This was just about the only place i found to put this. I am running Windows XP and recently found out that i had a virus. I just installed Nortons Internet security and antivirus 2005 about 3 days before i got the virus. When i started my computer up everything was workin normally untill the little nortons box came up saying that a virus has been found and deleted. When i hit ok another box popped up with the same message, the only thing different was that the file name was changed from something like

C:\Windows\temp\tmpa1.tmp
to
C:\Windows\temp\tmpa2.tmp


This box would just keep coming up with a new file untill i finally just exited out of nortons. So i did what i thought would be smart and ran my Nortons antivirus which turned up about 3 viruses named something like XXXXX.trojan. I quarentined and deleted, but the deletion failed and now when i run the antivirus it takes about 5 hours and the same virus doesnt show up.

This virus is a problem b/c my computer is running about 1/5 of its potential. When i hit ctrl-alt-del my CPU usage is finally down to about 0-7% but my PF Usage is about 1.8 Gigs and my little cpu light is always on and my computer is always making the "thinking" noise.

What should i do?

safe mode scan.

how do i get into safe mode on XP is it same as 98 or 95

Listen to oofki. When windows starts up, press F8 a bunch of times. Then when it gives you the option, boot in 'safe mode'. Run your Norton then, it may or may not take a while, but it should be able to safely delete this virus. Then reboot your window machine and update it all the way :D later

ok ill try that thank you

hey safe mode not gonna work this time frnd bcoz they work in conditions like u have changed sytem settings due to which there is some graphics resolution problem or something like that... its jus like guest in linux without gui.
but here the prob is something else .
so i suggest first of all make all ur files read only..this way the virus can't infect that..
then beeter try some registry cleaner bcoz wen virus come again n again they have a entry in registry attached to a process or at system boot..
after that if u can do open any infected file in windows editor n compare two diff files..
well out of junk u can see some .dll files written out there like msvmvb60.dll for troajan in visual basic every time they execute they require runtime binary..
try remaining them if its not system critical process..
well if even then if its not working then try on some windows xp support tools like "depends"
it shows all the libraries required by a process to start try ,
renaming or deleting any file out there ,which is not critical..,after which it will not be able to spread itself
i think that's more than good..
take care
ashtified....

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=266066#post823216) by ashtified
hey safe mode not gonna work this time frnd bcoz they work in conditions like u have changed sytem settings due to which there is some graphics resolution problem or something like that... its jus like guest in linux without gui.
I didn't quite get that. Can you translate this into english?

but here the prob is something else .
so i suggest first of all make all ur files read only..this way the virus can't infect that..

Ever tried to do that? Does your machine still work? Try making c:\windows read-only...

then beeter try some registry cleaner bcoz wen virus come again n again they have a entry in registry attached to a process or at system boot..
Close but no cigar. There are entries in the registry that make processes start at boot time.
Your virusscanner will clean those too you know.


after that if u can do open any infected file in windows editor n compare two diff files.. Good point. But don't use an editor. You won't be able to make sense of it.

well out of junk u can see some .dll files written out there like msvmvb60.dll for troajan in visual basic every time they execute they require runtime binary..
What happens if the virus was written in C or plain old assembly?

try remaining them if its not system critical process..
well if even then if its not working then try on some windows xp support tools like "depends"
it shows all the libraries required by a process to start try ,
renaming or deleting any file out there ,which is not critical..,after which it will not be able to spread itself
And how does one see which ones are critical and which aren't? Just rename, reboot and hope your system comes back up?

i think that's more than good..
I think you need to learn a lot more.

I'm sure you mean well but this really doesn't help...

OK, my first comment is that this does not appear to be a "virus"............the Norton says "trojan" so that is probably what it is. It does not seem to behave like a virus either.

Secondly, it is always good policy to run anti-malware scans in "safe mode"..............a lot of them will not have loaded, so the AV/AM tools can clean them thoroughly.

