Go Back   Team-BHP > Around the Corner > Shifting gears > Gadgets, Computers & Software


Reply
 
Thread Tools Search this Thread
Old 21st October 2008, 11:35   #31
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,375
Thanked: 315 Times
Default

Quote:
Originally Posted by RAC View Post
1) if i use external hard disk, is it safe or can the virus infect the portable HD as well?
2) should I write DVD's instead?
3) do DVD's also get infected with trojans
Backing on external HDD or DVD will work fine.

Whatever virus is there in PC, will probably find its way to External HDD or DVD as well. But that is not a problem. Take the backup.

When you do a fresh install, install AVG and let it update itself.

Now connect external HDD and run full scan on PC.

That will clean up viruses from External HDD properly. And you can copy your files back to PC.
NetfreakBombay is offline   Reply With Quote
Old 21st October 2008, 11:56   #32
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 183 Times
Default

yup, whatever you do - backup first.
SLK is offline   Reply With Quote
Old 21st October 2008, 23:24   #33
RAC
BHPian
 
RAC's Avatar
 
Join Date: Mar 2006
Location: Bangalore
Posts: 185
Thanked: 6 Times
Default

@toiingg - Hi. Here are the screen shots of the current status.
Do you see anything wrong.

I am still getting a few pop ups b AVG on some minor virus threats.
I did a McAfee check on C drive and it found a virus but was unable to clean, delete or move it!!!! Will try running a new scan by AVG again.

I have a feeling that AVG has cleared most of the virus. However I am not expert and this is just a feeling.

Most Important: thanks to all for the advice.
Attached Thumbnails
How to remove XP antispyware 2009-1.jpg  

How to remove XP antispyware 2009-2.jpg  

How to remove XP antispyware 2009-3.jpg  

How to remove XP antispyware 2009-4.jpg  

How to remove XP antispyware 2009-5a.jpg  

How to remove XP antispyware 2009-5b.jpg  


Last edited by RAC : 21st October 2008 at 23:25.
RAC is offline   Reply With Quote
Old 21st October 2008, 23:47   #34
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 183 Times
Default

I can't see anything wrong in this. Msconfig is not good enough to show everything.

If you want to try and repair and not reinstall then...
1) Download this Autoruns [It's Microsoft]
2) Run the file Autoruns.exe
3) Goto options menu and select >> "Hide signed Microsoft entries" and "Verify Code Signatures"
4) Click Refresh (i.e. scan again)
5) Goto file menu and save and send me the saved file and I can see then - smsubscriptions-at-gmail.com

Msconfig won't help AFAIK.

Last edited by SLK : 21st October 2008 at 23:50.
SLK is offline   Reply With Quote
Old 22nd October 2008, 00:14   #35
ECM
BHPian
 
ECM's Avatar
 
Join Date: May 2006
Location: Somewhere
Posts: 221
Thanked: 6 Times
Default

RAC
In the 1st pic which you have posted just now,see the 8th file rundll....this is a virus,it has been renamed due to its coding.Dont trust AVG free a.v,it has a habit to show min.of 4-5 virus when you scan it for the 1st time,try this.
Download Spybot-search & Destroy,update it and scan your p.c,it is not a.v but antispyware but try it and I am 100% sure that you will able to clean your system,post your comments after doing scan.Good luck to you.

Last edited by ECM : 22nd October 2008 at 00:22.
ECM is offline   Reply With Quote
Old 22nd October 2008, 07:21   #36
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 183 Times
Default

Quote:
Originally Posted by ECM View Post
RAC
In the 1st pic which you have posted just now,see the 8th file rundll....this is a virus,it has been renamed due to its coding.
Right! it is a virus, you can try to uncheck it in safe mode.

To enter safe mode press F8 before windows starts [before the first windows xp loading screen]

If still doesn't help, try the software ECM mentioned or send me the autoruns saved file.
SLK is offline   Reply With Quote
Old 22nd October 2008, 10:01   #37
RAC
BHPian
 
RAC's Avatar
 
Join Date: Mar 2006
Location: Bangalore
Posts: 185
Thanked: 6 Times
Default

Thank you so much guys. I really appreciate you taking time to help me solve this.

@ECM - I will try that in the evening once I go back home.

@SLK - please lay it down step wise on how to uncheck this virus:

1) Enter safe mode by pressing F8 before Windows starts
2) what do I do next?

Ps: I think AVG has cleaned up my McAfee also. I am not able to update it :-(
RAC is offline   Reply With Quote
Old 22nd October 2008, 11:15   #38
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 183 Times
Default

Quote:
Originally Posted by RAC View Post
1) Enter safe mode by pressing F8 before Windows starts
2) what do I do next?
3) login as you do [assuming you have admin rights]
4) run - msconfig
5) uncheck that 8th item by clicking
6) you also might want to run a scan in safe mode - its more effective
6) restart
7) if msconfig shows a pop up - tell it not to show again.

