Computer Guys I Need Some Virus Help

[burrellsjeep]

We have a HP Computer nothing special at the office that has four log ins (Running XP, Not Pro)

Well my partner here at the company keeps getting the anti virus software virus, I have removed it three times in the last year, The computer is running Norton (Which I hate) and windows defender, Well in the past I have been able to remove it with Malwarebytes program, Well this new virus "XP Antivirus 2010" is being a real pain, It will not allow Malware to open, blocks it even in safemode. I can shut the virus down for a few secs with a dos kill program, which gives me a location of the files but I can't see them, How can I get it show me hidden files, I have checked the properties on the folder with no luck. I am trying to get Adware to work currently we will see, Spyhunter found it but will not remove it unless I pay money, So I am seeing if anyone has had any luck with this one, I have googled the crap out it.

 

[bonecrusher]

boot to safe mode
install and run RKILL.EXE
install and run MALWAREBYTES.EXE

let malware run and update
after that you should be ok
I would just let malware run every few days

EDIT:

you have to get the most updated version of rkill and the most updated version of malwarebytes.
preferably from the webpages they come from.

I can email you the rkill.exe program I use but the malware is a bit big.

 

[bonecrusher]

Just as an aside

You cannot kill this thing, you will be doing this at least once every two weeks. best bet is to reformat.

Also, get rid of spyhunter and adware.

only use malwarebytes and searchanddestroy.
those two will find and get rid of 98% of the crap out there.

 

[burrellsjeep]

I am using Rkill thats what i can kill it with for a few secs, and Mal will not open even after killing it.

Whats odd is I can log in as a different user and its fine, Ran Mal from my log in and removed a few items, Logged back in as him and its still there, So I am deleting his log in and creating a new one.

Edit: Seems to be in his docs and not the rest of the computer

 

[Zachs]

I do this several times a week in my job (servicing 52 dental locations; they find time to fawk everything up).

Bonecrusher is dead on, although I'm not a fan of S&D...also throw super-anti-spyware into the mix: http://www.superantispyware.com

Malwarebytes and SuperAntiSpyware are at the top when it comes to free utilities.
Also install Ccleaner and run the general cleaner and registry cleaner when you're done. This will clean up pretty much any junk thats clogging up your machine (temp files, recycling bin, etc..., while the registry cleaner will clean up extra unused extensions, especially those used with the trojans/adware/virus).

 

[burrellsjeep]

Deleting the user seems to have corrected the issue, I will check out the Ccleaner also

 

[Zachs]

Alot of these new ones ARE user specific. They usually reside in the c:\documents and settings\*user*\local data or application data

 

[catfishblues]

Isn't Spyhunter in itself a malware program? I always thought it was a thinly-veiled Spybot copy that installed itself and some "virus" on your comp, then charged you to clean it up and set you up with a recurring charge without your knowledge. At least, that's what it did to my folks. Took a couple months of $40 charges for them to pick it up. They charge from different names every month to throw you off the trail.

 

[kaiser715]

You cannot kill this thing, you will be doing this at least once every two weeks. best bet is to reformat.

You can kill it, and keep it gone. I clean several per week (new customers, not the same machine over and over) Only problem I've had killing one is when the user kept fighting and/or working around it, trying different stuff to get rid of it that doesn't work, and had the machine so screwed up it was faster and easier to just reload everything. Most times, if folks call as soon as they get it, it is easy enough to remove.

Boot into 'safe mode with networking' and d/l and install Malwarebytes, update, run, reboot, and that takes care of it 97% of the time...as long as the machine hasn't been messed with too much.

Also, get rid of spyhunter and adware.
only use malwarebytes and searchanddestroy.

x1000

 

[burrellsjeep]

You can kill it, and keep it gone. I clean several per week (new customers, not the same machine over and over) Only problem I've had killing one is when the user kept fighting and/or working around it, trying different stuff to get rid of it that doesn't work, and had the machine so screwed up it was faster and easier to just reload everything. Most times, if folks call as soon as they get it, it is easy enough to remove.
Boot into 'safe mode with networking' and d/l and install Malwarebytes, update, run, reboot, and that takes care of it 97% of the time...as long as the machine hasn't been messed with too much.
x1000

The Issue I had was it still came up in safe mode, that was a first for me, and it would not in any manner let malwarebytes run under that user.

 

[burrellsjeep]

Alot of these new ones ARE user specific. They usually reside in the c:\documents and settings\*user*\local data or application data

Yeah I was able to delete the user with all his files, He really just gets on the internet with his log in, He is not a computer guy, So nothing was lost

 

[bonecrusher]

even though you deleted the user I would still run the malwarebytes program and the search and destroy just to make sure.

 

[burrellsjeep]

even though you deleted the user I would still run the malwarebytes program and the search and destroy just to make sure.

Oh I did, and upgraded to the real time protection malwarebytes to try and prevent it.