How to delete a virus???

Status
Not open for further replies.

orangeman

Baseband Member
Messages
90
I run Win XP, Internet Explorer 6.0.xxx?, Norton Internet Security, Microsoft Antispyware.

Basically NAV found a virus the other day. I had the choice of deleting it, which I did, but NAV could not delete the virus file. The other option was to "skip" it so every time I run NAV, it finds the same virus again. I checked the path/location of the file so that I could use windows explorer to manually delete the virus. Problem is, I cannot find the directory where the virus is located, even while displaying all hidden files and folders. Also, I tried going into dos mode to find the directory but cannot.

The instructions for removing this virus include about 2 pages worth of removals in the registry but rather than do all of that, I restored from a previous point 2 days ago and the registry is clean of this virus's intrusions/commands/instructions.

I will check later when I get home and post the specific virus file name if that helps but.....

how do I delete this virus file? Any suggestions?
 
Sometimes if you google the name of the virus that will be able to help. Usually there are instructions on there on how to proceed with removing the virus.
 
A system restore won't get rid of a virus. At most, it'll make it laugh.

Try going into safe-mode and deleting it then. Also, like big said above, do some research. See if there's a method for removal, or maybe even a cleaner patch. Check NAV's website to see what they say about the virus and how to remove it. If they log it, they've got something on it, and if the app can't remove it, chances are they've got some info for you.

If that doesn't work, pour chlorine, bleech, and drain-O in the drive, and shake till the lil' bugger's dead.
 
Well, the virus is ADWARE.CDT

I went into safe mode but still cannot find the subfolder (allowed to view hidden files and folders). The file is supposedly located at...

c:\documents and settings\neil\local settings\temporary internet files\content.ie5\sl6nq2wx\elizabeth-pena6[1].htm

but when I go to "c:\documents and settings\neil\local settings\temporary internet files" there are no subfolders listed so I cannot go any further to locate the file. The search function does not help either.

If I go to the other users in the same manner I can see the sub folders listed for them under "temporary internet files"

Also, in safe mode, NAV still cannot delete the virus

What gives??? help
 
Click Start > Run.
Type regedit

Then click OK.


Navigate to and delete these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1


Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0


In the right pane, delete the values:

" ppcimdnnnjbeahepfabjipfginloedkg egckak" = "CDT inc."
"goicfboogidikkejccmclpieicihhlpo ejemdn" = "MediaTickets"
"goicfboogidikkejccmclpieicihhlpo bihgbp" = "Integrated Search Technologies"


Navigate to the keys:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings


In the right pane, delete the values:

"MinLevel" = "Code Download"
"Safety Warning Level" = "SucceedSilent"
"Security_RunActiveXControls" = "0x01000000"
"Security_RunScripts" = "0x01000000"
"Trust Warning Level" = "No Security"


Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2


In the right pane, delete the values:

"2001" = "0x00000000"
"2004" = "0x00000000"


Exit the Registry Editor.
 
Restart to Safe Mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Show hidden files & folders

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Reboot

Empty the Recycle Bin

Liz
 
That's good advice above, but it seems easier to reinstall XP than remove everything from the registery :p
 
southernlady said:
Restart to Safe Mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Show hidden files & folders

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Reboot

Empty the Recycle Bin

Liz

this is the route I would take. this is how I get rid of viruses only I empty the recycle bin in safe mode

Warez monster's way would work, but that is too technical for me
 
Yea, it is some work but reinstalling an os will take longer, unless you have an image..but as long as the problem gets solved..
 
Status
Not open for further replies.
Back
Top Bottom