GolfGTIforum.co.uk

General => General discussion => Topic started by: T_J_G on 16 February 2012, 22:12

Title: Virus Help
Post by: T_J_G on 16 February 2012, 22:12

Right I'm not totally up to speed on Windows but it seems our laptop has got a trojan. Spybot picks it up as a WIN32 GEMA but won't remove it. I tried to download AVG but it comes up that my security settings on browser don't allow this  :huh: When a search on google is done and we click a link it'll forward us to ebay or adultfriendfinder.com.

I'm running Spybot in administrator mode see if that'll kill it...any ideas people?

Title: Re: Virus Help
Post by: richw911 on 16 February 2012, 22:14

Remove it in safe mode  :undecided:

Title: Re: Virus Help
Post by: bobbarley on 16 February 2012, 22:16

AVG might work.  It's free too.

Title: Re: Virus Help
Post by: Jay on 16 February 2012, 22:21

Check my blog in my profile, I hastily wrote a post not so long ago about removing viruses  :smiley: Lots of viruses are modelled around the same lame tactics and in most cases easier to remove thanks to this lameness.

Title: Re: Virus Help
Post by: T_J_G on 16 February 2012, 22:33

Quote from: bobbarley on 16 February 2012, 22:16

AVG might work.  It's free too.

Downloading now.

Jay read your blog but to be honest most of it went over my head. Does the taskill stop the virus from being used and therefore can be removed easier?

Title: Re: Virus Help
Post by: Jay on 16 February 2012, 22:40

It stops the virus program running, if you've told taskkill to kill the correct program that is. Also depends on a few things, the virus could be running in multiple processes (program names like zxcv.exe or asdf.exe) so you'll need to kill all, or boot into safe mode - most viruses don't / can't run in safe mode.

It is a bit of a mess and I need to tidy it up, I just has inspiration late at night and rambled on :grin:

Title: Re: Virus Help
Post by: T_J_G on 16 February 2012, 23:01

It's kind of useful but I'm not too clued up on Windows.

I've taskkilled IE and doing another spybot search? If not reboot into safe mode and remove through Spybot that way?

Title: Re: Virus Help
Post by: clipperjay on 16 February 2012, 23:08

Hijack this kill the process
run malware bytes
Get doggy and search for other files that contain those for mentioned virus names then manually delete the other files!
Done
 

Title: Re: Virus Help
Post by: T_J_G on 17 February 2012, 00:33

Right done a hijack this jsut no idea what it means!

Title: Re: Virus Help
Post by: clipperjay on 17 February 2012, 09:16

You need to seperate normal processes from a active virus you can click on each item it finds to establish if Hijack this thinks its normal. The tricky part is establishing what its doing, but safe bet get Malware bytes get trial version of Pro to clean up the comp, but sometimes the virus is clever enough to stop installs which is why you need hijack this to stop it in its tracks before wiping it out! Read the guides for Hijack this or print a copy of what it finds on here if you can?
 

Title: Re: Virus Help
Post by: T_J_G on 18 February 2012, 15:09

Update: computer is really slow so just backing up for a clean install of Vista I think

Title: Re: Virus Help
Post by: clipperjay on 18 February 2012, 17:19

Dont forget to back drivers up it might be a mare to find them again?