General discussion

Locked

VIRUS PROB CONTINUED

By rubsmong ·
i also found out on the processes tab of the task manager that some system processes had been replicated and running as local sysytem processes---a process like SERVICES had been replicated...WMM.. something had also been replicated with 2 other ones. Trying to end this processes is futile as they cant. Also at loading up! the machine loads with an open web page with the URL ADDRESS.... c\documents & settings\administrator\my documents\my pictues\BRONTOK.A.HTML i.e the file BRONTOK.A.HTML is in the my pictures folders and truly by doing a manual check its there...what brought it there is a wonder but the biggest WONDER is that it does not DELETE...if deleted completely it behaves as if gone but on restart it loads again and at other times it loads by itself while working.... a manual search reveals that the file still exists in the my pictures folder even after an immediate delete...deleting the mother folder doesnt help much coz it behaves the same way..deleting the my pictures folder doesnt help coz it automatically returns..renaming it doesnt help either.....HEEEELLLLP am goooing BANANAS!!!!! am now left to work with them... this is affecting my flash disk as at times the machine refuses to completely detect it. IS THIS A VIRUS!!!! A BUG!!! PLAIN CRAZINESS or what could it be...it is really costing us....if it is a virus why is it not being detected...... I USED TO THINK NORTON ANTIVIRUS IS THE MOST ADVANCED AND THE BEST now am having doubts. We have no local network and our internet is dial up which we rarely use. Please help before it spreads to all other machines coz from my last check it had infected one more machine....

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by 3xp3rt In reply to VIRUS PROB CONTINUED

Norton Antivirus is not the best. There are other antivirus programs more efficient. Here are some examples. C&A e-Trust, NOD32, AVG. (AVG have a free version, you can download from http://free.grisoft.com/doc/1 ) I suggest to download, install and update AVG, and do a virus check. If the AVG can't remove the virus, you can find clean utilities on AVG Web site.

Collapse -

by 3xp3rt In reply to

Go to your first question!

Collapse -

by jardinier In reply to VIRUS PROB CONTINUED

Norton AV absolutely SUCKS. EVERY instance I have heard of someone getting an infection, they have been using Norton. It is possible that some people failed to renew their licence and didn't get updates, but it cannot be a coincidence that it is always NORTON that gives problems.

I have had problems with other Norton products as well.

Collapse -

by jardinier In reply to

I should mention that I have been using Computer Associates (CA) Vet AV on all my computers for eight years without a single infection. The product has different names in different countries. In the USA it is e-Trust.

It is available for download and purchase in the USA here:

http://store.digitalriver.com/servlet/ControllerServlet?Action=DisplayPage&Locale=en_US&id=ProductDetailsPage&SiteID=caconsum&productID=35180700&Env=BASE

Collapse -

by JamesRL In reply to VIRUS PROB CONTINUED

Couple of things to try.

First, the most effective way to run any anti-virus tools is in a minimal environment.

1) Turn off System restore.
2) Run MS Config and turn off all non MS startup apps.
3) Restart in safe mode (non-networked).
4) Run your antivirus and anti-spyware tools (more than one is a good idea, I use both Spybot and Ad-Aware, both free). If faced with a toughie, I prefer to run Stinger (free from Macafee) in safe mode.

If you find a virus, clean it and run the tool again - sometimes it doesn't always clean it or one virus can mask another.

James

Collapse -

by cmiller5400 In reply to VIRUS PROB CONTINUED

This could be a rootkit that is hiding itself.
www.f-secure.com/blacklight
www.sysinternals.com/Utilities/RootkitRevealer.html

Links from page
http://www.pcmag.com/article2/0,1895,1941830,00.asp

Collapse -

by cmiller5400 In reply to

Dang nab it. Dang links....

www.f-secure.com/blacklight
www.sysinternals.com/Utilities/RootkitRevealer.html

Collapse -

by cmiller5400 In reply to

Ok....Let's try this AGAIN...

http://www.sysinternals.com/Utilities/RootkitRevealer.html
http://www.f-secure.com/blacklight

Collapse -

by YetAnotherAdmin In reply to VIRUS PROB CONTINUED

Firstly, calm down.....

You can't stop services.exe because it is a service. Services can be stopped by running services.msc and stopping from here. You probably want to disconnect from the internet before stopping services if you don't know what they are. It is quite unlikely that a service is the problem though. Don't worry too much about duplicate processes, things like svchost.exe will appear more than once.

Open regedit, check the following keys,

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Google every process name, if it shows up as a known virus or spyware delete, you may want to back the key up first. If google doesn't get a result it may also be suspicious.

Open task manager and look for any unusual processes like wb39862hy.exe If there are any there, stop them and wait to see if they re-appear. If they do, another process is re-starting them. Try ending the process tree, if this is unsuccessful, download pstools from http://www.sysinternals.com and use pskill to stop them. If you have more than 1 restarting each other you can write a small batch file to stop them all together with pskill.

Use pslist, if there are any processes with a dll extension that you don't recognise, stop them. You may need to stop Internet Explorer and Windows Explorer first. Remember to keep Task Manager open to restart Windows Explorer. Once complete check the registry again to see if any have re-appeared, check pslist again as well. If none have re-appeared restart and check again, all while offline. You may have AV installed, but do you have Anti-spyware, firewall, latest OS security patches? If not, get them before you start and install them before you go back online. Must be 2000 words by now.... Good luck.

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums