McAfee can't fix my Virus, Can Norton?

Discussion in 'Computer Support' started by Bob D'Spain, Jul 12, 2004.

  1. Bob D'Spain

    Bob D'Spain Guest

    On XP, my IE ver.6.0.28 Is hijacked with: http://easy-search.biz/
    (my fix for this is to use netscape)

    More Annoying yet:, I have a virus MultiDropper-JL which is cleaned
    every 10 minutes by my McAfee
    Software…Then 10 minutes later, I get the message that the same virus
    on the same
    Files (c:\windows\dialup.exe & same file-name in temp-internet-files)
    is being deleted.

    I've sent 2 emails to McAfee with no response.

    I'm ready to switch to Norton if I can get my problems solved. I have
    current Ad-aware scanning my system, also to no avail.

    Or does anyone have any suggestions on How I can fix this…

    Thanks,
    Bob
     
    Bob D'Spain, Jul 12, 2004
    #1
    1. Advertisements

  2. Bob D'Spain

    Buffalo Guest

    Sometimes you have to disable the Restore feature in WinXP and then run your
    antivirus program, as Restore keeps a copy and prevents the total removal of
    the virus.
    If you are sure of the date of the infection, you could possibly try using
    the Restore feature to go back to the time the machine was clean. If you do
    that, remember that everthing that happened to your PC after that restore
    date, will be undone.
     
    Buffalo, Jul 12, 2004
    #2
    1. Advertisements

  3. Bob D'Spain

    Conor Guest

    Turn off System Restore, try again.
     
    Conor, Jul 12, 2004
    #3
  4. Bob D'Spain

    Skalek Guest

    Your best bet is to reboot into safe mode and delete the files manually.
    You may also want to see if there is other programs listed in your Run
    registry entries that are constantly creating this file.

    To see a tutorial on how to enter safe mode you can read this:

    http://www.bleepingcomputer.com/forums/index.php?showtutorial=61

    If you would like help diagnosing your run entries you can follow these
    instructions:

    Create a directory on your hardrive to save HijackThis.exe. A directory
    like c:\hijackthis. If you do not do this, you will not be able to use the
    backup/restore features.

    Download HijackThis from:

    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    or here:

    http://computercops.biz/downloads-cat-14.html

    Save this file into the directory you made previously and then run the
    program named hijackthis.exe. When the program opens click on the Config
    button, then click on the Misc Tools button, and click on the Check for
    update online button. When it completes checking/applying updates press the
    back button.

    Now click on the Scan button and when it is finished click on the Save Log
    button. A Notepad window will open with the contents of this log. Click on
    Edit then click on Select all. Then click on Edit and then Click on Copy.

    Create a reply to this post here or register an account and post a message
    in the HijackThis Logs forums at http://www.bleepingcomputer.com and right
    click in message area and select paste to paste the log into the post.

    Someone will reply to you after reading this post. DO NOT fix any entries
    unless you understand what you are doing.

    To see a tutorial with screenshots on using HijackThis you can click on the
    link below:

    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
     
    Skalek, Jul 12, 2004
    #4
  5. Bob D'Spain

    °Mike° Guest

  6. Bob D'Spain

    Ron Martell Guest

    Viruses in the System Restore data are totally encapsulated and cannot
    cause any harm so long as they remain there. The only way they can
    get out is to run System Restore and restore the infected files to
    use.

    You can easily clean up the system restore files in Windows XP by
    first setting a current system restore point then running the Disk
    Cleanup utility and using the More Options tab to clean up System
    Restore data. This will remove all but the most recent restore point.



    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    "The reason computer chips are so small is computers don't eat much."
     
    Ron Martell, Jul 12, 2004
    #6
  7. What a load of crap. Just turn system restore off and reboot. Virus = gone.

    No wonder everyone ridicules "MVPeePees"

    --
    Mr. Trevor Fourie.
    WesBank Limited.
    7 Girton Road, ParksTown, Johannesburg,
    2193, South Africa,
    Republic of South Africa.
    Email:
     
    Mr. Trevor Fourie, Jul 12, 2004
    #7
  8. Bob D'Spain

    Ron Martell Guest

    And if you don't turn System Restore back on again and your registry
    is trashed by a botched install or other problem you are in deep dark
    doggy doo.

    Why take avoidable risks?


    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    "The reason computer chips are so small is computers don't eat much."
     
    Ron Martell, Jul 13, 2004
    #8

  9. Actually I do not understand why anyone is even recommending they
    enable/disbale system restore to clear the viruses when its clear from his
    message that the viruses are not being found in the system restore
    directories but rather:

    "c:\windows\dialup.exe & same file-name in temp-internet-files"

    Enabling and disabling system restore is only necessary to be used when the
    files are being detected in the store, thus not allowing the AV programs to
    remove it. In this situation this does not seem to be the case and he does
    not seem to be restoring a restore point.
     
    Lawrence Abrams, Jul 13, 2004
    #9
  10. Bob D'Spain

    Buffalo Guest

    Ron,
    Thanks for the explaination.
    I don't have WinXP so I was just repeating what I heard in this and an
    antivirus NG.
    Since his problem doesn't 'seem' to be caused by anything in System Restore
    because, as you said "Viruses in the System Restore data are totally
    encapsulated and cannot cause any harm so long as they remain there. The
    only way they can
    get out is to run System Restore and restore the infected files to use", it
    must be another problem.
    Thanks again,
    Buffalo
     
    Buffalo, Jul 13, 2004
    #10
  11. Bob D'Spain

    Jimmy Dean Guest

    Mainly so that _if_ you do a system restore, the virus won't be
    restored.
    Boot to Safe Mode and do a search for these files, then delete.
    Symantec (Norton) usually advocate disabling System Restore because of
    the possibility of later (after the cirsis has passed), restoring your
    system for some other reason and thereby (potentially) restoring the
    infection.

    jd
     
    Jimmy Dean, Jul 14, 2004
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.