Trojan problems

[Batman]

I am by no means a computer expert, so I'm going to turn to you guys to see if you can possibly help me out.

Recently, my computer has become corrupted by a multitude of Trojans, and potential other viruses. I only know there's a Trojan involved because of a half-completed scan of my hard drive through SuperAnti Spyware. The problem has caused me to resort to System Restore four times, and so far, it's not left.

When I say 'half completed', that's the problem. Whenever I try to initiate a scan, it usually starts and lasts for seconds to minutes, before immediately restarting my computer on it's own. This has also happened when I tried to reinstall Yahoo Instant Messenger, due to the System Restore forcing me to do that with all of my non-standard programs.

Because of this, I haven't been able to install anything else. Not because I'm sure that it'll happen with every other program I install (incidentally, I did manage to get MSN Messenger and Adobe Flash installed), but because I'm too afraid it might with any that I try next. SuperAntiSpyware hasn't failed me before, so I'm sure that if I could prevent the computer from shutting off during the scan, I could make a breakthrough to getting my drive clean.

Is there any way to do this, or is it likely a result of the virus/Trojans? I'd be more than willing to try another Antivirus program, but I've already tried AVG, and it hasn't worked.

 

[Drakon]

I use Clamwin. You might be boned and have to reformat entirely.

 

[strikezone89]

well the virus might be making ur system shutdown if it recognizes that theres a program trying to find and kill it.... try shutting down the virus from automatically starting up when ur system restarts.... go to RUN>MSCONFIG>STARTUP... look in the manufacturer column and most likely the virus will be listed as "unknown"... if your not sure about a process then just Google it and see if any of them are viruses.... now if u do find a malicious process UNCHECK it then click "Apply" and "Close" a message box will ask if you want to restart.... YES you do want to restart. Allow the system to restart and try running ur virus program again... if that don't work then post it here and ill give u another method u can try to do

 

[Malice]

I suggest doing the following

1) Download and open up ClamWin to your desktop, run it to update it.

2) Run MSCONFIG (Run > type in MSCONFIG) get rid of things in the startup area that dont look right.

3) Reboot, and boot into SAFE MODE....

4) Run CLAMWIN and see if that helps.

 

[strikezone89]

^ i think he said he COULDN'T download any other programs due to the virus

 

[Batman]

Alright, I checked my system configuration, like you guys told me to. It seems there were alot of programs running that weren't apart of Windows... I looked every one of them up on Google and found virtually no results for the ones I suspected of being a virus. After a massive amount of unchecks, I downloaded Clamwin and it's currently doing a scan of my system. Now, if I can keep it going long enough, I may have a shot at turning this around.

Thanks for the help, guys. I really appreciate it. It's been hell to deal with.

 

[black_dust]

Wow i would really just not bother and reformat your hard drive and reinstall windows. You can spend a few days trying to fix it when reinstalling takes a few hours. Then just have all your ainti virus stuff installed from the very start so you dont get in this mess again

 

[Malice]

Wow i would really just not bother and reformat your hard drive and reinstall windows. You can spend a few days trying to fix it when reinstalling takes a few hours. Then just have all your ainti virus stuff installed from the very start so you dont get in this mess again

I agree black dust...but some people are a little nervous to reformat and have never done it before.

 

[The-Dark-Knight]

I cant be the only one who thought he meant condom problems?

Okay maybe i was.

 

[Batman]

Even I thought that, and I'm the one that made the thread.

Anyway, yes, I'd definitely be cautious about reformatting my system. I've never done it, barely know how, and if there's a chance I can save as much data as I can, I'll take it. However, I am taking a few precautions in the event that it comes down to reinstalling Windows, such as uploading all of my photos to Photobucket and making up a list of programs that I used consistently.

It just all depends on how Clamwin does. Right now, it's going incredibly slow (I think it's been stuck on the same file for a number of hours), so I'm not too optimistic at the moment. But I'm more than willing to wait.

 

[Arc-Light]

I hope you are running clamWin in safe mode Master Bruce......

