Computer Newbies forum

General discussion

How do I remove a detected virus??

by aletha / September 17, 2004 8:01 AM PDT

Norton Anti-virus software has detected the virus w32.sillyp2p in my machine running xp home.
It says that the virus cannot be quarantined, cannot be removed, and access to the file is denied.
How do I remove this?

Post a reply
Discussion is locked
You are posting a reply to: How do I remove a detected virus??
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: How do I remove a detected virus??
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: How do I remove a detected virus??
by Grif Thomas Forum moderator / September 17, 2004 8:19 AM PDT

Aletha,

Please tell us the name and location of the file that was detected. Was it in e-mail or was it a file already on the hard drive?

Unfortunately, Symantec doesn't appear to have a specific write up on that virus. But, usually you can manually delete the file after restarting the computer into "Safe Mode":

How To Start In 'Safe Mode'

After restarting into Safe Mode, run a full system scan and Norton should be able to delete it now. If not, then try navigating to the file, then deleting it manually.

It's also possible that the infected file is in the "System Restore" files. If that's the case, then you'll need to temporarily disable System Restore using the instructions below, then scan again:

How To Disable System Restore

Hope this helps.

Grif

Collapse -
Re: How do I remove a detected virus??
by aletha / September 17, 2004 8:47 AM PDT

Thank you for such a timely reply.
The file is located in;
C:\windows\system32\syschost.exe
This didn't come from an e-mail, however during the night my son was using the computer and I suspect he was file sharing so perhaps he picked up something there.
The How To Start In 'Safe Mode' link above doesn't work for me. I keep getting a page not found.

I've already tried disabling system restore, and still access is denied to the file.

Collapse -
Aletha, Sorry, Try This
by Grif Thomas Forum moderator / September 17, 2004 10:13 AM PDT
Collapse -
Re: Aletha, Sorry, Try This
by aletha / September 17, 2004 1:08 PM PDT

Oh, thank you very very very much!!! I've now got the virus in quarantine. Re-scanning right now, then I'll delete the entire file. It doesn't seem that I need it.

Now I'm curious as to why my virus detector wouldn't work till I started up in safe mode??? hmmm

Thanks again Grif,
Aletha

Collapse -
Aletha, Good Job !
by Grif Thomas Forum moderator / September 18, 2004 8:55 AM PDT

Viruses and Trojans will frequently set registry entries which cause themselves to run at start up. When programs are running, Windows "locks" them so they can't be altered. When you restart in "Safe Mode", Windows only loads "essential" start up programs and drivers, which allows you to delete the "unlocked/unstarted" files.

Hope this helps.

Grif

Collapse -
how to remove a trogan horse that is undetected
by babybless18 / June 30, 2010 1:40 PM PDT

my desktop computer is new but about a day ago it started giving the same problem as my laptop. (this may be a result of me using the same flash drive on both computers). when ever i am starting up my laptop or desktop and i am to enter the user password i see a lot of dots e.g [..................} so i have to press back to delete them before i can enter the password.

the MAIN problem i am having is whenever i scan with my anti virus software(AVG) it comes up clean. Before the problem started whenever i use my flash drive on the desktop computer it would show Trojan virus detected and i would erase/remove it. PLEASE help me

Collapse -
Then Try This
by Grif Thomas Forum moderator / July 4, 2010 12:01 PM PDT

First start by downloading the free tool below and running it while the flash drive is placed in the computer. It prevents the Autorun.inf from automatically running from the flash drive.

http://download.cnet.com/Autorun-Eater/3000-2239_4-10752777.html

One that's done, then please try the steps below:

Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

First, after transferring it to the problem machine, run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one. Be patient.... as a black window should open, then close after finding all the background programs.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________


Hope this helps.......

Grif

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

CNET's Tech Minute

Top 3 news reading apps

With the latest tech, getting news delivered to your phone is easier than ever. Here's a roundup of apps that are customizable and useful for getting the news.