1. #1
    Bastards have put a virus on me comp. I've been running AVG and Ad Aware and have gotten rid of most of it, but there's a file or so that has embedded itself in the reg files n I can't get it out. The most annoying that is that it shoves those bloody pop ups over your site! It just did it then too while I was typing Not a happy camper. Right on the middle of me exams too!
    Share this post

  2. #2
    Bastards have put a virus on me comp. I've been running AVG and Ad Aware and have gotten rid of most of it, but there's a file or so that has embedded itself in the reg files n I can't get it out. The most annoying that is that it shoves those bloody pop ups over your site! It just did it then too while I was typing Not a happy camper. Right on the middle of me exams too!
    Share this post

  3. #3
    Confucius says:

    Never click teh wrong button on a pr0n site.
    Share this post

  4. #4
    Xiolablu3's Avatar Senior Member
    Join Date
    Jan 2003
    Posts
    8,755
    If its giving you popups its probably a worm.

    Get Hijack this, run it and post the log file here, I will see if I can sort it out.

    If you dont have much stuff to save, a reformat is a sure way to get rid of it. Good time to spring clean and get all that **** off your comp


    Hijack this! :-

    http://www.majorgeeks.com/download3155.html
    Share this post

  5. #5
    Grue_'s Avatar Senior Member
    Join Date
    Mar 2005
    Posts
    579
    Usually the adware trojan will create a file in the c:\windows\system32 directory. It will be a .exe file with an unusual name and will have been created on the day your machine was infected. Make a note of the file name.

    Reboot Windows in safe mode.

    Go to the system32 folder and delete the file, then create a folder with the same name.

    For example, if it is called trojan.exe, create a folder called trojan.exe

    This will disable the trojan if you can't find any other way of removing it.
    Share this post

  6. #6
    Nortons site usully has fixes for these things, but a serious PITA to get rid of.

    Save your pennies and get an external backup drive. Then kill System Restore as a lot of nasties will hide in there and reinstall every time you restart.

    Sorry I can't help much beyond that.
    Share this post

  7. #7
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by Grue_:
    Usually the adware trojan will create a file in the c:\windows\system32 directory. It will be a .exe file with an unusual name and will have been created on the day your machine was infected. Make a note of the file name.

    Reboot Windows in safe mode.

    Go to the system32 folder and delete the file, then create a folder with the same name.

    For example, if it is called trojan.exe, create a folder called trojan.exe

    This will disable the trojan if you can't find any other way of removing it. </div></BLOCKQUOTE>

    Cool tip, Grue. I recently had to re-install on the family PC due to not being able to fully erradicate one of those. I'll have to try your isolation methods next time.

    Oh and given my "click-happy" family, there will most definitely be a next time.

    Amazing, you can have every protection in place, but the one thing you can't protect against is your family clicking "OK". lol I should reduce their rights, but then it becomes a PITA to have to do everything for them. At least they are getting more savvy by the month and have greatly reduced the BS they allow on the PC.

    @ HB...pr0n pwns joo!!!!

    J/K man, I hope you get it sorted quickly.
    Share this post

  8. #8
    Grue_'s Avatar Senior Member
    Join Date
    Mar 2005
    Posts
    579
    It's a trick I've used loads of times because my customers insist on downloading tripe from the internet and installing it on their computers.

    These trojans are getting more and more sophisticated - one I saw the other day disabled task manager, regedit and the services control panel for example.

    None of the anti-spyware software is 100% effective, I find Windows Defender to be a reasonable defence and it doesn't bother you with loads of nag messages.

    The safest way to browse the internet these days is to create a user on your computer with 'Restricted User' permissions and surf the web as that user.

    All those nasty little java scripts lurking on dodgy websites can't install themselves as they can't write to Windows.
    Share this post

  9. #9
    Xiolablu3's Avatar Senior Member
    Join Date
    Jan 2003
    Posts
    8,755
    He doesnt mean he has an 'Adware' trojan.

    He said he has used Ad-Aware to try and get rid of it

    Ad-Aware is a spyware,trojan remover
    Share this post

  10. #10
    B16Enk's Avatar Senior Member
    Join Date
    Apr 2003
    Posts
    3,782
    <BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">The safest way to browse the internet these days is to create a user on your computer with 'Restricted User' permissions and surf the web as that user. </div></BLOCKQUOTE>

    Good sage advise, taking a leaf out of the Unix/Linux book of only using root (admin) when you need to.

    Of course that is a PITA too, which is why some clever geezer came up with the 'Browser Appliance'.
    This is a virtual machine (virtual PC in fact) that runs within the excellent and free VMWare Player application.

    If any one is interested just go to VMWare Player pages, and also the Virtual Appliance pages
    Share this post