OK, if none of that stuff works, go to www.majorgeek.com and follow their instructions TO THE LETTER for removing malware. Why are they different? Because they walk you through the process (in part using the hijackthis tool) of actually digging into the registry, bootup process, etc where malware hides and manually ripping it out by the roots. Warning: The process is long and tedious and if you mess up a step, you just might (in fact probably will) trash your computer. Its where I go when all else fails (and I have both trashed and saved my computer on different occassions).
Depending on the age of your hard drive and type, buy a SATA/IDE-to-USB adapter or an external drive enclosure. Pull your hard drive, plug it into the USB adapter and then plug into a system with the very latest Windows updates, AVG/other antivirus and spyware removal tools.
Once mounted externally, you can treat it as another drive. I start with an AVG scan and finish with a Malwarebytes scan.
There are a few extra “super-hidden” files that you can't get into on a drive that is the boot drive. I typically find these infected files in “Recycler”.
While you have the drive out, go ahead and run a defrag of the drive.
If this is a true rootkit then you will need better tools, but for most things AVG, Windows Defender and Amlwarebytes work fine.
There comes a time that you may be well advised to take the system into a local nerdshop and pay them to help.
If you can wait a day, I can build you a BartPE and send it over. FReepmail me if you need it.
Well, “delete computer” and then “get a Mac” and you’re home free... :-)
Did you turn off/disable Windows Restore before trying to delete the trojan?
If not, you need to do that.
Bookmark
bump for later
Reformatting got rid of the problem and cleaned up two years worth of crap on the hard drive. The system runs faster and I think it was worth it.
As a small business owner who deals with this for a living, I’d say: do a reload. Save all your data on an external drive, then reload all your operating systems and programs. Then update them all.
You may never be able to find out where you got it, but be sure to have antivirus, spyware, and malware detector programs on your system and keep them up to date. If you don’t have all of them, get them.
Of course, you could always call a pro if you don’t have a spare 6 to 8 hours ;)
Many times some viruses will effectively go into ‘hide’ mode and reassert themselves after running a virus cleaner by pulling new code from the web. When you run a virus cleaner, update the cleaner to make sure you have all the latest and greatest virus-killing love, and then disconnect your computer from the internet. Run the virus cleaner. Reboot and run it again. Then reconnect to the internet and run it a third time to see if it still detects the virus.
One little trick the virus writers used almost made me format my hard drive in exasperation. They created a registry entry under a certain user name that would replicate the virus then deleted that user.
I tried all the above (Malwarebytes, ComboFix, etc...) following the directions to the letter and they would do everything but could not delete the registry entry that would replicate the virus. I finally nailed down the the hex signature of this virus registry entry, found it in the registry and tried to delete it as the Administrator but it would not delete. I had to change the permissions of the virus entry first, then I was able to delete the virus registry entry. ***DISCLAIMER*** be VERY careful when dealing with the registry. Be sure you have it backed up and be sure you only delete the virus registry key.
I have one that killed my mouse in windows I went to ubuntu instead.
But I still want to go back to windows. I just cannot get the mouse to work or kill the virus.
For what its worth, google rootrepeal. I use it on occasion to delete core rootkit files, specifically the files that lock the rest down, usually found in the system32 folder.