How Do I Get Rid Of Viruses In My Memory?

I tried Amust 3.5 and it got rid of 35 for me for free (and of course gave me a $19.95 offer to get rid of the rest) HA!

Altogether it found less than some of the others (like 635 or so).

RegCure found the most... however, a lot of the RegCure finds were a bunch of "File/Path References" and that didn't seem like the important stuff to me (like I'm some expert right?) HA!

Going to try 3.11 now!

SEAS

 

Hmmmm... having problems finding Amust 3.11. Might have to just get the 3.5 (I think there's a special for $19.95)

I'll keep checking!

SEAS

 

i totally agree zapjb
i think the two registrys cleaners i used to use weekly is what screwed up this pc.
lodore

 

This will end up with OS reinstallation

 

NOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!

Keep The Faith!!!!


SEAS

 

BTW - Here's my VirtumundoBegone report!

[07/16/2007, 17:56:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jamie\Desktop\VirtumundoBeGone.exe" )
[07/16/2007, 17:56:22] - Detected System Information:
[07/16/2007, 17:56:22] - Windows Version: 5.1.2600, Service Pack 1
[07/16/2007, 17:56:22] - Current Username: Jamie (Admin)
[07/16/2007, 17:56:22] - Windows is in NORMAL mode.
[07/16/2007, 17:56:22] - Searching for Browser Helper Objects:
[07/16/2007, 17:56:22] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/16/2007, 17:56:22] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/16/2007, 17:56:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/16/2007, 17:56:22] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/16/2007, 17:56:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/16/2007, 17:56:22] - No filename found. Continuing.
[07/16/2007, 17:56:22] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/16/2007, 17:56:22] - BHO 6: {FB852192-B30E-C081-2257-9F5B502163B4} ()
[07/16/2007, 17:56:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/16/2007, 17:56:22] - No filename found. Continuing.
[07/16/2007, 17:56:22] - Finished Searching Browser Helper Objects
[07/16/2007, 17:56:22] - Finishing up...
[07/16/2007, 17:56:22] - Nothing found! Exiting...


SEAS

 

Concur.

 

And I thought you were on MY SIDE!!!!

HA!!

SEAS

 

Ime is what I'm going by.

You have no stated backup solution. Neither a tested image nor a tested clone.

And you're trying every reg fixer under the sun.

And you're new here.

Btw welcome.

And you'll get help here when the inevitable ime happens.

 

Actually.... I've only tried 3 registry fixers... RegistryBooster (you're choice), RegCure, and Amust. No actions have been taken, only testing them to see what they did or did not find. Still not decided on which one to purchase!

As far as a backup solution, I have XP Pro and was planning on using my System Restore (if needed).

So far my system is working WAY better!

SEAS

P.S. What is "Ime"... In my experience?

 

In my opinion, RegSupreme is the best registry cleaner available today http://www.macecraft.com/regsupreme/ that you can try free for 30days

Yep

 

Thanks Macstorm!

I'll check out RegSupreme as well.

BTW - One thing I did try about a month ago (before my system got compromised) was NTREGOPT NT Registry Optimizer. It's freeware as well.

Here's the link!
http://www.larshederer.homepage.t-online.de/erunt/

Has anyone had any experience with this one?

SEAS

 

Hey Macstorm!

I see they have a RegSupreme and RegSupreme Pro. Both say "Free to try with no Limitations"

Have you tried the pro?

SEAS

 

Forget these auto cleaners. Download RegSeeker, enter missing file name and search the registry. Most likely it will find it and its on you to delete that.
Just watch out for malwares that use exact system nams so you won't cripple it more than malware itself! Using program "Autoruns" is also a good choice for cleaning such leftovers.

 

Yep, I use ERUNT and NTREGOPT. I usually use ERUNT before an install to backup the registry. NTREGOPT is suppose to defrag the registry. It's funny you mentioned it as I just did that less than an hour ago.

I'm not one of the experts here, but I use these programs hoping that if I screw up, or something that I install fails, ERUNT will save my bacon or lessen my burden.

 

Thanks for your reply innerpeace (love your user name btw).

I haven't tried ERUNT, but sounds like a good idea for backing up your registry.

What about creating a system restore point using XP? Will this do the same as ERUNT?

SEAS

 

I've been reading the FAQ's regarding ERUNT and one thing they said was this:

Question: Should I disable Windows XP’s System Restore function when using ERUNT?

Answer: Yes! Though System Restore backs up more than just the registry, the registry is essentially all you need to revert your system to a previous state. Advantages of ERUNT over System Restore are that each restore folder is standalone and independent of the others, minimizing the risk of restore failures, and that a restore can easily be done from outside Windows. Also, ERUNT backups usually take up less hard drive space than System Restore’s restore points and may be individually deleted at any time.

SEAS

 

No.
I started 2 years ago with the standalone regsupreme and then jumped to the full set jv16powertools (which includes the reg cleaner and other utilities). I couldn't live without them.
I suggest you to double check the detailed key features of the software available from the maker (main page). I think you'll need only RegSupreme.

Also do as Rejzor said and use 'autoruns' http://www.microsoft.com/technet/sysinternals/SystemInformation/Autoruns.mspx to get rid of such unneeded invalid startup entries.

 

No, ERUNT covers more ground. Their site and or manual give a good description of why it suppose to be better/different. http://www.larshederer.homepage.t-online.de/erunt/erunt.txt This manual is detailed and I have a copy sitting next to me in case crap hits the fan.

I do usually do a system restore and use ERUNT before a new install. I mainly do this because I don't have a working back-up system yet. I just consider ERUNT as another layer of system protection similar to the layers of protection in my security setup. Geez, I'm starting to double up on everything , I need a vacation from Wilders .

Edit: I see you looked into ERUNT. Disregard my link.

 

Ok. Full disclosure would've helped.

"No actions have been taken" Ok, thattakes the wind out of a lot I've said. How did you solve the dll problem?

And you're correct about ime.

I don't believe you'll find many here who consider system restore a comprehensive backup solution. Tested images & tested clones are comprehensive backup solutions.

Good luck & stick around. It's friendly & informative here.

 

No offence to anybody but this thread was started because of Vundo/Virtumonde infection and stubborn DLL but it turned out to how to clean-up Windows Registry and support back-up solutions , with tons of suggestions how to clean registry when computer is/was infected , which is very unprofessional way of any attempts to clean an infected machine . Such a load of registry cleaners/extreme game with back-up software will only lead the OP to Windows reinstallation , I am sure .

 

Thanks zapjb for your reply! I tried to reply back yesterday morning but I got a popup that said I used up all my post for one day!

Yes! I really like this forum and people like you have been very helpful!

As far as the dll problem, after I ran SUPERanitSpyWare it was gone.

I also ran ERUNT then RegSupreme Pro and everything is 100% and doing fine!

Thanks everyone for all your help!

SEAS

 

Hello

I note that some comments were made about Paretologic, and I welcome the opportunity to explain.

It is true that in 2002, ParetoLogic was included in Spyware Warrior's Rogue Applications list. As a new company that engaged affiliates as its main channel of sales at the time, ParetoLogic had not yet formulated policies and guidelines for appropriate affiliate marketing of its products. Though most of the ParetoLogic affiliates conducted themselves in an appropriate manner, there were some that used marketing and/or advertising tactics that were not well accepted by the Internet community. This situation was remedied in 2003 at which time ParetoLogic was removed from Spyware Warrior’s list.

Since that time,

• Established in 2004, ParetoLogic is a member in good standing with the Better Business Bureau
• ParetoLogic and its CEO have been the recipient of several awards including Entrepreneur of the Year, Emerging Technology Company of the Year, and Innovative Excellence
• ParetoLogic currently has seven products on the market, several of which have received public acclaim and awards
• ParetoLogic products are available in eight languages in seventy countries around the world
• ParetoLogic offers a 60 day money back guarantee on all of its products
• ParetoLogic has a dedicated Customer Support Team. Their genuine desire to help people out often results in them helping customers with general computer use and maintenance issues and has garnered ParetoLogic a large number of loyal customers.

If you require assistance with any Paretologic Product, please send an email to helpdesk@paretologic.com.

Kindest Regards
Laura
Paretologic Liason

 

Was just about to post virtually the same thing. This is a simple remedy that eludes many people. After you have removed the malware, do NOT reboot your computer. Don't even shut it down, turn it off by the button. Even unplug the power cord for 1 min. so there's no power going into the computer at all. This will remove the nasties from your memory.

Of course this measure is only needed if you've got something nasty, and the Vundo variants are known to be extremely shiesty.

 

There are many variants of Vundo/Virtumonde adware that gets injected to the Windows32 system folder. There are many AV and AS programs that say that they can remove the adware stuff. I used VUNDOFIX from atribune.org which was one of the earliest programs that target that type of infestation. But there are variants where the utility will not work. Personally, I would generate a Hijackthis log and post the information on a tech support site for assistance. If you have a rootkit variant of this spyware, then you probably need to use other spyware cleaning utilities.

For the most part, Vundo is an ad spam program. It changes its name within the Operating System files every time you boot up so that detecting it is harder. The older variants used a flaw in the Java software to infect PCs, but the newer ones may have mutated to other ways to infect PCs.