Virus removal summary....

Tony Palmer · From: St Augustine,FL

First of all, I've been battling viruses constantly for the last 5 days and got rid of most but not all....more on that later, but..
What I've gathered is the following:
1)Always run a good anti-virus such as Norton, Microsoft Beta, AVG, etc.
2)Turn off system restore while trying to delete virus files
3)Run in safe-mode while trying to delete those files
4)Use the search function to find detected files and try to delete according to above

Other than that, are there any other things that can be done to remove viruses if they're already established?
I've read where you have to do this in DOS.
Also, I've read going to regedit is another way...
Anything to add?
p.s.the viruses killing me right now are winup2date, ezula and isearch (desktop search)

Donny Hinson · From: Glen Burnie, Md. U.S.A.

Tony, I'm no computer guru, but the best advice I can give is the advice my guru gave me. Rather than repairing or eliminating virus problems, avoid them! STOP using Microsoft "Outlook" for your e-mail client, and use their IE browser only when necessary! Since Microsoft products are the world's "standard", 99.9% of any viruses written are written to play havoc with only Microsoft products. When you stop using any Microsoft "web software", your virus problems will practically disappear. Use other browsers (like Netscape or Firefox), and pick a non-Microsoft e-mail client.

This strategy has performed flawlessly for me since 1990. I've not had a single virus problem in those 15 years. (And, I've been online all those years!) To me, the little inconvenience of not having little bells and whistles (like the Microsoft "Address Book") is well worth not having to worry about viruses.

Jack Stoner · From: Kansas City, MO

With the Microsoft "bashing" that many do, it's interesting to note that Firefox recently released an update and within the update was fixes for "security holes".

Winamp, a popular alternative to the Windows Media Player, had a major security hole and I'm not sure if there was ever an update issued for it. But, security experts were advising against using it.

Everyone bashes the "big boys". I've seen the same bashing of IBM, but everyone wanted to be like IBM back in the mainframe days. We went through that almost daily at SSA with vendors wanting to get their foot in the door.

Donny Hinson · From: Glen Burnie, Md. U.S.A.

Easy Jack, don't get all hot and bothered.

I'm not bashing Microsoft products at all. It's just that, statistically, their software is the most common target of hackers, due to it's almost universal popularity. I suggest that if you want to reduce the liklihood of your getting viruses, not to use their Outlook and IE software. That's not "bashing", it's just pointing out a statistical fact. It's no different than warning someone buying a Nissan Maxima or an Acura Integra that those two models are among the most often stolen vehicles in the U.S.. Hey, they're both great cars...but if you want to reduce your chance for having your next car stolen, just buy something that isn't as "cool", like a Buick or a Kia.

Ron ! · Posted 14 Apr 2005 7:39 am

A Kia??

Ron

Wiz Feinberg · From: Mid-Michigan, USA

See the next post. I screwed up and submitted this one too soon!

[This message was edited by Wiz Feinberg on 14 April 2005 at 10:53 PM.]

Wiz Feinberg · From: Mid-Michigan, USA

There is another place to fight virii, trojans, rootkits, backdoors, spyware, adware and the like, but you first need to know the exact paths to the files and the exact filenames of the threats.

If possible, use your current anti-virus and anti-spyware tools to remove all existing infections. These tools will usually create a log that includes unsuccessful cleaning attempts. Printout your cleansing logs for use later. Turn off system restore. Retrieve and insert your Windows 2000 or XP CD, which contains your current level of service pack, into the CD drive of your choice. The file you will need to access is in the i386 directory, on that official CD.

In the event that you upgraded your service pack online and created a new i386 directory on your hard-drive, use that path as the source for the following action. ie: C:\i386\

Go to Start > Run and type or copy and paste this into the Run input field, substituting (Drive Letter) with the actual Drive path to the i386 directory; ie: if your current level of Service Pack came from the Windows 2000 or XP CD, and the CD player is called Drive D, your path would start with D Oh Well

...

Drive Letter Here:\i386\winnt32.exe /cmdcons.

Example using CD drive D:
D:\i386\winnt32.exe /cmdcons

Windows will popup a box notifying you about installing the "Command Console." Accept the conditions by OK'ing out the box. Windows will tell you that it has installed the Command Console as a startup boot option.

Next, go back to Start > Run and type in REGEDIT
The Registry editor will open. Navigate to this key: HKEY_LOCAL MACHINE\Software\Microsoft\Windows NT\Current Version\Setup\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole

When you get to that area of the Registry, look at the two entries in the right panel. They should be named "SecurityLevel" and "SetCommand" and both have values of zero (0). Double click on each of these "DWORD" items and change the 0 value to a 1 (one), and click OK to close them.

Exit the Registry Editor. Reboot the computer. As you reboot you will see a boot menu that now contains a new option: Recovery Console. Arrow-down to highlight it and press the Enter Key. After a few moments you will be offered a choice of which Drive you wish to Logon to. If all you have is a C drive hard drive, your choice will be #1. Type 1 at the blinking cursor. If you neglected to change the first Registry key to a number 1 you will be required to type the Administrator Password to proceed. If it is blank press the Enter Key, otherwise type the exact password (you'll only get three tries before the computer locks you out and reboots). Assuming all goes well you will be logged into your C:\Windows or C:\Winnt directory to start.

Next, at the command prompt type these commands, hitting the Enter key after each command, cAsE sEnSiTiVe:
SET AllowAllPaths = TRUE
SET AllowWildCards = TRUE
SET NoCopyPrompt = TRUE
and if you need to copy files from or to your Floppy drive, type:
SET AllowRemovableMedia = TRUE

All of the Recovery Console usage is explaned here: http://www.microsoft.com/resources/documentation/windows/xp/all/prodd ocs/en-us/recovery_console_cmds.mspx

Now get the list showing the paths and filenames of the bad guys. For any threat that is in the Windows or Winnt directory just type this command, using badfile.exe as the example filename: DEL badfile.exe

If the bad guys are (also) found in your System32 directory, at the blinking cursor prompt type this command: CD System32
Now type DEL and the name of the bad file. Repeat for each known threat file.

If the threats are found in deeper levels of sub-directories, keep CDing down to those directories. To backup on directory type CD ... To get to the Root of C, type CD \. To get to Program Files, from the C directory prompt, type CD Program Files and hit enter. Then type CD and the sub-directory name where more bad guys are hiding and DEL them. If there are a bunch of hostiles in individual program directories (not Windows and it's subs), like GAIN or ISearch, etc, you can delete all files in that hostile folder by using your AllowWildCards command to CD (hostile-directory name), then type DEL *.*. Then remove the actual directory by going up one level, using CD .. and type RD (hostile directory's name) and Enter.

The beauty of the Recovery Console for removing threat files and floders is that Windows is not running yet, so there is no way for these files to protect against your deleting them. Just be very careful not to delete a necessary file used by your OS, or you will have worse troubles.

When you are done killing files in Recovery Console type exit and hit enter. Your computer will reboot into Windows, assuming you didn't accidently delete a needed system file ;-(

Login to Windows and run anti virus and anti spyware scans and remove any remaining registry entries that used to launch the now gone files.

I wish you a successful Hunt.

Wiz

------------------
Bob "Wiz" Feinberg
1983 Rosewood Emmons D10 Push-Pull, with 8 pedals and 9 knee levers (Crawford Cluster), Lawrence LXR-16 pickups and aluminum necks. Nashville 400 amp with Peavey Mod. Emmons pedalbar mounted, and Goodrich LDR floor volume pedals.
I use and endorse Jagwire Strings and accessories.

Keep Steelin' but don't get caught!

Reporting member of SpamCop

[This message was edited by Wiz Feinberg on 14 April 2005 at 10:57 PM.]

[This message was edited by Wiz Feinberg on 14 April 2005 at 11:02 PM.]

Jack Stoner · From: Kansas City, MO

Donny, but telling someone to use a different product doesn't fix the problem they have now.

Dave Potter · From: Texas

That was interesting, Wiz.

I'm keepin' that one for future reference.

Tony Palmer · From: St Augustine,FL

Wiz, first of all thank you for that very detailed explanation. I will also print it and give it to someone more experienced to perform, as I don't trust myself to do all that...knowing the possible consequences of messing it up.
Second of all, if you'd like to earn a quick million$ , write some software to perform exactly what you described and market it as virus-fix, so those of us with questionable ability can just put a cd in and KILL these viruses once and for all!

Chip Fossa · From: Monson, MA, USA (deceased)

Hiya Tony,

Of all the anti-virus programs we have experienced in our collective collaboration here on the forum, I now use the one, that I feel is THE BEST. And it has a free download.

AVAST: www.avast.com

As well you should know, being a coastal seafaring romantic, "avast" is nautical for 'stop', 'halt', or 'cease' - while asea.

The thing I like about Avast, and it shocks me early in the AM at times, is that an announcement is made saying that Avast virus update has just been performed. So now, your're up to date. Automatically. No fuss.
No muss.

I hardly have any virus problems. I use Google toolbar to axe pop-ups, and I frequently run Spybot, Adaware, and have Zone Alarm running as well. I have no problems. One or the other will grab something.

All this stuff is 100% free, too.

I'll never pay again for some rip-off anti-virus, like McCaffee. I have in the past, and have come to find out that their program is replete with flaws. So why pay?

In theory, if all AV programs are 'flawed',
as the critics will soon let me know, then why pay anything for software, when it's offered for free, with FREE updates and even UPGRADES. Boing.

Avast is great.

Try it out. It costs nothing to try it out.
And costs nothing to keep it on-board.

FWIW

Your pal,

Chipper

jolynyk · From: Prince Albert Sask. Canada

I was at the local computer store today, & he said they use a program called pandavirus & he claims it is the best out there, & better than AVG or Norton.. I haven't tried it myself.. Does anybody know anything about this program.. Apparently it will scan your computer on line & fix problems...

Tony Palmer · From: St Augustine,FL

Thanks for the tip, Chip.
I'll give it a try.
BTW, how does Google Toolbar prevent popups?
Can I use it with AOL?

Chip Fossa · From: Monson, MA, USA (deceased)

T - Google is pretty much a free deal.

You simply go to google.com and dowload their
deal. But you do have to tweak things to get the anti-pop deal.

It's worked pretty well for me.

I'll be glad to help you out with this.

Moi: seatug@comcast.net

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: