How do I remove a virus I cant find?

Status
Not open for further replies.

SPL Tech

In Runtime
Messages
168
I have a pop up generator somewhere on my computer that is annoying the **** out of me. I cant get rid of it because none of my POS anti-spyware programs have been able to detect it accept for one. Spybot Search and Destroy found it along with 50 other things however I have to pay to remove it. Windows Defender, AVG anti virus, Ad-Aware SE Personal and Spyware Doctor cant detect any of the 50 infected files I have. So does anyone know of a useful free program that will detect these infected files?
 
ankit3000 said:
Try McAfee...some people say it is good although I am not sure.
McAfee is the worst. Dont use it.

If anything try BitDefender. It is reated as one of the best on the market. Use the Trial and see how it works. Also post a Hijack This log.
 
SPL Tech said:
I have a pop up generator somewhere on my computer that is annoying the **** out of me. I cant get rid of it because none of my POS anti-spyware programs have been able to detect it accept for one. Spybot Search and Destroy found it along with 50 other things however I have to pay to remove it. Windows Defender, AVG anti virus, Ad-Aware SE Personal and Spyware Doctor cant detect any of the 50 infected files I have. So does anyone know of a useful free program that will detect these infected files?


Go thru my guide :)
 
Hijack this is a application that gives a detailed report of all services running on your system.
After looking thru the report most of us here can give you a layout of what should be removed and what is alright.
 
I also downloaded AVg anti-spyware and Spyware Terminator and neither of them found the pop up generator. Here is the Hijack This log:


Logfile of HijackThis v1.99.1
Scan saved at 1:57:02 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\psmcsh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\WinClamAVShield\sp_clamsrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Me!\LOCALS~1\Temp\Rar$EX02.969\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.realmofexcursion.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Print Client Share (PrntCSh) - Unknown owner - C:\WINDOWS\system32\psmcsh.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
 
Re: Re: How do I remove a virus I cant find?

Warez Monster said:
Go thru my guide :)
I did. None of the programs were able to do anything for me. There is still 280 spyware threats that Spyware Doctor found that none of the other programs can find. Just this makes me wonder. Do these other anti-spyware programs even do anything? Are they even worth the download? Because thats pretty sad if 8 different programs cant find even one of 280 threats on my computer. Spwyare Doctor found them. But none of the other programs can.... hmmm... That does not say much about the other programs. And Ad-Aware SE seems to be the most useless of them all. It found the fewest problems...
 
Some things has changed. I downloaded some more anti-spyware programs and I did a scan with every one. I did a a scan with AVG anti-spyware, SpyCatcher, Ad-Aware SE, Spyware Terminator, Spybot S&D and Spyware Doctor. And this time EVERY SINGLE program found a Trojan or spyware threat. I removed all them. I did a second scan with Spyware Doctor and this time the scan came back clean. I did another scan with every other program and they all came back clean. However the generator is still there.

So I am wondering, if every single program found different threats, how useful are the programs? Because if you have 10 programs and they all find something different that means not one of them is working very well... That also makes me believe I may still have lots of other threats that havent been found.
 
Status
Not open for further replies.
Back
Top Bottom