Hope this ends it, but if not then try spybot or send me the autoruns file.
SLK is offline   Reply With Quote
Old 22nd October 2008, 11:31   #39
RAC
BHPian
 
RAC's Avatar
 
Join Date: Mar 2006
Location: Bangalore
Posts: 185
Thanked: 6 Times
Default

Quote:
Originally Posted by SLK View Post
3)
5) uncheck that 8th item by clicking
Hope this ends it, but if not then try spybot or send me the autoruns file.
Hi
I need some more guidance on how to do this:

1) how do I un-check, since I do not see any check box?
2) what is the autoruns file.

Please be patient with my basic questions.
RAC is offline   Reply With Quote
Old 22nd October 2008, 12:23   #40
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 183 Times
Default

1) you can't see it in your screenshot as the scrollbar is slightly towards the right. The checkbox is always there, just scroll left.
2) This just shows what all programs are bound to start with the windows startup [in detail]
SLK is offline   Reply With Quote
Old 22nd October 2008, 12:38   #41
ECM
BHPian
 
ECM's Avatar
 
Join Date: May 2006
Location: Somewhere
Posts: 221
Thanked: 6 Times
Default

Never commit such mistake again...one needs only one a.v at a time and not more than one else real time scanning will interact and something strange may happen ex.see bold letters below!best is uninstall both avs right now and do what I suggested spybot s&D,install it-update it and scan it,see the results which will generated in 30-40 mins depending upon your Drive,do the needful after seeing scan results,I see no need to format HDD-atleast I personally may never format my HDD for small problem like this.Good luck and Happy Diwali to all of you in advance.
Quote:
Originally Posted by RAC View Post
Thank you so much guys. I really appreciate you taking time to help me solve this.

@ECM - I will try that in the evening once I go back home.

@SLK - please lay it down step wise on how to uncheck this virus:

1) Enter safe mode by pressing F8 before Windows starts
2) what do I do next?

Ps: I think AVG has cleaned up my McAfee also. I am not able to update it :-(
ECM is offline   Reply With Quote
Old 22nd October 2008, 13:18   #42
Senior - BHPian
 
Join Date: Dec 2007
Location: Dubai
Posts: 3,854
Thanked: 123 Times
Default

@RAC,

Do not bother about RunDll32, it is a valid file for the C-Media (sound) card. Now, unless you do not have a C-Media sound card, this is not a virus. A Google gave this info and I believe it.

As mentioned before, can you please get hold of HijackThis ( |MG| Trend Micro HijackThis 2.02 ). It is a lightweight file and is not a installed. Meaning, you just run it without installing.

Run the file after download and after accepting the license, you will get a console with option. Click on "Do a System scan and save log file".

Once the scan is done, copy the content of the log file and paste it in the space provided @ HijackThis Logfileauswertung and click on 'Analyse this' button at the bottom.

This will give you a graphical representation of what is good and what is bad and who might be the bad guy.

This will put an end to all assumptions and give us some concrete directions to head towards.
HappyWheels is offline   Reply With Quote
Old 22nd October 2008, 15:24   #43
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 183 Times
Default

ok, just to clear the confusion, that rundll32 is for C-media sound if you have one. So that might not be the answer.
SLK is offline   Reply With Quote
Old 22nd October 2008, 15:35   #44
RAC
BHPian
 
RAC's Avatar
 
Join Date: Mar 2006
Location: Bangalore
Posts: 185
Thanked: 6 Times
Default

Besides the rundll32, even though nothing suspicious is visible anymore, I am sure that my machine is still not 100% clean.
i plan to run the anti-spyware as mentioned by ECM and HappyWheels (one by one of course) to ensure that the system is 100% cleaned up.
RAC is offline   Reply With Quote
Old 22nd October 2008, 22:44   #45
BHPian
 
Aston.Martin's Avatar
 
Join Date: Oct 2008
Location: Bangalore
Posts: 146
Thanked: 33 Times
Default

Try Malwarebytes' Anti-Malware, it worked for me you can download it here Malwarebytes Anti-Malware v1 29 Multilingual WinAll Incl Keygen-CRD [h33t][MAMBO04] : Software > Windows - Other - Mininova
Aston.Martin is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
RFC 2009 (1-18th Dec 2009) ex670c 4x4 Excursions 19 6th May 2011 11:03
How to remove unwanted paint? Boom Shiva Technical Stuff 17 7th January 2010 12:53
Photographs - Desmosedici RR, Ducati 1098, RC8s, 2009 R1, 2009 Fireblade cbr954rr Motor-Sports 1 25th October 2009 15:46
Govt. to remove income tax exemptions and deductions. Please comment against it..... satish_appasani Shifting gears 15 15th May 2007 21:13
Why didn't the marshals help, remove the Renault? Shan2nu Int'l Motorsport 14 17th September 2004 00:52


All times are GMT +5.5. The time now is 13:40.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks