Caught a virus.
June 19, 2006 3:01 PM   Subscribe

Download Adaware or Spybot search and Destroy, run it and see what they show.

Adaware is included as part of the google pack set of add-ons.
posted by iamabot at 3:06 PM on June 19, 2006

According to Symantec (makers of Norton AV), this page lists the variants of the infostealer virus and how to remove each one. It looks like you will have to disable the System Restore function, then download all current updates for your software, then run the scan. The scan should identify the infected file(s) and prompt you for quarantine and removal.

Also, once you have run the virus scan (and also Ad-Aware after), make sure you set new passwords (use good ones, such as letter/number/symbol combinations).

If you can't view the link above, let me know and I can send you the plain text version.

Good luck.
posted by galimatias at 4:40 PM on June 19, 2006

Also try the online scanner from Trend Micro, it's usually does well.
posted by gemmy at 4:58 PM on June 19, 2006

RootkitRevealer

Yes, it happens more often than we would hope.
posted by adzm at 7:30 PM on June 19, 2006

Have your Windows XP cd? The best way to get around spyware that hooks into your operating system is to not run the OS while removing it. Unfortunately, I've had to do this a lot more recently due to the underhanded tactics spyware developers are using. Here are the steps, which require a little bit of DOS know-how:

In Windows:

1. Open "My Computer" and click on Tools/Folder Options. Under the View tab ensure that file extensions aren't hidden and that "hide protected/system files" is unchecked.

2. Navigate to your windows\system32 folder. Sort the view by date.

3. Scroll to the most recent files/changes. This will give you an idea of what's been added recently (they don't always end up in system32, but it's where i find 99% of em)

4. Right click on recent dll's and exe's and choose properties. Generally your bad dll's will have weird information under the version tab (or no version tab at all compared to good dll's/exe's) Cross reference the files with the list that galimatias posted.

(alternatively...before you reboot, grab a copy of SysInternals' procexp to see if you can find the dlls and take them out of memory. If you succeed then you can delete or rename them while in windows)

Reboot with xp CD:

1. Boot off of your Windows XP cd and enter the recovery console

2. Log into your Windows partition

3. Once at a C:\ prompt type "cd \windows\system32"

4. Type "del (dll or exe)" where your substituting the name of the dll or exe. You could also type "move example.dll example.bak" which will keep the file but break program so it doesn't load when you boot windows. If all else fails, you could then return here and rename it back to a dll.


It's an ugly way to approach it, but it's getting more and more like this for me as it's taking anti-spyware companies longer to script removal methods for the increasing number of spyware variants popping up. Good luck!
posted by samsara at 6:35 AM on June 20, 2006

« Older Help me find a place to stay i...   |   Sourcing tracks for a themed C... Newer »

This thread is closed to new comments.