Argonath RPG - A World of its own

Argonath RPG Community => Hardware/Software support => Resolved issues => Topic started by: Matthew_Cipricla on February 14, 2009, 04:42:28 pm

Title: Need a virus remover.
Post by: Matthew_Cipricla on February 14, 2009, 04:42:28 pm: Apparently I have acouple viruses and threats on my computer and need a good FREE virus remover. I had one before but I deleted it, and now I wish I wouldnt have.
Title: Re: Need a virus remover.
Post by: Wash on February 14, 2009, 04:56:46 pm: avast is free I believe.
Title: Re: Need a virus remover.
Post by: cDa on February 14, 2009, 04:59:31 pm: yes avast home is free (send mail to recive free reg cide) and good too
Title: Re: Need a virus remover.
Post by: Devin on February 14, 2009, 06:34:38 pm: yea :devroll: avast is the best free one you get and usefull
Title: Re: Need a virus remover.
Post by: Caltson on February 14, 2009, 06:41:05 pm: http://www.wshadows.com/forum/index.php?topic=537.0

More information there
Title: Re: Need a virus remover.
Post by: Link9rly on February 14, 2009, 07:29:14 pm: SuperAntispyware worked on removing that trojan (Norton picked it up but did nothing) Keep in mind, no Real Time detection here.
http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe
Title: Re: Need a virus remover.
Post by: Matthew_Cipricla on February 14, 2009, 07:59:26 pm: Well the trojan I have isnt f*cking up my computer. Actually, I have shown no signs and no slowing down. Hopefully I caught it early. And i really dont have any important files on my comp. So hopefully this works guys. Thanks. I will request topic to be locked after i try them. :)

EDIT: I need a link to that avast. I went on acouple ones I found on google and you had to pay for it...
Title: Re: Need a virus remover.
Post by: Caltson on February 14, 2009, 08:35:28 pm: http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

I strongly disadvise Avast as this can give errors while removing the program..

Try MBAM with the link i mentioned in this post.
That application is able to delete most forms of malicious software, probably including yours.
Title: Re: Need a virus remover.
Post by: Devin on February 14, 2009, 08:38:53 pm: nooo ryan.. you mental?? Avast is perfect for everything and nothing happens wen removing it :rules:

heres the link to get avast:
http://www.avast.com/eng/download-avast-home.html
Title: Re: Need a virus remover.
Post by: Caltson on February 14, 2009, 11:38:05 pm: Quote from: MadBoi_Seville on February 14, 2009, 08:38:53 pm
nooo ryan.. you mental?? Avast is perfect for everything and nothing happens wen removing it :rules:

heres the link to get avast:
http://www.avast.com/eng/download-avast-home.html

Did you remove it for more than 20 times?

I did... I have experience with all different programs as PC Engineer, Avast gave an error on 2/10 wich isn't less..
Title: Re: Need a virus remover.
Post by: 9r2e5i3k on February 14, 2009, 11:44:51 pm: For removing trojans, I would reccomend ComboFix (google it)

For anti-virus protection in real time (for free), avast is the best I guess (link was posted before)
Title: Re: Need a virus remover.
Post by: Matthew_Cipricla on February 16, 2009, 03:20:04 am: Ok so its like spyware or a trojan. But with avast, its so damn confusing. All i need it to do is search the registry key and that stuff, ((where the viruses, spyware, or trojan was found)) but it scans the whole system and will take like 6 hours. I need help :(
Title: Re: Need a virus remover.
Post by: Wash on February 16, 2009, 04:58:00 am: Well, if you want, you can 'get' malwarebytes'. By far the best remover I have used. I had some virus or something on my PC, I even formatted it to try and get rid of it.. still wouldn't go. I downloaded this, and bam, it detected 33 trojan's and deleted them. add me on msn: [email protected] if you want me to 'give' you the software.
Title: Re: Need a virus remover.
Post by: SugarD on February 16, 2009, 06:32:22 am: Avast also protects from some script/web bugs, malicious site access, rootkits, and some spyware. On another note, yes, it does protect against and remove trojans.

Go to Avast.Com and download Avast Home Edition (Free) for PC. Install it and restart your computer when prompted. Go back to the page where you downloaded it and "register" for the free registration key, (they don't contact you. All they do is send you the key via email), and then enter it into Avast. Update, scan, remove the malware, done. Avast will also auto-update every time you log in or restart your computer. It is a well-known program and I use it on ALL of my PC's and my Mac. It works great. It's real-time protection is included. I highly recommend it. It's also very well known and widely used.
Title: Re: Need a virus remover.
Post by: Yihka on February 16, 2009, 09:31:11 pm: Malwarebytes work good for a free program.

I suggest using it if you don't want to install much software and such.

http://www.malwarebytes.org/

I use it myself sometimes if I think I have a virus... But malware bytes hasnt detected virusses so far ( aVG probably already killed them with the laser tower and the fire wall )
Title: Re: Need a virus remover.
Post by: Caltson on February 16, 2009, 10:35:49 pm: Quote from: Matthew_Cipricla on February 16, 2009, 03:20:04 am
Ok so its like spyware or a trojan. But with avast, its so damn confusing. All i need it to do is search the registry key and that stuff, ((where the viruses, spyware, or trojan was found)) but it scans the whole system and will take like 6 hours. I need help :(

Look, If you really want to delete that key take a look to this :

Quote from: RyanC on February 10, 2009, 01:54:23 am
Virusses

Virusses are the most common form of internet attacks. When you get infected, most common problems are unwanted spam messages / Websites / Programs you didn't even install or in harder cases even the disabling of some features of your windows. Whenever you have a problem it ALWAYS can be fixed, no matter how worse it is.

Anti - Virus Programs

For every virus excists a cure, the most virusses can be easily solved by installing Anti Spy / Malware applications. Here goes a list of approved virusscanners by me.

AVG 8.0 - AVG Is one of the most user friendliest Virusscanners wich is good for daily use. It can detect items on open, Meaning when you open a file, it will be warning you that the file can bring possible damage to the system.
AVG Also can scan on virusses itself, But it's not effective against malware.

MalwareBytes AntiMalware - This is a Anti - Malware application wich is very powerfull against Malware specific. It can get rid of most annoying virus applications that comes along. (Fake Virus Scanners, Spam Messages,.... ) This better gets installed BEFORE getting infected as virusses are known to block the installer.exe file of this scanner. However you mostly can resolve this just by changing name. (ex. iFool_Thevirus.exe) This application is only able to scan, and cannot detect items on open.

SuperAntiSpyware Another application, This one mostly protects you from bad cookies (Not joking), Trackers, And even keyloggers / Hijackers can be stopped / Deleted by this application. However, It is very unusable against Virusses NOR Malware.

Features Blocked

In some cases a virus might disable some of your functions wich you'll need to operate good.
These kind of Restrictions mostly cannot be solved by virusscanners, So another tactic will be needed.

Registration Repair Tools (RRT) Are able to Enable ALL of your functions like they once used to be.
These tools can be found over the internet, Yet also you can add them as .reg file to the register.

Most Common Restrictions

Task Manager Whenever this function gets disabled, You can simply open notepad, and paste following code into it.

Code: [Select]
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 "**del.DisableTaskMgr"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DisableCAD"=dword:00000000
Then, Save this as ****.reg and double-click on it. Choose yes when prompted to add this to the registry.
Reboot, and after that you should be able to have open the Task manager once again.

System Restore Whenever System Restore is Disabled, You can activate it back via the 'System Restore' tab of your computer properties, Whenever this option is disabled by a virus, you can activate the system restore with following code :

Code: [Select]
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"=dword:00000000 "DisableSR"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSaveSettings"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr] "Type"=dword:00000002 "Start"=dword:00000000 "ErrorControl"=dword:00000001 "Tag"=dword:00000004 "ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\ 00,00,00 "DisplayName"="System Restore Filter Driver" "Group"="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters] "FirstRun"=dword:00000000 "DontBackup"=dword:00000000 "MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum] "0"="Root\\LEGACY_SR\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"=dword:00000000 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore] [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
Then, Save this as ****.reg and double-click on it. Choose yes when prompted to add this to the registry.
Reboot, and after that you should be able to have open the Task manager once again.

Register Editor When this is disabled, you cannot acces the registry to modify / Delete malicious keys. Enable can also be done by making a script;

Code: [Select]
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "**.del.DisableRegistryTools"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System] "**del.DisableRegistryTools"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSaveSettings"=dword:00000000
Then, Save this as ****.reg and double-click on it. Choose yes when prompted to add this to the registry.
Reboot, and after that you should be able to have open the Task manager once again.

Wallpapers Unchangeable Also a common issue is that your unable to change your wallpaper when viewing your Desktop properties. This can only be undone by a script.

Code: [Select]
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoChangingWallPaper"=dword:00000000 "NoAddingComponents"=dword:00000000 "NoComponents"=dword:00000000 "NoDeletingComponents"=dword:00000000 "NoEditingComponents"=dword:00000000 "NoCloseDragDropBands"=dword:00000000 "NoMovingBands"=dword:00000000 "NoHTMLWallPaper"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispBackgroundPage"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispScrSavPage"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktopChanges"=hex:00,00,00,00 "NoActiveDesktop"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispCPL"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSaveSettings"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ClassicShell"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoFolderOptions"=dword:00000000 "NoSimpleStartMenu"=dword:00000000 "NoCDBurning"=dword:00000000 "NoComputersNearMe"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] "NoActiveDesktopChanges"=hex:00,00,00,00 "NoActiveDesktop"=dword:00000000 "NoSaveSettings"=dword:00000000 "ClassicShell"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "Wallpaper"=- "WallPaperStyle"=-
List of current known virusses and how to delete

- Antivirus 2009 - Deletable by Malwarebytes. (Can be shut down in Processes, Or in MSCONFIG )

- XP Police - Deletable by Malwarebytes (Can be shut down in Processes, Or in MSCONFIG )

- Any unwanted message right of your taskbar clock - Deletable by AVG, Malwarebytes.

- MS AV2009 - Deletable by Malwarebytes or by hand (delete folder C:\Program Files\MS-AV09 )

- Flashing Warning Sign as background : Deletable by Malwarebytes or with Enable Wallpaper Script

List of Potential dangerous Processes

CLI.exe - Can give infinite amount of fake error messages, wich have to be clicked away time after time.

av2009.exe - Brings up a fake Virus Scanner wich will try to scam you by purchasing fake software.

VBS.exe - Might be not a virus, when you made a script yourself and got it running, Otherwise it may be a virus that will bring up fake messages, Open / Close your CD / DVD Drive automaticly, or make your pc have weird bleeping sounds.

Thisisnovirus.exe The name says enough.

MS.exe Same working as AV2009.

TOPIC LAST UPDATED ON 15/2/09

Topic found here :

http://www.wshadows.com/forum/index.php?topic=537.0
Title: Re: Need a virus remover.
Post by: Juraj_horvath on February 19, 2009, 05:59:36 pm: Hmmm...well antivirus, im using NOD 32, i like it its working by itsself, and i mean that it wont pop up a window say OMG OMG THIS IS A VIRUS!!! when its idk a crack or something. It just shows little window in the corner and says: C:folder/virus has been put in quarantine or somthing like that, automatically scans computer, very good i recommend it!