i need comp help

[J-Rock]

i have some viruses that my nortons is unable to repair... so a lot of good that prog is doin me. anyways they are super anooying and making my machine run slower and everything so any suggestions or anything? any help is much appreciatd, though, if i could fix it without wiping the slate clean id be a whole lot more happy

[Archangelus]

Well, Norton should have identified the files, but it probably tells you that you can't delete them. If you have WinXP, you can try two things.

One, bring up Task Manager (press Ctrl+Shift+Esc) and kill the processes that have the same name as the files Norton is trying to delete, and then delete the files themselves.

Two, try rebooting and going into Safe Mode. Then try to delete the files.

-Arch

[BadAsh]

Also be sure to turn off your system restore. right-click on my computer, select properties, system restore and put a check in the "turn off system restore on all drives" box, that way the virus can't hide out in there.

[J-Rock]

i cant find any proceses with similar names, so one is called downloader.trojan and one is called bloodhound.exploit.6 im gonna keep tryn so ill take anymore sugestions if ya got em.

[J-Rock]

i found the folder where it says the virus is and deleted everything in there. but then i go to my internet and it comes right back so i dunno what the hell im supposed to do.

[XoR]

Midnightservice told me of these 2 programs a while ago and I am very glad he did. They are : AdAware and SpyBot.

I would do full scans with both and see if it goes away.

Otherwise if you're hit bad, a format and restore is probably the best thing to do.

[Archangelus]

From Norton's Website:

How to remove Downloader.Trojan: <- Click for link to full doc

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as Downloader.Trojan.
5. Edit the registry and look for references to the Trojan.

For specific details on each of these steps, read the following instructions.

1. Disabling System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
"How to disable or enable Windows Me System Restore"
"How to turn off or turn on Windows XP System Restore"

For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.

2. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

3. Restarting the computer in Safe mode or VGA mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode.
For Windows 95, 98, Me, 2000, or XP users, restart the computer in Safe mode. For instructions, refer to the document, "How to start the computer in Safe Mode."
For Windows NT 4 users, restart the computer in VGA mode.


4. Scanning for and deleting the infected files
Start your Symantec antivirus program and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
Run a full system scan.
If any files are detected as infected with Downloader.Trojan, write down the path and file names, and then click Delete.

5. Editing the registry


--------------------------------------------------------------------------------
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
--------------------------------------------------------------------------------

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to each of these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


For each one, in the right pane, delete any values that refer to any files that were detected as Downloader.Trojan.

Exit the Registry Editor.

_________________________________________________________________________________________________

Instructions for removing Bloodhound.Exploit.6: <- Click for link to full doc

Apply the patch for the vulnerability as described in Microsoft Security Bulletin MS04-013.

Hope this all helps. If you have any problems, make sure you read the docs on Norton's site that I linked to.

-Arch

[midnightservice]

Spybot and Adaware will remove the files downloaded from the trojan but not the trojan.......Norton will not remove the download.trojan either (no matter what there site says). Go to http://www.moosoftware.com and downlaod the trial The Cleaner and it will get rid of the trojan and everything it d/l to your pc. Hope this helps.

-Mid

[Archangelus]

They don't say they get rid of it Mid. They just tell you that they can detect it, and then give you instructions on how to remove it.

-Arch

[XoR]

Hmm, I had the thing on my laptop and Adaware wiped it right off never to return. Results vary I guess.

[J-Rock]

thanks for all the help guys. seems like i read through every windows and nortons thing about these things and nothing they said seemed to help. ill work on these things and let ya know how it goes i guess. if i dont post again for a while well then... i prolly blew up my comp or something. anyways, once again thanks for the hlp and sugestions.

your pal,
J-Rock

[FatGayOrc]

here's a problem of mine....

Internet Explorer stopped working properly. it's extremely slow all the time and freezes far too often to be usuable. Wifey installed a video editing program on the same day Explorer began to act up but we have since deleted that program.

i had to install Netscape to get back to normal. this happened to Wifey's mom as well a few weeks later (a few days ago). i remember having to install Netscape on my mom's computer for a similar reason a few months ago but i thought that was because she has a PentiumII.

any ideas if there is a bug that went around attacking Explorer???????????????????????

thanks

[Grudge]

sounds like the sasser worm Orc http://securityresponse.symantec.com/av ... .tool.html
anyone else know?

[FatGayOrc]

thanks Grudge

i ran the tool but no sasser found

Explorer still unhappy

[midnightservice]

sounds liek to me you have more spyware than you can handle run spybot and adaware. Should fix up IE all together. I only run Netscape now. Spyware does not hit netscape as hard as IE