Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: I have a virus that I cant remove

  1. #1
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539

    I have a virus that I cant remove

    hi i have a virus called Exploit-MhtRedir.gen and im running the latest version on mcafee on a Xp box that is fully patched... when i try to remove the virus it says the file is write protected and i cant remove it! this is causing problems for my pc... i keep getting blue screens and have had trouble booting into windows... any ideas? thanx bye.

    p.s. i have also tried quarantineing, cleaning and deleting it with no luck, i am also unable to submit it to mcafee for analyzing.
    Git R Dun - Ty
    A tribe is wanted

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Did you try safe mode??

    Also i have heard of a utility which allows you to delete files in use....

    I am sure I saw it on this site somewhere...I beleive it is called copylock.exe...


    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Symantec has some manual removal instruction you may want to look at.

    Symantec Instructions

    Hope it helps.

    Cheers:
    DjM

  4. #4
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    i booted into safe mode and ran virus scan thats how i saw i had a virus.... i coulda sworn i had the latest virus defs though.... i hope i can get rid of this... it just said that it steals your bank account info! i really dont know how i got this virus...
    Git R Dun - Ty
    A tribe is wanted

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I would follow DjMs advice and do a manual removal...

    cause just by deleting that one file...you may not be getting the whole thing and it could keep coming back.

    As for how you got it...there are too many ways to list.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    I have followed the instructions of the webpage that DJM gave me and i cant seem to find "load32"="%System%\swchost.exe anywhere in my registry! i can do all the instructions up that point but i cant find that value. and also they tell u to change
    explorer.exe %Windir%\system32\vxdmgr32.exe"
    to: "explorer.exe" but mine has already been changed to explorer.exe... so it looks like the last step has been done already, how i dont know, but the first step hasnt... any suggestions? i really want to get rid of this virus and my virus scan isnt seeming to do it! thanx alot bye.

    p.s. i also have two "runs" one has lots of my programs in it that look to be normal and the other one just has "default" and "Quicktime task" in it. any suggestions would be appreciated. thanx again for your help... i hate having viruses! no one is safe these days

    Git R Dun - Ty
    A tribe is wanted

  7. #7
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Have you tried any of the online scanners, maybe you have cleaned up the infection. Check out:

    TrendMicro's Housecall

    or

    Symantec Security Check

    Cheers:
    DjM

  8. #8
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    hey man thanx for all the help, im not sure yet if this will work ( i hope so!) but thanx for trying... i really appreciate it
    Git R Dun - Ty
    A tribe is wanted

  9. #9
    Junior Member
    Join Date
    May 2018
    Posts
    5
    Quote Originally Posted by morganlefay View Post
    Did you try safe mode??

    Also i have heard of a utility which allows you to delete files in use....

    I am sure I saw it on this site somewhere...I beleive it is called copylock.exe...


    MLF
    Safe mode is probably the easiest way to bypass it.

  10. #10
    Junior Member
    Join Date
    Sep 2020
    Posts
    1
    DjM , thanks you. Symantec Security Check saved my windows from full reset.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •