Spyware, Viruses, & Security forum

General discussion

Cannot get rid of Trojans and worms!!!!

by dlyn67 / July 3, 2006 3:26 AM PDT

Our computer (with Window XP) has several Trojans and worms and we cannot get rid of them. It is messing up the whole computer. We can't get on the internet, sometimes the desktop will not come up and many other things. We finally found out that there is a worm in the desktop. I'm not sure how to get rid of it because we downloaded and bought xoftspy to clear them all and for some reason it hasn't cleared some of them. We are ready to throw the computer out the window!! Help!

Discussion is locked
You are posting a reply to: Cannot get rid of Trojans and worms!!!!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Cannot get rid of Trojans and worms!!!!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Some Things To Do...
by Grif Thomas Forum moderator / July 3, 2006 4:45 AM PDT

First, which antivirus program are you using? EXACTLY which trojans and worms are being identified? The "specifics" would sure help...The more information you give us, the better informed our answer will be.

Next, if you are able to get on line at all, please click on either of the links below and run the free scans they provide:

Housecall Online Scanner

Panda Online Scanner

Next, on another "clean" computer, download the following antispyware and antivirus programs, burn them to a CD, then transfer and install them on your infected computer.. Update them from the internet if at all possible after they're installed.

McAfee Stinger Standalone Virus Scanner

Ad-Aware

Collapse -
Type of antivirus and trojans and worms, etc....
by dlyn67 / July 3, 2006 8:07 AM PDT
In reply to: Some Things To Do...

We have the The Shield Antivirus. Well when I looked again, we not only have trojans and worms, but hijackers, adware, and data miners. There are 16 total. The ones that I have and can identify are:
software\microsoft\windows/current
c:\docume~1\admini~1\LOCALS~1\T
c:\windows\system32\task.dir.dll
c:\windows\system32\zlbw.dll
appid\iebhos.dll (a few iebhos.dll things)
c:\ProgramFiles\e2g
some Spyware Disinfection
I have found some of the files and deleted them but they keep coming back when I restart the computer. We have xoftspy to scan the viruses and they keep coming back after I have restarted the computer.
I downloaded the sites that you sent me on a CD but can't update them due to not being able to get on the computer.
I hope that helps! Thank you for helping me!!

Collapse -
(NT) (NT) Let Us Know How It Goes...
by Grif Thomas Forum moderator / July 3, 2006 10:09 AM PDT
Collapse -
One More
by Bugbatter / July 3, 2006 2:07 PM PDT

This one won't need to be updated. It's a start, but it won't get everything.
Download E2TakeOut by RubbeR DuckY from here:
http://www.malwarebytes.org/E2TakeOut.zip
Extract the file to your Desktop.
Double click E2TakeOut.exe.
Click the Begin Removal button.
Wait until the program is finished scanning.
Once done, it will produce a popup stating that the infection has been found and you need to reboot you computer.
To complete the removal, reboot your computer.

Collapse -
(NT) (NT) E2TakeOut removes the E2Give and PTech malware
by Marianna Schmudlach / July 3, 2006 2:17 PM PDT
In reply to: One More
Collapse -
Exactly :)
by Bugbatter / July 3, 2006 2:35 PM PDT

c:\ProgramFiles\e2g

Collapse -
Can't get E2TakeOut to work
by dlyn67 / July 5, 2006 2:47 AM PDT

I downloaded this software and it still isn't getting rid of it, in fact, I think it added more. My computer is working better though which is very good although I cannot get rid of some of these things. Two things that Spybot S&D is Command services: Hkey_? I am actually at work and left the file name at home. Any other ideas?

Collapse -
And Did You Run ALL Scans In Safe Mode??
by Grif Thomas Forum moderator / July 5, 2006 3:14 AM PDT
Collapse -
Everyone but the E2Takeout
by dlyn67 / July 5, 2006 6:25 AM PDT

So do I need to do that one in Safe Mode?

Collapse -
This One Tool Does Not Get Everything
by Bugbatter / July 5, 2006 3:31 AM PDT
''I downloaded this software and it still isn't getting rid of it, in fact, I think it added more.''
I doubt that this tool added any infections. If anything was added, it was a result of the problems that you have not cleaned yet.
As I mentioned in my post above, it won't fix all of the malware, but it will fix some -- only the E2G and Prutect since they are usually bundled together.

