Can't delete possible virus.. help

Discussion in 'Security and Anti-Virus Software' started by amitface, Jul 27, 2007.

Thread Status:
Not open for further replies.
  1. amitface

    amitface Notebook Evangelist

    Reputations:
    4
    Messages:
    306
    Likes Received:
    0
    Trophy Points:
    30
    I have a virus that doesn't let me enter the word virus, trojan, antivirus, etc into web browsers. It just shuts down if it detects anything of the sort in a text box. I don't have a virus scanner, but I downloaded Security Task Manager and found a .dll file that is running. According to STM, the file contains all the words that cause the browser to shut down, so I'm convinced that this is (part of, at least) the problem.

    STM told me the location of the file, but since it's a demo, it won't delete it for me. So I'm trying to delete it myself. I can't find it using Windows Explorer, even when I tell it to show hidden files. I went into the command prompt and went into the directory. It does not show the file when it lists, but it lets me edit it. It also shows up when I do dir \A:H. However, it does not let me delete it. It keeps saying it can not find the file.

    What do you suggest??
     
  2. Overclocker

    Overclocker Notebook Evangelist

    Reputations:
    28
    Messages:
    355
    Likes Received:
    0
    Trophy Points:
    30
    Have you tried booting into safe-mode, and deleting it that way?

    (Note my preferred solution for viruses is always to reinstall the OS, but we might as well try other things first)
     
  3. amitface

    amitface Notebook Evangelist

    Reputations:
    4
    Messages:
    306
    Likes Received:
    0
    Trophy Points:
    30
    Yes, trying to boot into Safe Mode results in a blue screen :x

    Reinstalling the OS is my last resort. I'll do it if there's no other way to get rid of this.
     
  4. Overclocker

    Overclocker Notebook Evangelist

    Reputations:
    28
    Messages:
    355
    Likes Received:
    0
    Trophy Points:
    30
    Try AVG Free: http://free.grisoft.com/doc/2/

    It might not allow you to install the program (it being the virus), but it's worth a try. If you manage an install, you should be able to whack it.
     
  5. Ethyriel

    Ethyriel Notebook Deity

    Reputations:
    207
    Messages:
    1,531
    Likes Received:
    0
    Trophy Points:
    55
    Bitdefender and Kaspersky also both have free versions without the background scanning, and Eset also offers a trial for Nod32.
     
  6. brianstretch

    brianstretch Notebook Virtuoso

    Reputations:
    440
    Messages:
    3,667
    Likes Received:
    0
    Trophy Points:
    105
    ClamWin might work too. It doesn't do background scanning (last I checked) and it's unlikely that the worm would recognize it.
     
  7. zinfandel

    zinfandel Notebook Consultant

    Reputations:
    3
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    30
  8. t12ek

    t12ek Notebook Consultant

    Reputations:
    9
    Messages:
    190
    Likes Received:
    0
    Trophy Points:
    30
    I work at an IT HelpDesk and have quite a bit of experience removing malware from Windows machines, and what I've found to be the most effective way to get rid of a virus is to use a bootable LiveCD of some sort so you can access the hard drive without starting the OS on the hard drive itself.

    You can either build a BartPE disk, you will need a Windows installation disk (not Vista) to be able to build one though. http://www.nu2.nu/pebuilder/
    Or alternatively, you could boot into a Linux LiveCD with NTFS read/write, I'm not sure which LiveCDs have NTFS read/write by default, but the Ubuntu LiveCD might, but if it doesn't, and you have internet access you can download the ntfs-3g package to add ntfs read/write (instead of just read). You can get the Ubuntu LiveCD here: http://www.ubuntu.com/

    Anyway, try reading up on those a little, if you need me to go into more detail about any of that, feel free to ask.

    Oh, and by the way, if you're not certain if the file is a bad one or not, rename it instead of deleting it, that way you can always restore it if necessary (rename it to something like, original_filename.dll.suspect)
     
  9. t12ek

    t12ek Notebook Consultant

    Reputations:
    9
    Messages:
    190
    Likes Received:
    0
    Trophy Points:
    30
    Oh, and, what Windows version are you running?
     
  10. Overclocker

    Overclocker Notebook Evangelist

    Reputations:
    28
    Messages:
    355
    Likes Received:
    0
    Trophy Points:
    30
    A Live CD is a great idea. Almost all of them come with virus scanners. Pick one that can write to NTFS, and use it to delete the virus after finding it.

    However, report back first to let us know if any of the AV programs suggested so far did the trick.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page