I wish I could help, and am sad that program didn't take your little away like it did mine. And I had been over it. I wish John lived closer to you so he could come over and fix it. :)
If you deleted the registry key that loads the trojan and it comes back, the actual cause was not taken care of. Deleting the registry key doesn't kill the process that may be still running in memory. Along with deleting the key, you also have to stop the running process before you restart the PC, and then find and delete the maliscious executable or dll file(s) as well.
Also, some viruses/trojans load from the registry as a "process" and msconfig is pretty helpless there - as it only looks a a few of the common places where programs are loaded from.
Some trojans (like certain variations of this one) can actually load from the virus chest or from the quarantine folder - depending upon the antivirus software you have. I know it can from Mcaffee, not sure about Norton. I use Avast and it has not let me down in 3 years.
The only way I know to truly get rid of this kind of trojan.
1. Make sure system restore is off.
2. Boot in safe mode
3. Delete the registry key that loads the trojan
4. Delete the infected executable or dll file(s) -- (there may be more than 1. )
5. Delete all temporary internet files (precautionary)
6. Delete all "temp" files. ( precautionary)
7. Delete all files in the virus chest or quarantine folder. Don't skip this ...
Then do a virus scan again, It should not be detected by the antivirus program.
Restart normally. It should be gone.
If it is initially gone and then comes back later on, there is a program still on the system that when run manually, rewrites the registry key, and recreates the malicious files. This program needs to be removed/deleted. The problem will keep coming back forever until this is done .
But if all went well in 1-7 it should be gone and should not return.
Turn System Restore back if you use it. I don't use System Restore as it has seldom been helpful to me, but you may want to keep using it.
Consider using Firefox as your Internet Browser - it is much more secure than IE is customizable with some really cool and useful plug-ins or "extensions".
Exsie, I paid for a couple downloadable programs when I was trying to cast out the computer's demons, too. They were worthless. That's when I finally decided to call in the ghostbusters.
well one frustrating thing is when i run adware away, it gets all ready to delete or repair, and then the computer shuts down all by itself. happens every single time
i've been trying in safe mode. so far no good
i did delete surf sidekick and keyboard888 or 666 or something and quick links from remove programs
will have to try again
i think there's a bundled devil
thank you all again - so much !!!
oh and i believe when i tried to download one of those cleaners, it told me the file was already in use ?????
Unzip it to a folder or to the desktop then run hijackthis.exe - saving the log file.
Then cut and paste the contents of the log file into a new post. It's probably a good idea work with just one person at at time, so John should probably take it from there.
pps. dancing, as a rule, should that automatically restart be checked on or off in my computer system recovery thing?
GOOD NEWS! I heard back from Adware Away tech support and they told me things to check off from the log report I sent them (which I guess is like Hijack this). I did it and so far so good. I sent them another log to look at because one of the things they told me to check off was NOT on the list that came up.
I have a strong feeling my problems are coming to an end. i hope i hope i hope i hope
Again, deep scan appreciation !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
exc, usually it should be checked so your computer does not get any more damage from what caused it to get to the point of auto shutdown. Which is usually caused by conflicting devices like modems and other hardware. And also casused by software too.
But as I've read in many places the person has been told to uncheck this box to see what is going on in the computer when diagnosing it. But as a rule it should be checked to protect your computer.
Recommended Posts
Top Posters In This Topic
28
12
5
14
Popular Days
Jun 15
8
Jul 7
7
Jul 6
6
Jun 14
6
Top Posters In This Topic
excathedra 28 posts
igotout 12 posts
rhino 5 posts
dancing 14 posts
Popular Days
Jun 15 2006
8 posts
Jul 7 2006
7 posts
Jul 6 2006
6 posts
Jun 14 2006
6 posts
excathedra
i just ran msconfig and startup and turned off the sidekick thing
it seems to be working although i would rather delete it completely
there are so many things running around in my mind
when i was young i was into this kind of stuff damie
Link to comment
Share on other sites
ChattyKathy
I wish I could help, and am sad that program didn't take your little away like it did mine. And I had been over it. I wish John lived closer to you so he could come over and fix it. :)
Link to comment
Share on other sites
Goey
If you deleted the registry key that loads the trojan and it comes back, the actual cause was not taken care of. Deleting the registry key doesn't kill the process that may be still running in memory. Along with deleting the key, you also have to stop the running process before you restart the PC, and then find and delete the maliscious executable or dll file(s) as well.
Also, some viruses/trojans load from the registry as a "process" and msconfig is pretty helpless there - as it only looks a a few of the common places where programs are loaded from.
Some trojans (like certain variations of this one) can actually load from the virus chest or from the quarantine folder - depending upon the antivirus software you have. I know it can from Mcaffee, not sure about Norton. I use Avast and it has not let me down in 3 years.
The only way I know to truly get rid of this kind of trojan.
1. Make sure system restore is off.
2. Boot in safe mode
3. Delete the registry key that loads the trojan
4. Delete the infected executable or dll file(s) -- (there may be more than 1. )
5. Delete all temporary internet files (precautionary)
6. Delete all "temp" files. ( precautionary)
7. Delete all files in the virus chest or quarantine folder. Don't skip this ...
Then do a virus scan again, It should not be detected by the antivirus program.