 

[strikezone89]

Wow i would really just not bother and reformat your hard drive and reinstall windows. You can spend a few days trying to fix it when reinstalling takes a few hours. Then just have all your ainti virus stuff installed from the very start so you dont get in this mess again

yeah... i agree with u and Malice but like Malice said people are very cautious when it comes to reformatting cause they doubt themselves and screw up...

 

[Batman]

I switched to Safe Mode after realizing I had missed that step, and started ClamWin again. It's not done yet, but it's picked up a hell of alot of Adware and Trojan traces already. Things are looking up.

 

[Batman]

Success! Then... further failure.

For a brief time, I had it running pretty smoothly again. ClamWin in Safe Mode seemingly rid the system of the Trojans, Adware, and general viruses it found. There were still a couple of errors, but they were pretty minor. I didn't worry.

Well, then I went to delete some programs that I hadn't had the chance to when my computer was virus-ravaged. One of them was Trend Micro Antivirus, which was installed on my computer when I got it. I deleted it before, as it was a tad useless given it couldn't be updated after a certain time, so I didn't think anything of doing it again.

However, when I went to remove it, it warned me that some files would be deleted because of the Quarantine folder. Again, didn't think anything of it, because I didn't remember that I had used it to scan when my problem first occurred, the result being the discovery of nothing more than a couple Adware traces. I knew that it wasn't anything causing my dilemma, so I left it, and later created this thread for help.

Cut to now, and something went wrong. Because I went ahead with deleting Trend Micro, I think it may have affected my system, because when I restarted the computer to go through with the deletion, my Start tray didn't appear for awhile. When it finally did, it wasn't the same. It was more of a retro version of itself. I tried to change it back using Display properties, but it didn't make a difference. I soon found out there were other problems, aswell. I couldn't connect to the internet, because there were no Network Connections and it wouldn't let me install any.

Well, it got worse. Once I realized I may have made a mistake in deleting Trend Micro, or at least not checking the files it had in Quarantine, I went to PC Tools & Help/System Restore to try and restore my system to the point before I had deleted the program. There was a checkpoint there, so I clicked it, thinking it would get things back to normal.

It didn't. Now, whenever I go to start my computer, Explorer won't start up. I had to start the Task Manager, and run MSConfig from there in order to start Safe Mode up again. Now I'm stuck to where I was before, because that's the only way Explorer would show up.

What the hell did I do? More importantly, can I fix it, or did I screw myself over pretty big?

 

[Malice]

DO you have the operating system CDs that came with the computer?
If you have a "RESTORE CD" then I would use them.....just make sure to backup any data you want to save to a CD or something.

 

[Batman]

I don't have the discs. And I tried to download them from Microsoft's website, but the computer cancelled out the extraction of the files, so I'm pretty much stuck at the moment. Luckily, I've borrowed a laptop for the moment, so I'll probably use this while I take my PC to be formatted by an upstate GeekSquad, or something.

If not that, then I'll probably just have to save up for a new one altogether.

 

[Mixairian]

I'll go classic style on this. This works for infections that do not outright corrupt Windows files.

Computer, normal mode, leave it online and running for a few minutes.

Load computer in Safe Mode CMD Prompt.

Use CTRL ALT DELETE to access Explorer and other shenanigans like that.

Access MSCONFIG.

Look at the startup entries, check where they're located. Write everything down. Often in Windows System 32 folder. Delete those files and then remove them from MSCONFIG.

Open regedit and use CTRL F to find each startup trace.

Delete the registry entries.

Now, what I do after finding the entries, is I'll go to my Windows folder, delete all the hidden folders that start with $ (just to clear space) and all the text files. After I've done that, I'll arrange by date and look at the recently updated files. Having done this for months, I know what doesn't belong and delete. If you're unsure, look up the file name on a clean computer.

Repeat this process for the System32 folder. In the Windows Downloaded folder (both of them), you can just delete everything.

Next, if you're a XP use, go to documents and settings, your user name, programs, startup, and remove anything suspicious. Same concept with Vista.

This is of course easier when you use tools that allow you to load a PE environment.

Enjoy.

Side Note:

Formatting is a bagillion times faster and easier.