You get into safe mode by rapidly tapping the F8 key on boot-up. Be patient, if you do not have to do this regularly, you may have to have several goes ;)

In XP you should go for the option "with network support", as this should let you update your anti-malware tools.

ALSO: In Windows XP and ME you should disable system restore before you start scanning. Visit your AV suppliers site or Microsoft Support for instructions.

Right,

1. When your AV or whatever reports a detection, WRITE THE DETAILS DOWN, and check on their site. There may well be additional clean up and repair instructions there. It also allows us to find out how it works.

2. Do not empty the quarantine until the problem is resolved. Your AV supplier may want to look at the file.............I certainly would.

What seems to be happening here is that a load of scumware is running in the background, taking the resources. It could also be Norton itself running background scans.

There certainly seems to be a bad guy trying to collect information..............it creates a temporary file and Norton deletes it, so it creates another one.................almost perpetual motion? :D ...........Norton vs. a bad guy in real time?..............that could easily take 80% of your resources.

QUOTE:

so i suggest first of all make all ur files read only..this way the virus can't infect that..

Please IGNORE THAT TOTALLY....................the guy is obviously an IVPACE (International Virus Protection Agency Certified Engineer)..............if you are already infected, protecting things will only protect the infection and prevent the clean-up?


Good luck!

ashtified,

Maybe english isn't your first language...if we knew where you came from I'm sure the guys that have mentioned your language problem would cut you some slack...because as it sits right now, without any background knowledge to base an opinion on, it just looks like you're talking as if you were in some chat room.

Know where you're experience lies...I'll use myself as an example...I know that I know diddly-squat about computers, so I never present myself as such and maybe bugger up someone's computer...I provide links...and that's about as far as I go about giving computer related advice...if you don't really know what you're talking about, then leave it to people who do...there are other ways to help without causing someone more headaches by giving bad advice.

Just a suggestion.

Eg

If it's identified as a trojan by Norton, you might want to try a trojan remover. That's what they're for and stuff...

http://www.agnitum.com/products/tauscan/

Also, you might want to try writing down exactly what Norton is telling you what that trojan is, and enter that on a google search to see what it might turn up. It could tell you exactly what it is and what it's doing and how and what you need to get rid of it

This is written in imspeak for the benefit of those of us who can't seem to write in English. I'll stick it in quote brackets so nobody gets too confused here. Those of us who aren't ashtified may feel free to skip it entirely:

ashtfd, ru a scrmin wnkr r wht? u no nd 2 be scruin sum1's box lk tht. lrn to spk prprly b4 u get pwn3d n2 0bl|\/|0n. rozzer?

For the rest of us I'll translate the jist:
You're a screaming idiot. Lesson one: Learn to speak in proper English before you get negged into oblivion like so many who came before you. Lesson two: Don't offer advice to someone if you don't know what you're doing; you can screw up their box quite royally.

"You must spread around your AntiPoints before negging the shit out of ashtified again."

i tried to run the virus scan in safe mode, but it came up with the XP error, send or dont sent report. I ran it in normal mode, and everything seems to be working just fine. The only problem is everytime i run viruscan i get detected 2 viruses. I downloaded a tool to get rid of these and when the tool ran its scan, nothing came up.

it would really help if you gave the names of the two viruses that come up if you havent already.

Definately, you getting the EXACT names of the virus'/trojans and posting them here would be a much bigger help, that way we can look it up and try to find a solution or reference you to someone who can. I don't have any homework that HAS to be done by tomorrow, so I can see what I can find for you.

When you have the names of the viruses you are infected with try putting them through the search forms on the Norton or Sophos site. You should get full step by step removal instructions and you might get a tool to do the job for you.

Other things you might want to add to your machine if you don't have them are

Adaware6 http://www.lavasoftusa.com/software/adaware/
Spyware blaster http://www.javacoolsoftware.com/spywareblaster.html
Spyware search and destroy http://www.safer-networking.org/en/index.html

These need to be kept up to date and used regularly just like your virus scanner.