Cannot remove viruses

[SansSouci]

My next door neighbour recently scanned her h/d and found 42 viruses and trojans! We managed to remove most with AVG but some persisted. I've since bought her a copy of Norton AV 2005 and we've gotten rid of more but there are still some which I just can't get rid of. They all seem to be low threat and should be simple to remove but Quarantine and Deletion attempts by NAV don't work. After consulting the Symantec website I disabled System Restore and ran a test in Safe Mode - no joy. I've posted a screen shot below: any idea how we can get rid of the buggers? I should also mention that I've noticed that some Windows functions seem to have been interferred with eg. the Device Manager window closes as soon as it's opened.

Cheers

[da_ging]

find out where they are located and manually delete them (may need to do in safe mode)

[Ferral]

Yeah, if you go onto the symantec site you can get the detailed virus info and instructions on how to remove them.

I have also found that adaware (free download) can occasionally remove trojans.

Just before that though, go to the run command and type msconfig then press return, go to the startup tab and check what is starting up with windows, if anything looks suspect uncheck them and then restart the pc (click apply before restrting ! ) and ignore the startup warning of having a selective startup. Then run the AV and adaware to see if they get removed. If there are still some remaining restart again in safemode and try the 2 things again (AV & adaware)

[Curly]

Heres a few links that might help

http://vil.nai.com/vil/stinger/

http://www.microsoft.com/security/incident/sasser.mspx

http://securityresponse.symantec.com...sser.worm.html

Curly

[Bro John (UK)]

Stinger is a handy .exe file against trojans. Latest version can be got here

also found the MS anti spyware to be useful, get it here. Currently still at beta stage, but I had no problems.

[davidstone28]

You should also have an look at the virus descriptions and work out how the system has been compromised, what personal information has been sent out etc.

[nichomach]

I've also run into problems with viruses/spyware etc being buried in the system restore info; it can be worth getting Stinger, turning off system recovery, rebooting into safe mode and THEN running Stinger.

[Flibb]

Another option, get avast antivirus. Update it then set it to scan on next boot. It does the scan before windows loads up, gets to files other scanners cannot reach. Also turn off system restore before running it.

[SansSouci]

Wow thanks for all the help guys. I followed the instructions on the Symantec website however to no sucess - in fact all should have been removed by a regular scan. Next I'll try doing it manually with MSCONFIG amended, then I'll try Ad-Aware. I'll prolly be back to ask more questions before I try some of the other options.

Thanks very much!

[Flibb]

If its a trojan dont think adaware will shift it. Also is he running a firewall? My parents had an infection (oooerrrr), cleared it , i camee back, etc. They were on dialup and still kept getting a worm / trojan, firewall and avast shifted it.

[Thorsson]

Remember to turn off system restore!

There are several Sasser removal tools. Use one in safe mode.

The others you can mostly delete by doing a search on the name and then manually deleting - make sure you can see hidden files on the system before doing the search!

Also use Spybot, this may remove some malware that NAV misses. And before going online again make sure some sort of Firewall protection is in place.

[mariner]

You have trojans in your log. To scan for and remove them, go here: http://www.misec.net/trojanhunter/ and download your free trial copy of TrojanHunter. Before running, please update, then perform a full scan. Also, because many trojans and viruses hide in the temporary internet files, please delete them. Do so using Cleanup from here: http://stevengould.org/ Set it to your liking -standard clean should be fine- then run and reboot.

If any problems persist, you may need expert help in cleaning up your system. If you do, go here: http://hijackthislogs.com/index.php for fast, friendly malware removal. I recommend this site, for spyware/malware removal is my thing, and this place is good and quick, too.

Regards

mariner