2 trojans I can't deleted... : FFXI General Discussions

I have 2 trojans on my computer I can't figure out how to delete. Both McAfee virus protection and Search & Destroy spy bot killer can't get rid of them.

They keep bringing down ffxi when they pop up. Anyone know to get rid of them?

Edit: I just got back on FFXI today and I ignored these for a while but now they are more than just a nuicance.

If you know the names of the trojans you can look them up on Mcaffee's or Symantec websites and see if there are removal instructions. Also, certain websites can put simple trojans in your personal settings folders for Internet Explorer. Try deleting all cookies, files etc.

My best bet would be a manual removal of the virus. This is probably the hardest way but also the best way to remove viruses from your pc.

If you need any help just PM me and I will give you other ideas.

Check out Ad-aware from Lavasoft, it's quite good at cleaning stuff up.

Thank you Cori_tim and asl18fs. It's been a long time no see asl18fs how has you been?

I think I got rid of one of them by updating my windows files. I had 22 high priority updates I needed to download. The other one only comes up with I visit a website so I don't think that'll be a problem while I'm playing.

Again thanks for the help.

run spybot in safe mode. should be np when they aint active

Hey Drakkar here is a site that I get some good utilities from. Hopefully doesn't get sensored by Admin.

http://www.spywareinfo.com/~merijn/

I use a couple tools in here

cwsshredder which looks for CoolWWWsearch spyware (redirectors for Search etc.)

I also use Hijackthis which searches through all of the BHO's for Internet Explorer.

Another great utility for combating the acquirement of spyware is Spywareblaster, just google it and you will find it.

And of course Adaware and Spybot Search & Destroy

If you need any other help just PM me.

About a year ago, I had a problem with a variant of the VX2 (Sputnik) virus. Norton, McAfee, Seek/destroy, Ad-aware, and every other program I found could ID the virus but could not get rid of it. Even running in safe-mode. McAfee and Norton had removal tools on their website which got rid of a couple files but the VX2 works, they just recopy themselves again anyways. I tried everything I could think of until I read a post on a PC forums site (don't remember which one) which lead me to a series of my own tests to get rid of it. Yes, you can say I now know a lot about this damn virus >.>

If you run a virus or whatever program and they ID the problem but when you rescan it is still there, you have a problem with a virus that rewrites itself. Sometimes they have multiple files that monitor each other and process that monitor those files. Mine was renamed over a legitimate Windows process so Windows would not let me stop the process from running during normal operation.

If you can, run every virus program you have (because sometimes you get different results from different programs) and print or write down the EXACT file names, registry values ... everything.

Restart your PC in safe mode and open the registry editor inside Windows (do not use a 3rd pt editor because some viruses can be hidden on them ... mine was hidden on Lavasofts Regeditor and Windows Notepad .exe registry).

In this order, manually delete all known pieces identified by those programs.

- Check for any NON Windows Processes running (99% of viruses cannot affect Windows during safe mode, unless you haven't downloaded all your updates. There was a problem a while back with this but it was patched during an update )
- Registry Keys / Values / Trees. Completely delete them. Don't just change values ... delete them!
- Restart PC again in safe mode and re-check for those deleted Registry values. If they are gone ... good proceed to next step. If they are back delete them again and do the next step at the same time (w/o restarting).
- Delete all known file infections manually. Sometimes variants are known to overwrite legit MS files such as Notepad.exe or Explorer.exe. If this happens, delete them anyways. Windows will notice the deleted file after you fix everything and ask you to reinstall that file by inserting the install disk usually. Or sometimes you can find Windows files available for download by 3rd pt sites (just be careful for another virus if you do this lol)
- After deleting all known files/values ... run a known good virus program under safe mode, if the program will let you. If not, try to get a start-up virus scanner disk. Restart and run the disk as normal.
- BEFORE restarting after deleting the files, MAKE SURE your internet connection is unplugged (though a file may not be a virus it can tell your PC to download or rebuild the files through unidentifiable pieces scattered about your PC).
- I personally, would rescan the PC in safe mode a 3rd or 4th time :-\ but don't always have to. Just remember when you delete files, restart back into safe mode and RESCAN always before going back into normal mode.
- Restart in normal mode and first thing, check for those bad processes running. They shouldn't be running though. if they are ... try again.
- If no processes are running from the viruses ... rescan again just to be sure.


The hardest thing to do with a well written virus is to keep working at it until it is removed. When I got that virus a year or so ago, it took me almost 8 hours to get rid of it including scan times. Sometimes VX2 isn't considered a virus but instead its classified as Spyware or Malware. Either way ... the writers of the program need to be locked up because it is not used the way they say it is. It was originally written by a company called "Disk11" for tracking purposes but has since been modified by every hacker and spyware maker out there because it is a very good virus >.>


http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075074

--edit--
stay away from the porn, free something, and win an IPod now websites ... that's where this comes from usually. If something says its free, it most likely isn't as free as you think.


http://netsecurity.about.com/od/frequentlyaskedquestions/f/faq_bho.htm