Please run your other scans in Safe Mode as Grif suggested.
Then let us know which files your scanners are still finding, but cannot clean.
Collapse -
Thank you
by dlyn67 / July 5, 2006 6:30 AM PDT

Ok, well the 2 that won't remove are in the Command services which are:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet

Maybe those are causing the E2Gives to not go away even with the E2Takeout?

Collapse -
A Report On Those 'Command Services'
by Grif Thomas Forum moderator / July 5, 2006 6:55 AM PDT
In reply to: Thank you

Sounds Like A Registry Edit Is In Order But......you still haven't given us the EXACT and correct registry entries that need to be deleted by Spybot..

The registry paths that you are referring to will be:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
&
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet

See the link below and follow the procedures to clean out that registry issue...:

http://forums.spybot.info/showthread.php?t=1603

Hope this helps.

Grif

Collapse -
Maybe I don't understand
by dlyn67 / July 5, 2006 7:42 AM PDT

Those two command service entries were exact. I wrote them down straight from the computer. Maybe I didn't get them all? I'll try the link and let you know... Thanks

Collapse -
I think I really messed up...
by dlyn67 / July 5, 2006 7:56 AM PDT

I went in and followed the directions but I think I deleted things I wasn't supposed to because now it says that application terminated and I can't even get into regedit anymore. I thought that a registry key was bad so I needed to get rid of it!! Oh gosh...

Collapse -
kvan77...
by Bugbatter / July 5, 2006 7:04 AM PDT
In reply to: Thank you

Are you saying that e2g is still showing up?

Which tools did you run in Safe Mode and in what sequence?

Collapse -
tools I ran
by dlyn67 / July 5, 2006 7:40 AM PDT
In reply to: kvan77...

I ran in this order in Safe Mode:
Sting260
Spybot S&D
CW Shredder

And yes the E2Give files are still coming up. I just ran the Spybot again and the xoftspy and they come up with those. But the spybot removes it but then I run it again and it comes back. They don't seem to STAY away!

Collapse -
Remove E2Give
by Marianna Schmudlach / July 5, 2006 7:51 AM PDT
In reply to: tools I ran
Collapse -
I completely messed up!
by dlyn67 / July 5, 2006 8:01 AM PDT
In reply to: Remove E2Give

I can't even pull up my task manager anymore because I must have erased something in my registry....is there anyway I can bring it back?

Collapse -
Have you tried clicking start, run, and typing taskmgr.exe
by Marianna Schmudlach / July 5, 2006 8:14 AM PDT

into the run box and hitting enter.

Collapse -
Try System Restore...
by Grif Thomas Forum moderator / July 5, 2006 9:23 AM PDT

Click on Start-All Programs-Accessories-System Tools-System Restore. When the System Restore window opens, select "Restore my computer back to an earlier time", then click on "Next". When the next "Calendar" window loads, select a "bold" date, prefereably yesterday, then click on "Next" and follow the prompts to restore the computer and it's registry back to yesterday..

In the future, when making registry changes, ALWAYS make a backup of the registry first.

Hope this helps.

Grif

Collapse -
Yes. There is a solution
by welrdelr / July 20, 2006 8:58 PM PDT

Install OpenBSD or DragonflyBSD on your computer. Get rid of windows.

Collapse -
I had keylogger & backdoor programs & only 1 program worked
by rr654 / July 21, 2006 10:17 AM PDT

I had 2 very high risk programs on my PC: a keylogger and a remote backdoor. I tried all the programs that have been suggested plus many more. I went to the TechRepublic.com.com (yes, that's the correct address) and it was suggested to me to try Spyware Doctor downloadable from www.pctools.com. I was told if Spyware Doctor didn't find anything then my PC was clean. So I downloaded, installed and ran a full system scan on all my drives through all my files (that's important.) Be very thorough in your scan. Scan files, registry, everything. And after you've quarantined files and/or removed files and you're sure your PC is back to where it's supposed to be, set a restore point.

What did I have to lose if I tried it? Some time. Well, I'd already wasted a lot of that. So, why not? Well, I have now lost the keylogger, the remote backdoor, plus several medium risk items that weren't detected by other programs.

I want you and anyone else to know that I don't have any stock in Spyware Doctor so this is not an advertisement. But I share this info with everyone I know who is having a problem. I'd want someone to do this for me (like this one very kind gentleman did with me.) My philosophy is, if I finally find something that works and I know someone else is having a similar problem, then I share with them my experience. Then I leave it up to that person to do with my info what they will.

So, let me know if you try it and what you experience. I'd be interested to know if it works for you. Happy

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.