Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Spyware\Trojan problem

  • 22-11-2004 9:59pm
    #1
    scoey
    Registered Users, Registered Users 2 Posts: 219 ✭✭


    I've spent the last 2 hours trying to delete an absolute stubborn bastard of some sort of spyware\trojan that my brother managed to install and am no closer to getting rid of it than I was. None of the adware programs will get rid of it, neither will the Antivirus programs I've tried. I've tried a manual guide from here http://www.bleepingcomputer.com/forums/topict3932.html for getting rid of it but it just won't go. I delete the file and reboot , but it's still there after the reboot.... I have Windows XP and the exact problem outlined in that guide.

    Could someone help me please. I'm extremely close to formating my hard drive and reinstalling windows at the moment but I really don't want to do that.


Comments

  • #2
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    You should disable System Restore if you have it enabled, its entirely possible, neigh likely, that its crept in there. Its like an inbuilt repository for viruses that get in. Disabling it will delete your current restore profiles, and you can always reenable it later should you wish.

    Full details are available in the Windows help files, just hit F1 while on the desktop and enter "Disable System Restore" in the search box.


  • #3
    scoey
    Registered Users, Registered Users 2 Posts: 219 ✭✭scoey


    Thanks for the help but sadly I haven't got it on and haven't had it turned on for months.


  • #4
    Giblet
    Registered Users, Registered Users 2 Posts: 11,989 ✭✭✭✭Giblet


    Look for cwshredder.


  • #5
    Mutant_Fruit
    Closed Accounts Posts: 4,943 ✭✭✭Mutant_Fruit


    best advice i can give is run the guide again! And if that doesn't work, try running the guide through safe mode! And if that doesn't work, try a new guide!

    It seems to be VERY detailed, so i would have thought if you did have that problem, that guide would sort it.


  • #6
    gurramok
    Closed Accounts Posts: 13,992 ✭✭✭✭gurramok


    scoey wrote:
    Thanks for the help but sadly I haven't got it on and haven't had it turned on for months.

    If it sounds like what i think it is...

    Delete the offending files as they are probably classed as 'hidden protected OS files' and in use as a process running.
    Only way is to delete them in 'safe mode with command prompt'(not windows safe mode) or get a program called 'killbox' which removes them on reboot without going into safe mode.
    Look in the registry run(and runonce) area for whats coming back on reboot.
    Delete any dat files that are set in temp directory of each profile.

    Sounds like you might have Virtumonde. (adaware\spybot\hijackthis\antivir software do not detect this).


  • Advertisement
Advertisement