NZFF

100% ad-free
https://nzff.org/

Malware

https://nzff.org/viewtopic.php?f=5&t=4951

Page 1 of 1

PostPosted: Wed Oct 31, 2007 7:41 pm
by Alex
Hey guys,

Recently I've had this problem with a piece of persistant Malware on a computer. Avast picks up the code when one logs on; its in a registry data file (.reg) file. This happens for all users whenever they log on. After doing multiple Avast, Ad-Aware and MS Defender scans, and sorting out things it finds - the Malware is still picked up. The PC is running Win XP Pro, and the stats are in my sig.

Any ideas? smile.gif

Alex

PostPosted: Wed Oct 31, 2007 8:00 pm
by Mattnz
Have you tried using the Windows Malicious Software Removal Tool?

That's got rid of malware problems for me before.

Otherwise, if you know the exact registry file that is infected, you could always go through and delete that through the registry editor (provided it is nothing important, of course).

PostPosted: Thu Nov 01, 2007 9:07 am
by HardCorePawn
What and where is this .reg file... a .reg file is not necessarily part of the registry... you can create one (effectively a text script file) and when you double click them, they ask if you want the info added/removed from the registry depending on what the script says...

If its something like C:\tempdir\random_filename.reg (ie. xyyzsfam.reg) you'll probably be able to just delete it...

Having said that, it sounds like you have some sneaky little piece of malware that is attempting to load a reg file to 'restore' itself on startup just in case the registry entries have been cleared by an anti-spyware program...

There is a facility in windows that allows malware to load itself into memory as a kernal process during the bootup before things like antivirus/anti-spyware load, effectively making it invisible... they then restore themselves at shutdown (again, after everything else has been stopped), so anything removed by running spyware removers etc. is put back.

I spent 3 or 4 hours one afternoon trying to dig it out... finally succeeded by using a dos bootdisk with NTFS drivers and manually deleting files... I suggest using HijackThis! to try and identify exactly what malware you have and then googling for possible solutions.

good luck!

PostPosted: Fri Nov 02, 2007 2:33 pm
by Alex
Thanks for the advice guys - I don't have access to the computer right now, but will get back to you on Monday or Tuesday regarding it. smile.gif

Alex
All times are UTC + 12 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/