scanning the infected Partitions you can return it to your Hardware and run FDisk again to make the Bootable Partition Active before the system will boot.

If you are not concerned about saving the OS, I would make the Disk Inactive and copy all the personal files from it. Bust the HDD with Delpart.EXE and run FDisk to build new Partitions then re-install Windows.

You can disable every non MS Program from the StartUp using MSConfig; however, if you have a virus it most likely will not show up it the StartUp, as the author would have designed it that way.

No Virus Scanner can repair a damaged OS. It can only remove the threat after which you will have to over-write the OS but then if the Registry is too badly damaged the Over Right will not repair the System unless you have access to a known UpDated, None Corrupted Registry and; if not, MS System Restore is also Useless.

Sure makes you curious about Ghost.exe - HUH ;o)

If you want to learn all there is about Windows download and install mIRC, log onto Windows#95 Dalnet Servers - There are incredible Guru's along with MS CRT's in the channel. Very Clean and committed. Just say "SafeMode" sent you.

I'm a Computer Geek (Built a Slot 1 ASUS P3V4X World Bencher running @ 1800MHZ's & Simm Ram) as well as a Camaro Enthusiasts - been there and still doing it - and love to ride at 61:

http://farm4.static.flickr.com/3587/3683846100_7f13a91bb7.jpg
Believe me she's a PIG, hates Modern Fuel and requires constant attention compared to my 600Hp 70Z ;o)

I'm more of a "Survivor / all original" kind of guy... wanna race :D


http://i82.photobucket.com/albums/j271/dreamweaver10/Scooter/Picture001.jpg

Now that's original Spaghetti Vspra and I'm Irish/Dutch - Any Day Man - LOL

I can get her up to about 50, as long as it's downhill with a good tailwind :p

Looking around for sources to remove this virus, I see it is being called the "Michael Jackson Virus"... so keep your son away from the PC till it is fixed. This must mean the virus sneaks in the back door... lol
Below is a very real warning and good advise to keep yourself from going through hell if somebody grabs your personal stuff and goes on a rampage leaving you to pay for it... I'm glad the only virus I ever got was from an ex girlfriend... hence the EX
==============================WARNING============= =================
There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.

Here is the addy for where this info came from... this one also has info on removal...

http://icrontic.com/forum/showthread.php?t=84385
__________________________________________________ ________________________________________________

heres one option that says it can remove it. check it out...

http://www.pctools.com/spyware-doctor/?ref=google_trojans&gclid=CKen0q7kz5sCFSIuagodvjz9Kg
__________________________________________________ ________________________________________________
heres another one...

http://win-32.info/?gclid=CJ_mhrnkz5sCFRxNagodoycXKg
__________________________________________________ ________________________________________________
and for whatever it's worth, this one looks like one of the most detailed, and it has quite a bit of information... ya never know

http://www.exterminate-it.com/malpedia/remove-ursnif

Good luck, this stuff really sucks and removing it can sometimes mean losing everything. That's why you should do backups regularly

Reading all of this you are able to still use your computer like nothing happened at all to it. Why not just take all your files and just transfer them over to a fresh OS. When was the last time you formatted this HDD anyway? I do mine every year or year and a half. Then again i have about 4 HDD chillin.

I think it's time to seek professional help. I think I have reached the limit of my abilities to fix this... time to go find a guru :mad:

Thanks for all the links and help everyone... if I felt more confident i would go for it. I'm pretty good at some computer stuff, but OS isn't one of them.

Raising the white flag :beers:

Kalif,

I also have this same virus. I only go on YouTube, Team Camaro & Gammon Empire. So I have NO idea how I would get this virus. I have just put Avast on my computer to try to eliminate this virus. I have 2 drives on one computer and I have just made my old main drive the secondary drive. My new main drive has no viruses on it. Avast is free. You just go to their websight, register and download the program. I don't know if it worked yet, but it has identified this win32 virus and it says it has deleted it. I don't know if it has yet. It is still checking some stuff. This virus is located in your My Documents.

I am going to try to put the old drive back in after it finished running, but I could do NOTHING with the drive once that virus took command of my computer.
It totally killed the internet.
totally killed the backup features.
took away my access to msconfig and restore.
took away access to Auto Updates.
It even started loading windows, finishing and Loading again forever.
++++++++++++++++++++++++++++++++++++

So Far so good, With a new Formated drive and this old drive as the Slave (two drives on one computer and it no longer loads programs from this OLD one.)
I ran the Avast scan on the old drive, now that I had Avast on my NEW drive. It identified and "had me put in storage chest" these bad Win32 files. I ran on the entire drive, but if you want to do quick first run it on Windows and My Documents. That seems to be where all the problems are. Then run on the entire old drive. After doing this, i put the old drive back in, just for an experiment, to see if the old virus would resurrect itself. It did not. I ran the Avast on it again and nothing showed up, am not going to say that it could not, just that it did not in the 1/2 hour I had it running. It DID damage some programs so that some would not work. ACT was a program that no longer worked, but it was program not data corruption. I already have it working on the new drive. Keep in mind that since I had NO spyware or virus protection, my computer had no idea where to put the programs back to and again my RESTORE feature said that I could have "NO access" to that feature.
Now copy your old data were it is suppose to go in drive C: and I think all will be fine.

A WORD OF WARNING: I have learned over the years that MOST computer users have NO idea where their data is in their computer.
You should learn where your DATA is so that if you ever have to restore it with a backup you know how to put it back in SELECTIVELY.

If something happens that the above does NOT work, I will post that on here. Otherwise this is at least one option for someone who runs into a wall like Kalif did.

I ran nod32 at work for a year. It never found any viruses at all, which was strange, cause my previous norton corp edition found them in emails weekly but always stopped them in their tracks.

After no response from croatia or where ever they are, I installed the free avast anti virus and it cleaned the machine right up.

Note to Steve: This didn't just happen ya know. Rahm "The Enforcer" Emanuel has been reading in off topic, and I hear from the Chicago grapevine that you are now on the list for elimination. Be sure to keep your CC permit up to date, wear your tinfoil hat, and get some of those periscope glasses so you can always see what's around the next corner!!!
Don't bother vacationing in Jamaica, they own it.

It now has been 2hours past my last post. I am on the internet, the virus is gone!

I ran Avast again and no virus(es). Looks like a good fix. I will run the program again, probably daily, for the next few days just to make sure.

NOTE: I should add that one of the reasons it was a fast fix for me is because I own the program called Acronis True Image 11 Home Software.
A couple years ago I loaded ALL my software onto the computer, got all the internet working, made ALL the adjustments in the programs to have them set up the way that I wanted. Getting all these programs in the computer is about a 24 hour job, so not something I really want to do.
Then, after everything was in and set up I made a MIRROR Image of the entire drive from this program. Then I copied ALL this information to another (already formated, BLANK) drive and just set it to the side for some major problem that I might have!!! This was it!!! So when I made my old main drive the secondary drive and stuck in the new drive that already had all the programs in it. It went "pretty" smooth and fast. I went slow trying to not let this virus sneak out on me.
================================================== =================
It is now almost 2:00pm and all is well I am pretty sure. The only thing that I have noticed so far is that my system is a little slow.
Believe it or not, I just turned off the virus program and am running defrag and some other maintenance. Hopefully this is all that is affecting the speed.
It it still is slow, I will uninstall virus protection and stay off the internet for a while, till I figure it out.

================================================== =================
It is now almost 3:00 and I ran defrag twice and did somemore clean up and file mantaintenance and it is running like a champ.
I ran the virus scan program on windows and my Documents (just new drive) and there is nothing.
I will now MIRROR the entire "NEW" drive that I am using so that if something does come up, I am where I am NOW. Good Luck!

This is should be my last post, unless some disaster happens. Good luck.
Hopefully this all helps someone.

I used AVG/free, Malwarebytes/free and Windows Defnder to rid the better half's computer of the "Personal Antivirus" (PA) trojan that she got.

D/L Windows Defender from Microsoft.

I used Firefox to add those programs as that PA hijacks Google etc on IE!!!

