Re: Help desperately needed with new(?) virus!!!
- From: Malke <notreally@xxxxxxxxxxx>
- Date: Tue, 01 Aug 2006 08:20:11 -0700
Michael wrote:
I need help cleaning out a virus I became infected with.
Multiple pop-ups and interruptions are the typical symptoms. Task Manager
gets deluged with a dozen or more operations, and closing them does not
arrest the virus.
At first I thought it was WINTOOLS, judging from “PC HELL” site, and
proceeded from there.
Disabled System Restore.
Boot is Safe Mode.
Ran REGEDIT; checked registry entries, but none match the suspected
infected lines.
Close REGEDIT.
Ran Hijack This.
Only found 1 BHO line; studied it, and decided to delete it (made a copy
first).
Other entries did not show up. (in other words .. no … HKLM …\WINTOOLS …
lines.
Rebooted in Normal Mode.
Still infected.
Turned back to “PC HELL”, tried to search for “targetsaver” references.
(weren’t any??).
Did an internet search, and found instructions.
Deleted TargetSaver from Control Panel Add/Remove Programs.
Booted in Safe Mode.
Opened REGEDIT.
Again, could not find suspicious line .. as in:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentverson\Run Tsa.
(or Tsa2)
Closed REGEDIT.
Rebooted in Normal Mode.
Reset System Restore.
Still infected.
My system:
Windows XP Home
DSL modem
Presario Pentium desktop
1 Gig ram
Using Norton, Hijack This, Ewido, Ad-Aware [all updated!]
The virus launches pop-ups one on top of another; crams the task manager;
eventually rendering other programs unusable; and even places icons for
some pop-ups on the desktop. Many (not all) of the pop-ups advertise a
“TargetSaver” line on top.
Did a search for both “targetsaver” … and “target saver” in newsgroup
security, but nothing came back.
Run HijackThis again and post your log on one of these specialty forums (not
here, please):
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another
tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://forums.tomcoyote.org/
Malke
--
MS-MVP Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
.
- Follow-Ups:
- Re: Help desperately needed with new(?) virus!!!
- From: Michael
- Re: Help desperately needed with new(?) virus!!!
- References:
- Help desperately needed with new(?) virus!!!
- From: Michael
- Help desperately needed with new(?) virus!!!
- Prev by Date: Re: Help desperately needed with new(?) virus!!!
- Next by Date: Re: C:\Documents and Settings in XP Home
- Previous by thread: Re: Help desperately needed with new(?) virus!!!
- Next by thread: Re: Help desperately needed with new(?) virus!!!
- Index(es):
