Virus not gone....even after fresh Vista Install

[muse.adulator]

I inserted a pen drive and I guess virus came through it.My task manager was disabled and comp was slow. Even after trying for many hours and diff antivirus, problem was there still.
Fustrated, I reinstalled my Vista OS.

Shockingly however , just after the install when I checked TASK MANAGER was still disabled, i.e. virus was still there!!


What to do????/

[aditya1987]

Did you format the OS partition before reinstalling Vista?

[mrintech]

Go for online scan: http://www.kaspersky.com/virusscanner if you have a fast connection

ELSE

Download Kaspersky trial version from here: http://www.kaspersky.com/trials

Update it with latest definition and than scan

You can opt either for KIS or KAV

[NIGHTMARE]

yup better way mention already

[muse.adulator]

Quote:

Originally Posted by aditya1987

Did you format the OS partition before reinstalling Vista?

Yup . Can you believe it????


As soon as the desktop came for the first time in the Freshly installed OS, i just right clicked to confirm that virus had gone!!! To my horror, TASK MANAGER , was still disabled and comp was slow.


Gawd, this is the worst nightmare!!

Avast detected some Win32 virus, but it wont repair m, only delete all exe's.

Kaspersky is not detecting anything!!!

[sreenidhi88]

dude,check out my vb.net application to remove files.it is made for removing these kinda viruses.if you know the location of the virus then browse to it and then click remove .
you must be a noob.vista asks your permission before executing every exe.
download and run spybot search and destroy .its " really really" good.

i still cant understand how u got back the virus even after fresh installation.u didnt restore it from any previous back ups,did u?

did u check the start up folder,the "run"registry key?

here is the link for my application.you can use it in future to remove pen drive viruses.

simple usb cleaner

[sidewinder]

The virus is back simply because you just formatted the vista os partition and reinstalled vista again but didnt formatted other partitions of your pc.

In fact the virus is just an autorun virus. it has already placed numerous copies of itself in every partition you have and as soon as you log into windows,the virus is getting executed via autorun.inf placed in every partition you have..

Either fully format the full hard drive and freshly install everything or scan the whole with a fully update antivirus scanner.

Try Kaspersky rescue disk. Its a stand alone linux based virus scanner. Download the iso,burn it into cds and boot from it and scan it from there.Eveything will be just fine after that.

[JojoTheDragon]

Scan again with avast and copy the location of the virus. Now boot vista safe mode search for the file and delete it manually. If unable install unlocker (google it) and delete the file. Only if kaspersky fails.

[muse.adulator]

Quote:

Originally Posted by sidewinder

The virus is back simply because you just formatted the vista os partition and reinstalled vista again but didnt formatted other partitions of your pc.

I guess you are right.

When I boottime scan my OS, it detectes every .exe and delete it, since its unable to recover it.
I dont want it to happen!!!

Oh, it's win32:sality-gen

[sidewinder]

^^ Boot time scan may not treat the virus completely because the hdd is already mounted. Try Kaspersky rescue disk..its worth every penny ! I think your problem will be solved !

[mrintech]

go scan with these softwares, your problem will be 100% solved. Scan all drives, update the definitions to latest one and go for Full Scan not quick one:

1. http://www.emsisoft.com/en/software/free/

2. http://www.superantispyware.com/download.html

[thewisecrab]

You can have a look at this:
http://forums.techguy.org/malware-re...-me-win32.html

[alexanderthegreat]

To re-enable the Task manager, do this:-
Step 1:In the Orb menu's(Vista's Start menu) search function, type gpedit.msc and press enter. This will open the Group Policy editor.
Step 2:Navigate to User Configuration>Administrative Templates>System>Ctrl+Alt+Del options using the left side pane.
Step 3: Double click on "Remove task manager" entry in the main area.
Step 4:Click on the "enabled" radio button and apply the changes.

Also, Install Spybot:S&D. It prevents any changes to the registry from unauthorized sources. It will ask for your permission everytime the virus tries to change the registry entries, thus preventing it from doing so!

Also, try to run a full system scan using Avast! or Nod32 while in safe mode to completely remove the virus. Or try the boot time scan feature of Avast!
I hope this helps.

[muse.adulator]

Here is what I did from morning:

1) Scanned boot time my system completely using Avast. It detected many viruses and deleted 'em.

The Task Manager and Regedit was disabled still.

2)So completely updated Kaspersky AV 7 and scanned. it did't find any.

Then I did these

Quote:

Originally Posted by mrintech

3. http://www.emsisoft.com/en/software/free/

4. http://www.superantispyware.com/download.html

They too found many malwares and deleted it.

Still TM and REGEDIT are disabled!!

I am tired.........what to do now????????:con fused:

Quote:

Originally Posted by sidewinder

Try Kaspersky rescue disk..its worth every penny ! I think your problem will be solved !

As KAV didn't find any problem, should I still do it?

[NucleusKore]

1. Make UBCD4WIN in a clean system
2. Boot your PC with it, with your pendrive(s) plugged in
3. Open Avira (Red Umbrella)
4. Configuration -> Action on malware
-> Primary - repair
-> Secondary - delete
5. Click Local Protection->Manual->Mark all drives (non-optical)
6. Click Scan (magnifying glass on top)

[muse.adulator]

Quote:

Originally Posted by alexanderthegreat

To re-enable the Task manager, do this:-
Step 1:In the Orb menu's(Vista's Start menu) search function, type gpedit.msc and press enter. This will open the Group Policy editor.

Cannot find gpedit.msc

[freshseasons]

Quote:

Originally Posted by muse.adulator

I inserted a pen drive and I guess virus came through it.My task manager was disabled and comp was slow. Even after trying for many hours and diff antivirus, problem was there still.
Fustrated, I reinstalled my Vista OS.

Shockingly however , just after the install when I checked TASK MANAGER was still disabled, i.e. virus was still there!!


What to do????/

Please check you Vista Installation Disc.Probably it has a virus if not genuine.
Get another copy of Microsoft Vista.Check other harddisk partitions other than the OS partition.

[muse.adulator]

^^It's genuine!!!

[mrintech]

dude the thing is that all the viruses and worms are gone but as a stray mark they corrupted all the files.

Better backup your data, run updated scan on all drives and the backup, by means of softwares mentioned above

and Format, No other option

I recommend Full and updated SCAN Again for the drives and the backups you made.... why taking risk

[muse.adulator]

SHould I re-install my Vista again after formatting the OS drive???

Cause,although my TASK MANAGER and REGEDIT are still disabled, I think the slowness has gone!!!

[ThinkFree]

^^Best option, Backup your important data on another hard disk/dvd ,format the whole disk and reinstall windows.

[muse.adulator]

I can't backup the whole 80 GB of data.................that's too much!!!!!!

[thewisecrab]

^^
Did you have a look at the link I gave? (post #12)

Otherwise
It looks like you have no other option.
Write as many DVDs of data as you can or take your HDD to your friends house and backup data on his PC. (Make sure atleast your Data containing partitions are clean otherwise you'll end up spreading the infection)
Then, format the entire HDD, repartition it and then install vista

[alexanderthegreat]

Quote:

Originally Posted by muse.adulator

Cannot find gpedit.msc

No Group Policy editor eh? No trouble at all!

Here, do this:-
Step 1>In the Orb's search box, type in run and click on the "run" that appears in the results.

Step 2>Type the following code(you'd better Ctrl.C-Ctrl V it!) into the run box:-

Code:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

Congrats! You've enabled the Task manager!(To hell with them gpedit.mscs!)

Step 3>For the registry editor, it is a misfortune that gpedit.msc is not there. Never fear, my friend for there's always VBscript! Download the registry unlocker from the link given below this step and run it. It is a 100%virus free file, don't worry. It was made by a Microsoft MVP called Doug Knox(Attaboy sir!).
Link to the VBscript code to unlock the registry:-
http://www.dougknox.com/security/scripts_desc/regtools.htm
PS.You might need to reboot after running this in order to allow the changes to become effective.

There ya go! Every stinking thing unlocked! Try them Antiviruses and clean the PC. Intall Spybot S&D to prevent further virus-was-hereTM Registry edits.

Hope that helps!

[Ishan]

boot in safe mode
check msconfig entries in google(are the threats or not.. if they are then uncheck them)

check all the drives and windows and system folders for all the .exe, .vbs, .bat and others and check them on google....If doubt them as threat...take thir backup in a folder and delete them....

Now onwards start finding viruses urself..... dont rely on antiviruses fully

dont be lazy...check for all the files ... Best Of Luck!

[muse.adulator]

PROBLEM SOLVED.

I just re-reinstalled my OS after having all the scans and It's fine. I will never turn off UAC ever again!!! Thank you all you guys for help.Really Really appreciate it.

[thewisecrab]

Great. Be Alert with Pen Drives next time

[snehit]

For future reference, Never ever format the full hard drive cuz no virus or not any other threats required formatting. It is complete waste of time.

Try such things before taking immediate action.

> Turn off system restore point before start the scan.
> Select "Show hidden files and folders". Uncheck "Hide extentions for known file types" & "Hide protected O... S... files". [Some extentions windows will not show and usually malwares take the advantage of this mistake and hide itself. You feel this is jpeg file but if that is with certain extention like .lnk, .pif and .shs then you are going to be f u cked off]
> Use some well known anti spyware like SUPERantispyware, Malwarebytes Antimalwares and spybot search and destroy. [I have installed all three of them along with my antivirus Quick Heal. And they are not resource hunger 'cuz not giving real-time protection, So not to worry about it, Dude!!!]

> Go for majorgeeks forum. They are experts in removing malwares. But go first for it's "Read me first" thread.