May 11th, 2004, 09:14 PM
Im going to a friends house in a fre minutes, now he's telling me he has a virus ( from the sympotoms i think its Sasser.... now how can i remove it..yeas i have downloaded the removal tool, i know the removal instructions...should i boot into safe mode and remove it...should i update windows first then run the removal tool or vica-versa ?? And is there any other way that i can end a process because the Task Manager, Ms-Dos, msconfig automaticly closes in 2 seocnds when i open it....how can i end the virus process....or should i just run the tool... ? ANya dvice appriciated, i'm 98% sure i'll remove it, i just wanted to see if anyone else had it and how he removed it...Tx for any input guys...
May 11th, 2004, 09:24 PM
yep safemode baby.. and don't bring just one removal tool.. there are at least three that I know of.. ms released (i think) version 3 of it's tool.. the first version was totally flawed.
bring all your other tools too.. AV/trojan and spyware removal ones.. hijackthis.. etc.. may as well do a complete job.
if you need help with the hijackthis log.. you know who to come to right ?
(someone else you little bugger.. na.. just kidding, I'll help)
May 12th, 2004, 02:03 AM
You can even run it from normal login if you want, the key is to make sure you disable windows System restore, because the tools never remove it from the restore function (note that disabling this will delete all previous restore points, but they are no good anyway anymore). You can do this by right clicking my computer going to properties and then clicking system restore option then disable it. I have run the symantec removal tool on prolly 200 computers and i just run the removal then add the patch. I have yet to have one return on me and the tool only takes like 5 minutes to run. When this is done I would reccommend removing the hard drive and scanning it on another comptuer. This will ensure that you dont have any other virii on your computer. then run through the typical spyware/adaware stuff... look here http://www.antionline.com/showthread...hreadid=257405
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
May 12th, 2004, 02:09 AM
Safe mode will keep it from starting, then you wont have to worry about the process. Use the tool, then go to safe mode w/ networking and update. Ive removed like 6 and thats worked great. Oh and make a batch file with shutdown -a, because some boxes ive worked on have been so slow I couldnt get to cmd in time.
May 12th, 2004, 02:35 AM
i have yet to come across a box that is infected with only one virus. it seems like the last one they got is all they could stand. i tell people i work with in other departments to bring their computers in is they are having trouble yesterdat the cfo brought in his home computer...9 trojans, 4 different viruses (after stinger) and 128 pieces of adware/spyware. i used trendmicro's stinger after booting into safe mode. rebooted normally, then killed all the process i didn't want running then installed norton. ran adaware, spybot and finally had too use hijack this to get out the last remaining components, then connected to the internet from behind a firewall and got all the updates.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
May 12th, 2004, 02:39 AM
*Computer Fixed....tx guys...
May 12th, 2004, 04:32 AM
You should share the technique you used for others to follow if the come across the same problem.
May 12th, 2004, 05:57 AM
Ok i downloaded the removal tool Called "Stinger", http://vil.nai.com/vil/stinger/ i booted into safe mode, turned off System Restore, Ran the tool, removed 3 viruses ( it hink it detects 41 viruses, Bagle, Skynet, Sasser, etc...). Booted norally again and searched for any remaining files...(didnt find any). then i installed NAV 2004 and NIS 2004. Then i updated windows....thats about it...
May 12th, 2004, 10:23 AM
Hah! you missed some
Please get your friend to go into safe mode and run his updated AV etc. There might be some older ones in there that "Stinger" (the McAfee emergency tool) will not detect.
I would then run Trend Micro's "Housecall" And Panda Software's online scanner. Then Adaware & Spybot S&D in safe mode, just like Tedob 1 has suggested. My last sortie yielded 3 viruses and 106 assorted scumwares. (Damn Ted~ you beat me )
Over the past 4 years my experiences have been identical to Tedob1's..............careless people & multiple infections.
Might also be worth running the trial of Moosoft's "The Cleaner"?
Just a thought
EDIT: and harden him up!
3. Spyware Blaster
4. Run the "immunization" in SpyBot S&D
ScripTrap.............help him set that one up, you can set an automatic interface to the AV app.