PDA

View Full Version : Unable to remove VIRUS (please Help).

Birdman
September 25th, 2007, 11:36 AM
My friend's system has been hit with a virus and multiple KIS system scans has not been able to remove the virus. KIS did locate 1 virus in the "My Documents" folder but it said it was "disinfected."


The following problems are occuring:

{QUOTE-> 1) Unable to open time - the following message appears:

"The operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."

2) Unable to add/remove programs (the same message above appears)

3) Control panel is missing

4) The registry also locks up (access denied) from time to time <-QUOTE}


Besides running a normal scan....can something else be done differently to remove this bugger from the system (besides formatting)?

Also any good tools/software recommended in this situation?

Any help is greatly appreciated. Thanks.
sach1000rt
September 25th, 2007, 12:54 PM
try scanning in safe mode.
Nubiatech
September 25th, 2007, 01:42 PM
As per:
http://www.wilderssecurity.com/showthread.php?t=42148

I'd recommend:
http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
ronjor
September 26th, 2007, 11:32 AM
Off topic post removed.
C.S.J
September 26th, 2007, 02:05 PM
he could always try drwebs cureit, the new version has better removal (if it detects it ;) )
DVD+R
September 27th, 2007, 06:37 AM
~snip~

failing that there are several online scanners such as Trend Micros House Call, which has worked for me in the past
the Tester
September 28th, 2007, 12:29 AM
In addition to Trend Micro,Panda and F-Secure also have online scanners.


http://www.pandasecurity.com/homeusers/solutions/activescan/

http://support.f-secure.com/enu/home/ols.shtml
EASTER
September 28th, 2007, 02:14 AM
It's a real toss-up anymore. It depends on "IF" one of those AV's can accurately identify the particular virus and if there are other variants of the same sort.

Sometimes it comes down to trying to salvage any programs not affected and wipe & reinstall and/or if it's a file infector, even the "BEST" av's don't always "clean" effectively enough i just found out recently. That leaves the only alternative of completely deleting the drive/partition then zeroing the disc before format & reinstall again.

I notice also some of the most recent viruses are wedging deeper into the drive, causing even some AV's to BSOD while they are trying to capture or repair the damaging intruder.

That's why its important to use a reliable IMAGING program against these potential intrusions. Then all you have to do is D-BAN the whole disk or partition and restore a "Clean" duplicated system to get back on-track again.