Well, I did a trade deal with a computer guru... after I tried just about everything suggested here and by ESET that I felt comfortable trying on my own. The end result was we had to reformat the hard drive. Fortunately he was here so he showed me how to back everything up that I could and, once it was reformatted, it was just a matter of me trying to figure out how to get everything else put back on the system... WHAT A PAIN.

I need to carve out some time to learn how to better protect and back up my systems. I have about 15 computers and, when it's all said and done, I'm responsible for them. Can't afford an IT pro to maintain them, so I better get crackin :)

Sry didnt get to this tra earlier
For the last month I have been flat out 7 days a week fixing this and similar viruses.
Run a search..including hidden/system files.
Do you find reader_ something and when r clk properties is not acrobat reader.
Also a servives.exe in C:\windows\ that is not a MS (the MS with be in \system32\ and restore, cach, sp files.
And do u find a lot of a number.tmp eg 8.tmp files or similar
Can you still boot ito save mode?
Is you virus scanner and fire wall turned off , and when go to the firewall the 'on' is greyed out?
If u download tcpveiw.exe and plug the netwrk cable in do u se after a minute or so a heap of stange connection...what it ias doing is downloading heaps more trogens and at the same time sending out huge amounts of spam enails..plus some other things.
After a couple days and still on the same ip, you may find some email get bounce with a 550 error...
And if that is the case, your ip has been blacklisted at spamcops and sorbs etc
The big danger is if your netwrk is running a mail server on the same ip, this stops functioning because of the black list.

These are not all the symptoms, and not all may happen, but id tcpveiwer shows is sending out..thats real bad.

OH and 4 eventually went into a boot loop or hang...even in safe mode, because the hard drive got filled and no where for the page file to work.

Fix:
Out of a heap of machines have fixed 2..all the rest required disk wipe, including the mbr, not just format, fully wiped and scrambled, then reload.
A lot of .exe files (program files , instal files get infected also, so what those when backing up.
The few I 'fixed' a couple 1 week later, almost to the hr, where reinfected...and they had not been put back into commission. or used.
To fix I made a cd bootable in xp pro, from there I deleted
reader_
windows\services.exe....
oh yeah and there could be somewhere in C:\Documents andSettings\username\Application Data\usename.exe
\temp internet files,
\user\temp
\windows \temp
And delete all .tmp files
Then run from thr XP boot disk (this runs xp os off the cd in ram drive)
windows-kb890830.exe
rmvirut.exe...which runs on reboot..
vcleaner.exe
fixvirut.com
hyjackthis fixes reg entries on reboot last

And this seems to only effective. without wiping the hard drive if the virus has not been running long...in the very minority of cases.

Also if you have a mail server on your ip...once fixed most of the 150 odd spam data bases most mail servers use after a heap of emails one can get unlisted in about a week
But Sorbs...they are a pack of stupid idots who just cant grasp the situation or are just bloody lazy, and its a huge complex matter to get unlisted...unfortunaty sorbs is used by a great proportion of isps and companys.

It is not just facebook type sites, file storage servers like rapid share are infected, torrents, psp sharing, warez sites, cracks, keys...and it seems 99% of the machines I have had to deal with so far the customers are all into those sorts of crap.

Like I have said before, cleaning virus are good for business...this time around bloody good...but I sick of it...and my office is just not getting empty...

This is a follow up to my stuff:

I don't know if any of you use GAMMON EMPIRE or PLAY65??
These are both on line backgammon sights. I love the game of backgammon and have enjoyed playing this game on line. I tested for several weeks trying to figure out where I got this virus.
To make a long story short, these 2 web sights ARE COMPLETELY VIRUS INFECTED.
Because they are imbedded into their programming these are really able to take hold of your computer even with virus protection. I AM NOW starting to wonder how a web sight can be so badly infected and the web master gives NO information this when you start into the program. I have quit using both these sights and deleted their programs. If it can be done to these web sights, it can be done to others. If you find out where you got yours, let us know???

Again, you guys with no viruses, learn where your data is. As Steps can attest to, that is really the biggest problem with redoing your computer. I know where all mine is and is laid out very organized so I don't forget anything. IT IS EASY TO FORGET, EVEN IF YOU HAVE IT LAID OUT PERFECT. But, that is the world of MicroSoft!!

I have an idea where mine came from, but I can't be sure.

I never play any type of games on a computer (boring ole' me), so it isn't one of those type of sites. Where I may have gotten it from is some website named "Tagged", or something like that. It's some social networking website, and I think I might have gotten it when I went in there.

I recently joined Twitter and Facebook because some of my family and friends kept sending me invitations, so I joined. shortly after that, I got some email notification about this "Tagged" website. I went in, checked it out, and joined because I thought it was part of Facebllk or Twitter or something. I'm pretty sure that it was about that time that I got the virus, but I can't be sure.

NOTE: I should add that one of the reasons it was a fast fix for me is because I own the program called Acronis True Image 11 Home Software.
A couple years ago I loaded ALL my software onto the computer, got all the internet working, made ALL the adjustments in the programs to have them set up the way that I wanted. Getting all these programs in the computer is about a 24 hour job, so not something I really want to do.

THIS is the way to go..I have used Ghost, even going back to win 95 days
Ghost2003 now.
opensource " drive image xml " google it is also very good. and I believe open source img burn and nero can burn to dvd.??? and make bootable for recovory.
Partition the Hard drive about 20 gig for C:
Another about 10 gig this is for favourites, mail boxes and addrees books, cookies.
Anoither or 2 for games, movies documents etc
And at the end a partition about 10 gig for the ghost/backup fat32
Load O/S programs (office etc) to C:/
Config email clients, documents, favouriites, cookies etc to auto save to 2nd partiton...
Boot from a bootable win98se cd with ghost on.. in dos load ghost, ghost will reconise the ntfs drives even thu dos will not.
Create your image on the last partition (make this fat32) put the ghost.exe in the root of this partition.
Now if/when the machine screws up, boot off win 98 disk go to last partition, run ghost, ghost C: back...
Since email boxes cookies etc are all on 2nd partition and C: preconfig to store/read from here....when u reboot all yor email etc is there...AND having cookies there there is no need to reloggon to all your web sites....

I was in the middle of a competion gaming touny with our squad, the communications with other team members went down near the end of the 2nd map....there is a 10 min break between maps...signed off ghosted back, and was ready for the last map.

"He who makes a back up, laughs last"

PS restore is turned off ....
If need be a hard drive goes down I can reghost back from a DVD or boot from a external HD and reload the new HD in 10 mins.

Someone mentioned "have 10 machines cant afford to buy a backup prog"

Look at it this way, 1 machine goes down for what ever reason...thats lost poductivity, staff breathing down your neck, stress, hrs trying to fix, OR send the staff off for a 10 min coffee break, when they come back, give them the bad news they have to work again lol.

Work hard at being lazy

Some virus remain even after a format....If need be, format and scramble the hard drive..then ghost back....there is an open source prog diskwipe that is quite good.

And if getting serious one can boot off usb or cd/dvd with flavours of linux and run tools to recover data, rebuild mbr ntldr ntdetect.com etc...run and clean virus, partition, scramble, format etc etc.
ultmate bootall, hiten xp pro boot, ubcd4 winbuilder, spotmau,
And tools like px builder, autosteam where u can update your instal discs with lastest sP and updates, and preinstalled programs, and make the whole thing unattended...

These are used by pro IT people, most are open source....If you are just a person in a small bussiness who knows enough to get by and is basically 'nominated' as the IT person...get familar with the above on a wet sunday afternoon...once u start to understand the basics, you will be working as a pro..impress the Boss and get paid far more.

Most IT people are full of BS, to hide their incompantices and plain lazyness, and to boost their importance to demand high salaries
I wiill quailfy this..there are real serious high end IT, who have photographic memores that live in a world totally alien to the general run of the mill IT person...to have the priverage to come across such a person and work with is truly an eye opening experiance, even after being in the trade for 15 yrs.
I am not one of these people...