Question

Locked

Trojan Virus giving me a headace!!!

By smurphydej ·
I believe I have a rootkit and trojan virus in my laptop. I tried installing Norton did not work. I have serveral issues

Banner on desktop stating "Warning Spyware detected on your computer, install an antivirus or spyware remover to clean your computer."

I went to google and downloaded a few free anti rootkit removal softare - went into safemode and none of them worked.

I received this warning when using one of the software - "the system admin has set policies to prevent this installation". tried gpedit.misc to disable windows installer when i get there I am unable to highlight or change it says not configured.

other issues...
the task bar is missing
ctrl alt delete is disabled by admin
click icons they flash quickly then dissapear

dont know what else to do to get this cleaned in safemode.......any idea??

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Are you on a network?

If so get the Admin to do it. You will not be able to download anything to change it. So give the Amin a call.

Please post back if you have any more problems or questions.

Collapse -

thank you

by smurphydej In reply to Are you on a network?

no i am not on network this is a personal laptop

Collapse -

online scanner.

by mmauer In reply to Trojan Virus giving me a ...

Online Scans might help

http://housecall.trendmicro.com/au/
http://www.bitdefender.com/scan8/ie.html
http://www.kaspersky.com/virusscanner

If it finds the virus and you have a name Post it and I can try to look up a removeal tool or a guide on how to fix it.

or

Only try this if you have good understanding of PC's. Download some free Admin tools from Sysinternals from microsoft

download Process Explorer

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

and Autoruns

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

First i would use process explorer to Try shut the prosess running the virus. try killing the process that is running oddly in your system. (some times process explorer will Mark them in a diffrent colour if they are not standared) Before killing a process off try googling it.
eg type into google search

SCVHOST.exe

This will help you determain what it is and related to.

Try using auto runs to disable that process from booting up again. Auto run will give you lots of other usfull information.

Collapse -

Will keep for future use

by smurphydej In reply to online scanner.

I recieved great advice thanks will keep you updated

Collapse -

This will work for you, but there is a bit of work involved

by Jacky Howe In reply to Trojan Virus giving me a ...

From another PC download and install these programs and copy the the installed folder along with VundoFix.exe to a USB Stick.

Restart the PC in Safe Mode and turn off System Restore insert the USB Stick and run Sophos.bat when it is completed run VundoFix.exe. When the PC reboots start in Safe Mode again and run Spybot.

Download Spybot - Search & Destroy 1.5.2 and install it. Update it. http://www.safer-networking.org/en/download/index.html


Download Sophos and the latest IDE Files. Install it and extract the IDE files to the C:\SAV32CLI folder.
http://www.sophos.com/support/knowledgebase/article/13251.html

Copy and paste the below two lines into Notepad and save the file to the USB Stick as sophos.bat, it will scan and remove.

===============================
CD SAV32CLI
SAV32CLI -REMOVE -P=C:\REMOVLOG.TXT
===============================

VundoFix is a freeware removal tool for many of the known variants of Trojan.Vundo, Trojan.Conhook and other similar infections.

http://vundofix.atribune.org/


Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's finished scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Also download and install CCleaner to tidy up your Registry. Let it run through until there are no errors left.

http://www.ccleaner.com/download


The Sophos SAV32CLI folder can be safely deleted after it is copied to USB.

Collapse -

Great Advice - will follow up with you

by smurphydej In reply to This will work for you, b ...

thanks so much, I did downloaded Sophos but had problems with is scanning in safemode. I will try this and let you know how it goes. I might have questions as I am new to fixing pc.

Collapse -

No Probs :)

by Jacky Howe In reply to Great Advice - will follo ...

post back if you have any problems

Collapse -

unable to install

by smurphydej In reply to This will work for you, b ...

I downloaded all items to my USB even winzip as that was needed to unzip the folders. I am not able to load anything to the infected PC. I am still getting "the system administrator has set policies to prevent this installation" I did google this but none of the resolution helped. I am seriously stuck I dont know what more to do

Collapse -

Add a couple

by IC-IT In reply to unable to install

Download autoruns and spybot-search and destroy (watch out for imitators). with Autoruns check all the items carefully, if it looks suspect Google it, then either uncheck it or delete it.
With spybot use Mode - Advanced. In the left column click tools, then in the right window add a check to BHOs and ActiveX.
Under tools left column click on the new BHO.
The right window will populate with the BHOs. If it looks suspect click on it (right window) and you will see more info. As above Google, leave alone or remove.
Also check the activeX and Startup items.

Collapse -

If my instructions

by Jacky Howe In reply to unable to install

we not clear I will I will quickly recap. Install Sophos and Spybot to an uninfected PC. Extract the IDE files to the root folder that Sophos creates. Update Spybot and copy both folders to USB or burn them and Vundofix to a CD. Restart the infected PC in Safe Mode and run the files.

Back to Malware Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Security Forums