How to delete a virus??? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 03-03-2005, 01:10 PM   #1 (permalink)
Junior Techie
 
Join Date: Nov 2003
Posts: 90
Default How to delete a virus???

I run Win XP, Internet Explorer 6.0.xxx?, Norton Internet Security, Microsoft Antispyware.

Basically NAV found a virus the other day. I had the choice of deleting it, which I did, but NAV could not delete the virus file. The other option was to "skip" it so every time I run NAV, it finds the same virus again. I checked the path/location of the file so that I could use windows explorer to manually delete the virus. Problem is, I cannot find the directory where the virus is located, even while displaying all hidden files and folders. Also, I tried going into dos mode to find the directory but cannot.

The instructions for removing this virus include about 2 pages worth of removals in the registry but rather than do all of that, I restored from a previous point 2 days ago and the registry is clean of this virus's intrusions/commands/instructions.

I will check later when I get home and post the specific virus file name if that helps but.....

how do I delete this virus file? Any suggestions?
__________________

orangeman is offline  
Old 03-03-2005, 01:14 PM   #2 (permalink)
Super Techie
 
Join Date: Mar 2005
Posts: 261
Send a message via AIM to bigstanklo
Default

Sometimes if you google the name of the virus that will be able to help. Usually there are instructions on there on how to proceed with removing the virus.
__________________

bigstanklo is offline  
Old 03-03-2005, 01:21 PM   #3 (permalink)
Master Techie
 
Join Date: Jul 2004
Posts: 2,932
Default

A system restore won't get rid of a virus. At most, it'll make it laugh.

Try going into safe-mode and deleting it then. Also, like big said above, do some research. See if there's a method for removal, or maybe even a cleaner patch. Check NAV's website to see what they say about the virus and how to remove it. If they log it, they've got something on it, and if the app can't remove it, chances are they've got some info for you.

If that doesn't work, pour chlorine, bleech, and drain-O in the drive, and shake till the lil' bugger's dead.
__________________

-----------------------------------------------
Don\'t hate the player...Hate the game...
ShoobieRat is offline  
Old 03-03-2005, 05:49 PM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Your best bet will be a manual removal in the registry, using safe mode...
__________________
Osiris is offline  
Old 03-03-2005, 11:21 PM   #5 (permalink)
Junior Techie
 
Join Date: Nov 2003
Posts: 90
Default

Well, the virus is ADWARE.CDT

I went into safe mode but still cannot find the subfolder (allowed to view hidden files and folders). The file is supposedly located at...

c:\documents and settings\neil\local settings\temporary internet files\content.ie5\sl6nq2wx\elizabeth-pena6[1].htm

but when I go to "c:\documents and settings\neil\local settings\temporary internet files" there are no subfolders listed so I cannot go any further to locate the file. The search function does not help either.

If I go to the other users in the same manner I can see the sub folders listed for them under "temporary internet files"

Also, in safe mode, NAV still cannot delete the virus

What gives??? help
orangeman is offline  
Old 03-04-2005, 06:32 AM   #6 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Click Start > Run.
Type regedit

Then click OK.


Navigate to and delete these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Ranges\Range1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Ranges\Range1


Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0


In the right pane, delete the values:

" ppcimdnnnjbeahepfabjipfginloedkg egckak" = "CDT inc."
"goicfboogidikkejccmclpieicihhlpo ejemdn" = "MediaTickets"
"goicfboogidikkejccmclpieicihhlpo bihgbp" = "Integrated Search Technologies"


Navigate to the keys:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings


In the right pane, delete the values:

"MinLevel" = "Code Download"
"Safety Warning Level" = "SucceedSilent"
"Security_RunActiveXControls" = "0x01000000"
"Security_RunScripts" = "0x01000000"
"Trust Warning Level" = "No Security"


Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\2


In the right pane, delete the values:

"2001" = "0x00000000"
"2004" = "0x00000000"


Exit the Registry Editor.
__________________
Osiris is offline  
Old 03-04-2005, 08:16 AM   #7 (permalink)
Monster Techie
 
Join Date: Nov 2004
Posts: 1,343
Send a message via AIM to southernlady Send a message via Yahoo to southernlady
Default

Restart to Safe Mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Show hidden files & folders

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Reboot

Empty the Recycle Bin

Liz
__________________
<font size=\"1\"><a href=\"http://www.prioritycomputers.net/\" target=\"_blank\">Priority Computers</a> | <a href=\"http://www.majorgeeks.com/download506.html\" target=\"_blank\">AdAware SE</a> | <a href=\"http://www.majorgeeks.com/download2471.html\" target=\"_blank\">SpyBot-Search & Destroy</a> | <a href=\"http://www.majorgeeks.com/download2859.html\" target=\"_blank\">SpywareBlaster</a> | <a href=\"http://www.majorgeeks.com/download3045.html\" target=\"_blank\">SpywareGuard</a> | <a href=\"http://www.majorgeeks.com/download3155.html\" target=\"_blank\">HijackThis</a> | <font color=\"red\"> <a href=\"http://www.stealingisillegal.com/\" target=\"_blank\">Stealing is illegal</font></a> <form action=\"http://www.theriddlehouse.com/random/tfsearch.php\" method=\"get\"><br />
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search Tech-Forums!\"></form><font size=\"1\"><i>Powered by Emily!</i></font><br />
<br />
southernlady is offline  
Old 03-04-2005, 10:35 AM   #8 (permalink)
Lord Techie
 
Join Date: Jan 2005
Posts: 8,013
Send a message via AIM to DJ-CHRIS
Default

That's good advice above, but it seems easier to reinstall XP than remove everything from the registery
DJ-CHRIS is offline  
Old 03-04-2005, 06:56 PM   #9 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

Quote:
Originally posted by southernlady
Restart to Safe Mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Show hidden files & folders

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Reboot

Empty the Recycle Bin

Liz
this is the route I would take. this is how I get rid of viruses only I empty the recycle bin in safe mode

Warez monster's way would work, but that is too technical for me
EricB is offline  
Old 03-04-2005, 07:02 PM   #10 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Yea, it is some work but reinstalling an os will take longer, unless you have an image..but as long as the problem gets solved..
__________________

__________________
Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 08:51 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.