Virus removal advice needed

Lamp · Feb 28, 2006

Hello

I'm pretty sure I've got a virus on my system but not 100% sure

Everytime I run a virus scan (used Norton and Trend Micro House Call) the PC shuts down half way through without any warning. Doesn't shut down any other time.

I now also have probs connecting to the internet (error message on connection says "logon and or password not recognised on this domain"). Spent an hour on the phone to my ISP and they confirmed my account's fine, they re-set my password, and my line is perfect. They advised me to uninstall my modem software and reinstall it. Tried it and still couldn't connect.

Running Intel 4, 3.01 GhZ, 180G hard, Windows XP Media Edition, 512 RAM.

My hardware and PSU are fine.

Assuming its a virus, how do I get behind it and eliminate it ? Its almost as if it seems to know a program is reading it and shuts down when detected.

I know nothing about DOS so if I need to remove it from DOS I need step by step instructions.

There's no point me buying a new AV package - cos I'm pretty sure when I run it it will just shut down again. Need to get behind it somehow.

Anyone offer any advice ? Thanks a lot

Gahn · Feb 28, 2006

Tried to start windows in safe mode and run the av?

Lamp · Feb 28, 2006

Not yet...but I don't think you can run Norton AV in safe mode (can you ?)

Lamp · Feb 28, 2006

For anyone else suffering, found this on a forum (see Touch's response)

http://www.bullguard.com/forum/9/Isnt-anyone-going-to-help-me_28084.html

Gotrag · Feb 28, 2006

Lamp said:
I now also have probs connecting to the internet (error message on connection says "logon and or password not recognised on this domain"). Spent an hour on the phone to my ISP and they confirmed my account's fine, they re-set my password, and my line is perfect. They advised me to uninstall my modem software and reinstall it. Tried it and still couldn't connect.

What error message are you getting?

Lamp said:
Not yet...but I don't think you can run Norton AV in safe mode (can you ?)

Yeah I'm sure you can run norton in safe mode.

Download Microsoft Beta and also run that in Safe mode

Lamp · Feb 28, 2006

Gotrag said:
What error message are you getting?

I click connect
It dials my ISP
Connects
Then return Error 641: "Unable to Connect: your name and password are not recognised on this domain"

There's nothing wrong with my password - its been re-set by my ISP. Its linked to my primary email address. My account is in credit and currently connected. My line test returned no faults.

Could it be the result of trojan-downloader-conhook attaching itself to my windows explorer function and winlogon ? May need to use Ultimate Boot CD for Windows.....

Gotrag · Feb 28, 2006

Lamp said:
I click connect
It dials my ISP
Connects
Then return Error 641: "Unable to Connect: your name and password are not recognised on this domain"

There's nothing wrong with my password - its been re-set by my ISP. Its linked to my primary email address. My account is in credit and currently connected. My line test returned no faults.

Could it be the result of trojan-downloader-conhook attaching itself to my windows explorer function and winlogon ? May need to use Ultimate Boot CD for Windows.....

Hmm I have never come across this before.

it could be but since i havn't come across this before i can't suggest anything but knowing what have you download prior to this happening and where did you download it from might give me a insight into it.

Gahn · Feb 28, 2006

Ofc Nav works in safe mode, it's the only way to avoid the bastard to get in memory thus cracking your nav capability of remove it.
Another thing u could try (warning if u aren't skilled avoid it) is to open up the registry and scan all Run keys to spot the bastard and kill the key regarding it.

Gotrag · Feb 28, 2006

Gahn said:
open up the registry and scan all Run keys to spot the bastard and kill the key regarding it.

Thats why i suggested Micrsoft Beta as that scans your registry.

Not a deep scan but don't really know any free-ware that deep scans your registry but as always there is way round paying for it.

Lamp · Feb 28, 2006

I did download Spybot

Tried to run it

It froze half way through

That's the only thing I've downloaded prior to my problems

Gotrag · Feb 28, 2006

Lamp said:
I did download Spybot

Tried to run it

It froze half way through

That's the only thing I've downloaded prior to my problems

Run them in safe mode and see if it picks up on anything.

Lamp · Feb 28, 2006

ok will do

thanks

Gotrag · Feb 28, 2006

Lamp said:
ok will do

thanks

It's no problem sorry i couldn't be of any more help.

Lamp · Mar 1, 2006

I can now connect to the internet. My home page was hijacked (google).

From now on I'm staying away from dodgy internet sites and am blocking 3rd party cookies.

Gotrag · Mar 1, 2006

Lamp said:
I can now connect to the internet. My home page was hijacked (google).

From now on I'm staying away from dodgy internet sites and am blocking 3rd party cookies.

Well there is one problem sorted now for your desktop hijack, if you havn't already i would strongly suggest downloading Microsoft beta that scans your registry and gives you the choice to change your homepage back if it get's hijacked or you could do it through the registry manulay withc is alot harder.

Virus removal advice needed

Lamp

Gold Star Holder!!

Gahn

Resident Freddy

Lamp

Gold Star Holder!!

Lamp

Gold Star Holder!!

Gotrag

Fledgling Freddie

Lamp

Gold Star Holder!!

Gotrag

Fledgling Freddie

Gahn

Resident Freddy

Gotrag

Fledgling Freddie

Lamp

Gold Star Holder!!

Gotrag

Fledgling Freddie

Lamp

Gold Star Holder!!

Gotrag

Fledgling Freddie

Lamp

Gold Star Holder!!

Gotrag

Fledgling Freddie

Users who are viewing this thread

Similar threads