Overclock.net banner

1 - 20 of 28 Posts

·
Registered
Joined
·
1,551 Posts
Discussion Starter #1
how do i get rid of it, i ended the process moved to volt and deleted folder it makes in programs. but then it comes back a while later witha new procress name, and the folder is there again. any way to delete this thing/ I jus finished getting everything on my conroe rig <img src="/images/smilies/frown.gif" border="0" alt="" title="Frown" class="inlineimg" />
 

·
I TeK things...
Joined
·
17,421 Posts
install avg free: <a href="http://free.grisoft.com/freeweb.php/doc/2/" target="_blank">http://free.grisoft.com/freeweb.php/doc/2/</a>
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #3
Already got that, moved to vault, deleted, it came back under a new process. i think I may have finally isolated it.
 

·
Premium Member
Joined
·
6,588 Posts
Boot into safemode and use an anti-virus app. Some trojans require manual deletion. If nothing else, use Google. People have material documented to remove specific spyware/trojans.
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #5
Ill try safemode, in my panic i overlooked that simple procedure, thanks.
 

·
Registered
Joined
·
193 Posts
You might need to go into your registry, and delete all signs of it that way. Sometimes, a missed dll or pf file sets to run the virus, and if a needed file is not found, it can be scripted to open a port and redownload the files. My advice to you would be to find the application, if any, in task manager and find the process tree. Or in task manager, find the process, ie. lsass.exe, and then boot into safe mode without networking, if that is how your connection is set up, or unplug your ethernet cable, do not rely on just disabling your network connection via windows. While in safe mode,delete all branches of the virus, then search the registry via the "find next" option, delete all instances of the virus, and before shutting down out of safe mode, empty recycling bin, AND delete them from the RECYCLER file in C:\\.(NOTE: you cannot just delete the main or subfolders for RECYCLER, you have to go inside and manually delete the files. ALSO, to find the RECYCLER folder, you need to go to tools, folder options, view, and then tick the show hidden files and folders, then click apply. After all that, restart back into windows to see if it is gone.<br />
<br />
NOTE: The reference I made to lsass.exe, is this: Because of the default font of Windows, uppercase I and lowercase L look exactly the same. So the process lsass.exe(Uppercase I) is indeed a system process, on the otherhand, lsass.exe(Lowercase L) is a trojan/malware/browser pirate. <br />
<br />
Hope this little tidbit helped you any, and good luck <img src="/images/smilies/smile.gif" border="0" alt="" title="Smile" class="inlineimg" />
 
  • Rep+
Reactions: SilentStryke

·
Registered
Joined
·
1,551 Posts
Discussion Starter #7
Wow nice detail, thanks man <img src="/images/smilies/biggrin.gif" border="0" alt="" title="Big Grin" class="inlineimg" /> So far it hasnt re appeared I scanned several times, and manually found a .dll file called toolbar888, which i think created the file called iget2 or something with got the virus, after ending a few random processes, b111 (i knew that aint real) exentually think i got it. if it reoccurs i may tap into registry, but thats dangerous, thats the lifestream of ones PC <img src="/images/smilies/smile.gif" border="0" alt="" title="Smile" class="inlineimg" />
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #8
I want to schedule a boot scan, any program thatll do that other then avast
 

·
Overclock Failed...
Joined
·
13,565 Posts
<div style="margin:20px; margin-top:5px; ">
<div class="smallfont" style="margin-bottom:2px">Quote:</div>
<table cellpadding="6" cellspacing="0" border="0" width="99%">
<tr>
<td class="alt2" style="border:1px inset">

<div>
Originally Posted by <strong>SilentStryke</strong>

</div>
<div style="font-style:italic">... created the file called iget2 or something <br />
<br />
... if it reoccurs i may tap into registry, but thats dangerous, thats the lifestream of ones PC <img src="/images/smilies/smile.gif" border="0" alt="" title="Smile" class="inlineimg" /></div>

</td>
</tr>
</table>
</div>This will find what is putting it back.<br />
<a href="http://en.wikipedia.org/wiki/Dependency_walker" target="_blank">http://en.wikipedia.org/wiki/Dependency_walker</a>
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #10
It keeps installing stuff When I boot, which re downloads the trojan, getting annoying.
 

·
Banned
Joined
·
1,467 Posts
use hijackthis , and then look for the string with the dll you deleted earlier. and use hijack this to delete it .. worth a shot.. also if its on disable your system restore. it might be in there and if it is , your not getting rid of it.
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #12
Tried that, thats kinda useless no offense <img alt="" class="inlineimg" src="/images/smilies/smile.gif" style="border:0px solid;" title="Smile"> Heres what it came up with.<br><br><img alt="" src="http://img208.imageshack.us/img208/5518/trojanzk4.jpg" style="border:0px solid;">
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #13
Guess Ill reformat, after getting everything on my PC I was a moron and downloaded a program from a p2p client... Hope this serial works again, last time I had to call because I formated and used this disk to many times it said, microsoft bastards!
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #15
Thats been off since day 1
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #16
Its called deluxe communications, you can see them there, but I cant delete them even in hijackthis they still come up after scan, and manually says there in use but I see no process.
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #17
Grrr i dont know what its in use by...
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #18
Got rid of deluxe communications adware thing, now theres one empty folder in it called microsoft.net, its empty but its in use or right protected anyway to delete this?
 

·
Registered
Joined
·
1,551 Posts
Discussion Starter #19
Anyone?
 

·
Overclock Failed...
Joined
·
13,565 Posts
<div style="margin:20px;margin-top:5px;">
<div class="smallfont" style="margin-bottom:2px;">Quote:</div>
<table border="0" cellpadding="6" cellspacing="0" width="99%"><tr><td class="alt2" style="border:1px inset;">
<div>Originally Posted by <strong>SilentStryke</strong></div>
<div style="font-style:italic;">Anyone?</div>
</td>
</tr></table></div>
If you use the dependancy walker you will be able to find the trojan that is putting the file back. Then delete the trojan.<br><br>
AV programs or hijack this type progrms usually can't fix trojans, because they only see what the trojan is installing, not the trojan itself.<br><br>
If you have trouble deleting the trojan, you may have to do it from safe mode, or from an administrator account. They can be very nasty things. You may even need a process stopper to halt the trojan so it can be deleted.<br><br>
P2P is fun, isn't it? There <b>are</b> other ways.
 
1 - 20 of 28 Posts
Top