Restart normally. It should be gone.
If it is initially gone and then comes back later on, there is a program still on the system that when run manually, rewrites the registry key, and recreates the malicious files. This program needs to be removed/deleted. The problem will keep coming back forever until this is done .
But if all went well in 1-7 it should be gone and should not return.
Turn System Restore back if you use it. I don't use System Restore as it has seldom been helpful to me, but you may want to keep using it.
Consider using Firefox as your Internet Browser - it is much more secure than IE is customizable with some really cool and useful plug-ins or "extensions".
Link to comment
Share on other sites
Linda Z
Exsie, I paid for a couple downloadable programs when I was trying to cast out the computer's demons, too. They were worthless. That's when I finally decided to call in the ghostbusters.
Link to comment
Share on other sites
excathedra
thank you thank you thank you
well one frustrating thing is when i run adware away, it gets all ready to delete or repair, and then the computer shuts down all by itself. happens every single time
i've been trying in safe mode. so far no good
i did delete surf sidekick and keyboard888 or 666 or something and quick links from remove programs
will have to try again
i think there's a bundled devil
thank you all again - so much !!!
oh and i believe when i tried to download one of those cleaners, it told me the file was already in use ?????
Link to comment
Share on other sites
excathedra
john, i am trying to do what you said to get rid of sidekick
is hijack this something i have to download ?
but maybe i should just write to adware away or the other place and let them fix it for me since their software won't get rid of it
Link to comment
Share on other sites
Goey
Exie,
Download Hijackthis
Unzip it to a folder or to the desktop then run hijackthis.exe - saving the log file.
Then cut and paste the contents of the log file into a new post. It's probably a good idea work with just one person at at time, so John should probably take it from there.
Link to comment
Share on other sites
dancing
Also right click MyComputer-click properties-click advanced tab-in Startup and Recovery click settings-uncheck automatically restart.
That will keep your system running,or it should when you get to the point you described
Link to comment
Share on other sites
excathedra
thanks goey. and you're right
as of now, i just sent a log to adware away since i'm paying for their tech. support
--
i did that too just now, dancing. i thought the virus was making it shut down, so now i can try it again
--
you're all so helpful
i have felt overwhelmed and lost, plus when other things in life are going on, it's really hard to devote time to this
thanks again
and if i've ignored anyone or not followed what you told me, it's not personal at all. it's because my head is spinning
love, regan
:)
Link to comment
Share on other sites
Tom Strange
Regan, I don't know about all these computer things so I've brought you this split pea soup to keep you nourished during the fight.
Link to comment
Share on other sites
excathedra
:) thanks tommy
ps. goey, it sounds like i have to understand more than i do using hijack this ?
Link to comment
Share on other sites
excathedra
pps. dancing, as a rule, should that automatically restart be checked on or off in my computer system recovery thing?
GOOD NEWS! I heard back from Adware Away tech support and they told me things to check off from the log report I sent them (which I guess is like Hijack this). I did it and so far so good. I sent them another log to look at because one of the things they told me to check off was NOT on the list that came up.
I have a strong feeling my problems are coming to an end. i hope i hope i hope i hope
Again, deep scan appreciation !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Link to comment
Share on other sites
Goey
If your computer goes in to automatic shutown and the timer starts, you can prevent it from shutting down by:
Start > Run > then type "shutdown -a" .
This will abort the automatic shutdown and let you keep doing stuff.
Link to comment
Share on other sites
dancing
exc, usually it should be checked so your computer does not get any more damage from what caused it to get to the point of auto shutdown. Which is usually caused by conflicting devices like modems and other hardware. And also casused by software too.
But as I've read in many places the person has been told to uncheck this box to see what is going on in the computer when diagnosing it. But as a rule it should be checked to protect your computer.
Link to comment
Share on other sites
excathedra
k
thank you
Link to comment
Share on other sites
dancing
Could it be a browser add on? Or bho.
If you put the numbers in with the { } signs, it will show what it is and you can block it or un block it.
addonconfig
http://windowsxp.mvps.org/addonconfig.htm
Link to comment
Share on other sites
excathedra
i'm free i'm freeeeeeee and freedom tastes of reality !!!!!!!!
:wub: :wub: :wub: :wub: :wub: :wub: :wub: :wub: :wub: :wub:
Link to comment
Share on other sites
Tom Strange
myseestorRegan... how do you know these spirits will not visit themselves upon you again?
...it's summertime! ...ban the kid from the computer and video games!
Link to comment
Share on other sites
excathedra
oh the kid is off on his bike and swimming in friends' pools etc.
i just i just thank you father i just i just feel i'm spiritually responsible for the technical spirits and now for the hedge around his computer
Link to comment
Share on other sites
topoftheworld
Prayer works, but you took the believing action..
Oh, geez-what am I saying? (slap)
Link to comment
Share on other sites
excathedra
snort snort
Link to comment
Share on other sites
ChattyKathy
way cool excie
Link to comment
Share on other sites
igotout
Here's how to fix it the next time. What I'm gonna do as a solution.
Edited by igotoutLink to comment
Share on other sites
dancing
so is it fixed?
Link to comment
Share on other sites
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.