Need a virus remover.

[Caltson]

Ok so its like spyware or a trojan. But with avast, its so damn confusing. All i need it to do is search the registry key and that stuff, ((where the viruses, spyware, or trojan was found)) but it scans the whole system and will take like 6 hours. I need help 

Look, If you really want to delete that key take a look to this :

Virusses

Virusses are the most common form of internet attacks. When you get infected, most common problems are unwanted spam messages / Websites / Programs you didn't even install or in harder cases even the disabling of some features of your windows. Whenever you have a problem it ALWAYS can be fixed, no matter how worse it is.

Anti - Virus Programs

For every virus excists a cure, the most virusses can be easily solved by installing Anti Spy / Malware applications. Here goes a list of approved virusscanners by me.

AVG 8.0 -  AVG Is one of the most user friendliest Virusscanners wich is good for daily use. It can detect items on open, Meaning when you open a file, it will be warning you that the file can bring possible damage to the system.
AVG Also can scan on virusses itself, But it's not effective against malware.

MalwareBytes AntiMalware - This is a Anti - Malware application wich is very powerfull against Malware specific. It can get rid of most annoying virus applications that comes along. (Fake Virus Scanners, Spam Messages,.... ) This better gets installed BEFORE getting infected as virusses are known to block the installer.exe file of this scanner. However you mostly can resolve this just by changing name. (ex. iFool_Thevirus.exe) This application is only able to scan, and cannot detect items on open.

SuperAntiSpyware Another application, This one mostly protects you from bad cookies (Not joking), Trackers, And even keyloggers / Hijackers can be stopped / Deleted by this application. However, It is very unusable against Virusses NOR Malware.

Features Blocked

In some cases a virus might disable some of your functions wich you'll need to operate good.
These kind of Restrictions mostly cannot be solved by virusscanners, So another tactic will be needed.

Registration Repair Tools (RRT) Are able to Enable ALL of your functions like they once used to be.
These tools can be found over the internet, Yet also you can add them as .reg file to the register.

Most Common Restrictions

Task Manager Whenever this function gets disabled, You can simply open notepad, and paste following code into it.

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000

Then, Save this as ****.reg and double-click on it. Choose yes when prompted to add this to the registry.
Reboot, and after that you should be able to have open the Task manager once again.


System Restore Whenever System Restore is Disabled, You can activate it back via the 'System Restore' tab of your computer properties, Whenever this option is disabled by a virus, you can activate the system restore with following code :

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=dword:00000000
"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
  00,00,00
"DisplayName"="System Restore Filter Driver"
"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000000
"DontBackup"=dword:00000000
"MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
"0"="Root\\LEGACY_SR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=dword:00000000

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
Then, Save this as ****.reg and double-click on it. Choose yes when prompted to add this to the registry.
Reboot, and after that you should be able to have open the Task manager once again.


Register Editor   When this is disabled, you cannot acces the registry to modify / Delete malicious keys. Enable can also be done by making a script;

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"**.del.DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"**del.DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

Then, Save this as ****.reg and double-click on it. Choose yes when prompted to add this to the registry.
Reboot, and after that you should be able to have open the Task manager once again.


Wallpapers Unchangeable Also a common issue is that your unable to change your wallpaper when viewing your Desktop properties. This can only be undone by a script.

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000
"NoHTMLWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=hex:00,00,00,00
"NoActiveDesktop"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoFolderOptions"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"NoCDBurning"=dword:00000000
"NoComputersNearMe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"NoActiveDesktopChanges"=hex:00,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=-
"WallPaperStyle"=-

List of current known virusses and how to delete

- Antivirus 2009 - Deletable by Malwarebytes. (Can be shut down in Processes, Or in MSCONFIG )

- XP Police - Deletable by Malwarebytes         (Can be shut down in Processes, Or in MSCONFIG )

- Any unwanted message right of your taskbar clock - Deletable by AVG, Malwarebytes.

- MS AV2009 - Deletable by Malwarebytes or by hand (delete folder C:\Program Files\MS-AV09 )

- Flashing Warning Sign as background : Deletable by Malwarebytes or with Enable Wallpaper Script

List of Potential dangerous Processes

CLI.exe - Can give infinite amount of fake error messages, wich have to be clicked away time after time.

av2009.exe - Brings up a fake Virus Scanner wich will try to scam you by purchasing fake software.

VBS.exe - Might be not a virus, when you made a script yourself and got it running, Otherwise it may be a virus that will bring up fake messages, Open / Close your CD / DVD Drive automaticly, or make your pc have weird bleeping sounds.

Thisisnovirus.exe The name says enough.

MS.exe Same working as AV2009.







TOPIC LAST UPDATED ON 15/2/09

Topic found here :

http://www.wshadows.com/forum/index.php?topic=537.0

[Juraj_horvath]

Hmmm...well antivirus, im using NOD 32, i like it its working by itsself, and i mean that it wont pop up a window say OMG OMG THIS IS A VIRUS!!! when its idk a crack or something. It just shows little window in the corner and says: C:folder/virus has been put in quarantine or somthing like that, automatically scans computer, very good i recommend it!