Saturday, March 21, 2009

Another virus thwarted

It seems like every few months I get a virus that I have to deal with. My favorite thing is to switch to another hard drive with a clean install and then copy my files back off the old hard drive via an IDE to USB adapter. However I did not have a spare laptop hard drive available and the first two I won on eBay did not work!

The last two virus' on my computer both came from searching the web. I remember when it was safe to search the web. In one case I was looking for help in fixing a LCD TV that just has a blue screen. The second time was from searching for how to remove the password from a laptop hard drive. It seems like there has to be a way to remove the password short of tossing the whole hard drive. I had Windows XP SP3 installed with all the updates, AVG running and telling me what sites are safe to visit, you name it I was protected, but it all failed to protect me.

The symptoms of the infection included lots of pop ups so I installed Spybot Search and Destroy. It found 38 problems including something that had shut down the Windows firewall. Upon restarting the computer, the virus was still there, so next I ran AVG in safe mode. It found two files and removed them. They were some sort of Trojan Horse Generic, but the virus was still there.

So then I went into manual virus removal mode. The first weapon was startup.exe, there were two strange programs running so I shut them down. That did not work, they came right back, as can be seen in the picture below. I found the files in the windows\system32 directory after I had turned back on the ability to view hidden system files in file manager. Then I tried to delete them or even to rename them all to no avail. Next I restated the computer in safe mode and was able to delete the files and also disable them using startup.

1 comment:

