I believe I have a rootkit and trojan virus in my laptop. I tried installing Norton did not work. I have serveral issues
Banner on desktop stating "Warning Spyware detected on your computer, install an antivirus or spyware remover to clean your computer."
I went to google and downloaded a few free anti rootkit removal softare - went into safemode and none of them worked.
I received this warning when using one of the software - "the system admin has set policies to prevent this installation". tried gpedit.misc to disable windows installer when i get there I am unable to highlight or change it says not configured.
other issues...
the task bar is missing
ctrl alt delete is disabled by admin
click icons they flash quickly then dissapear
dont know what else to do to get this cleaned in safemode.......any idea??
- Follow via:
- RSS
- Email Alert
Question
0
Votes
Answers (3)
0
Votes
Are you on a network?
If so get the Admin to do it. You will not be able to download anything to change it. So give the Amin a call.
Please post back if you have any more problems or questions.
Please post back if you have any more problems or questions.
21st May 2008
Replies
no i am not on network this is a personal laptop
smurphydej@...
22nd May 2008
0
Votes
online scanner.
Online Scans might help
http://housecall.trendmicro.com/au/
http://www.bitdefender.com/scan8/ie.html
http://www.kaspersky.com/virusscanner
If it finds the virus and you have a name Post it and I can try to look up a removeal tool or a guide on how to fix it.
or
Only try this if you have good understanding of PC's. Download some free Admin tools from Sysinternals from microsoft
download Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
and Autoruns
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
First i would use process explorer to Try shut the prosess running the virus. try killing the process that is running oddly in your system. (some times process explorer will Mark them in a diffrent colour if they are not standared) Before killing a process off try googling it.
eg type into google search
SCVHOST.exe
This will help you determain what it is and related to.
Try using auto runs to disable that process from booting up again. Auto run will give you lots of other usfull information.
http://housecall.trendmicro.com/au/
http://www.bitdefender.com/scan8/ie.html
http://www.kaspersky.com/virusscanner
If it finds the virus and you have a name Post it and I can try to look up a removeal tool or a guide on how to fix it.
or
Only try this if you have good understanding of PC's. Download some free Admin tools from Sysinternals from microsoft
download Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
and Autoruns
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
First i would use process explorer to Try shut the prosess running the virus. try killing the process that is running oddly in your system. (some times process explorer will Mark them in a diffrent colour if they are not standared) Before killing a process off try googling it.
eg type into google search
SCVHOST.exe
This will help you determain what it is and related to.
Try using auto runs to disable that process from booting up again. Auto run will give you lots of other usfull information.
21st May 2008
Replies
I recieved great advice thanks will keep you updated
smurphydej@...
22nd May 2008
0
Votes
This will work for you, but there is a bit of work involved
From another PC download and install these programs and copy the the installed folder along with VundoFix.exe to a USB Stick.
Restart the PC in Safe Mode and turn off System Restore insert the USB Stick and run Sophos.bat when it is completed run VundoFix.exe. When the PC reboots start in Safe Mode again and run Spybot.
Download Spybot - Search & Destroy 1.5.2 and install it. Update it. http://www.safer-networking.org/en/download/index.html
Download Sophos and the latest IDE Files. Install it and extract the IDE files to the C:\SAV32CLI folder.
http://www.sophos.com/support/knowledgebase/article/13251.html
Copy and paste the below two lines into Notepad and save the file to the USB Stick as sophos.bat, it will scan and remove.
===============================
CD SAV32CLI
SAV32CLI -REMOVE -P=C:\REMOVLOG.TXT
===============================
VundoFix is a freeware removal tool for many of the known variants of Trojan.Vundo, Trojan.Conhook and other similar infections.
http://vundofix.atribune.org/
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's finished scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Also download and install CCleaner to tidy up your Registry. Let it run through until there are no errors left.
http://www.ccleaner.com/download
The Sophos SAV32CLI folder can be safely deleted after it is copied to USB.
Restart the PC in Safe Mode and turn off System Restore insert the USB Stick and run Sophos.bat when it is completed run VundoFix.exe. When the PC reboots start in Safe Mode again and run Spybot.
Download Spybot - Search & Destroy 1.5.2 and install it. Update it. http://www.safer-networking.org/en/download/index.html
Download Sophos and the latest IDE Files. Install it and extract the IDE files to the C:\SAV32CLI folder.
http://www.sophos.com/support/knowledgebase/article/13251.html
Copy and paste the below two lines into Notepad and save the file to the USB Stick as sophos.bat, it will scan and remove.
===============================
CD SAV32CLI
SAV32CLI -REMOVE -P=C:\REMOVLOG.TXT
===============================
VundoFix is a freeware removal tool for many of the known variants of Trojan.Vundo, Trojan.Conhook and other similar infections.
http://vundofix.atribune.org/
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's finished scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Also download and install CCleaner to tidy up your Registry. Let it run through until there are no errors left.
http://www.ccleaner.com/download
The Sophos SAV32CLI folder can be safely deleted after it is copied to USB.
21st May 2008
Replies
thanks so much, I did downloaded Sophos but had problems with is scanning in safemode. I will try this and let you know how it goes. I might have questions as I am new to fixing pc.
smurphydej@...
22nd May 2008
post back if you have any problems 
Jacky Howe
22nd May 2008
I downloaded all items to my USB even winzip as that was needed to unzip the folders. I am not able to load anything to the infected PC. I am still getting "the system administrator has set policies to prevent this installation" I did google this but none of the resolution helped. I am seriously stuck I dont know what more to do
smurphydej@...
23rd May 2008
Download autoruns and spybot-search and destroy (watch out for imitators). with Autoruns check all the items carefully, if it looks suspect Google it, then either uncheck it or delete it.
With spybot use Mode - Advanced. In the left column click tools, then in the right window add a check to BHOs and ActiveX.
Under tools left column click on the new BHO.
The right window will populate with the BHOs. If it looks suspect click on it (right window) and you will see more info. As above Google, leave alone or remove.
Also check the activeX and Startup items.
With spybot use Mode - Advanced. In the left column click tools, then in the right window add a check to BHOs and ActiveX.
Under tools left column click on the new BHO.
The right window will populate with the BHOs. If it looks suspect click on it (right window) and you will see more info. As above Google, leave alone or remove.
Also check the activeX and Startup items.
IC-IT
23rd May 2008
we not clear I will I will quickly recap. Install Sophos and Spybot to an uninfected PC. Extract the IDE files to the root folder that Sophos creates. Update Spybot and copy both folders to USB or burn them and Vundofix to a CD. Restart the infected PC in Safe Mode and run the files.
Jacky Howe
23rd May 2008
just dont understand why it would not allow me to install to the pc. every problem it gave me I googled but with no success, I am still a novice and took in to more advance workers to resolve but this gave me good example of how a virus will not die like a NY Roach or Castro......lol (as a cuban i can say that! Thanks for the help
smurphydej@...
30th May 2008
.
Jacky Howe
30th May 2008
