Print view
Board index New Zealand FlightsimTechnical Issues

Malware

The place to ask for help or solve each others technical issues and discuss hardware
Post a reply

Postby Alex » Wed Oct 31, 2007 7:41 pm

Hey guys,

Recently I've had this problem with a piece of persistant Malware on a computer. Avast picks up the code when one logs on; its in a registry data file (.reg) file. This happens for all users whenever they log on. After doing multiple Avast, Ad-Aware and MS Defender scans, and sorting out things it finds - the Malware is still picked up. The PC is running Win XP Pro, and the stats are in my sig.

Any ideas? smile.gif

Alex
Alex
NZFF Pro
 
Topic author
Joined: Fri Jul 14, 2006 3:39 pm
Posts: 3620
Top

Postby Mattnz » Wed Oct 31, 2007 8:00 pm

Have you tried using the Windows Malicious Software Removal Tool?

That's got rid of malware problems for me before.

Otherwise, if you know the exact registry file that is infected, you could always go through and delete that through the registry editor (provided it is nothing important, of course).
Image
Mattnz
Sim-holic
 
Joined: Sun Feb 25, 2007 6:13 pm
Posts: 810
Location: Dunedin
Top

Postby HardCorePawn » Thu Nov 01, 2007 9:07 am

What and where is this .reg file... a .reg file is not necessarily part of the registry... you can create one (effectively a text script file) and when you double click them, they ask if you want the info added/removed from the registry depending on what the script says...

If its something like C:\tempdir\random_filename.reg (ie. xyyzsfam.reg) you'll probably be able to just delete it...

Having said that, it sounds like you have some sneaky little piece of malware that is attempting to load a reg file to 'restore' itself on startup just in case the registry entries have been cleared by an anti-spyware program...

There is a facility in windows that allows malware to load itself into memory as a kernal process during the bootup before things like antivirus/anti-spyware load, effectively making it invisible... they then restore themselves at shutdown (again, after everything else has been stopped), so anything removed by running spyware removers etc. is put back.

I spent 3 or 4 hours one afternoon trying to dig it out... finally succeeded by using a dos bootdisk with NTFS drivers and manually deleting files... I suggest using HijackThis! to try and identify exactly what malware you have and then googling for possible solutions.

good luck!
"Son, we are about the break the surly bonds of gravity, and punch the face of God." -- Homer Simpson

Image
User avatar
HardCorePawn
Senior Member
 
Joined: Fri Sep 01, 2006 4:18 pm
Posts: 1277
Location: 2500' above Godzone
Top

Postby Alex » Fri Nov 02, 2007 2:33 pm

Thanks for the advice guys - I don't have access to the computer right now, but will get back to you on Monday or Tuesday regarding it. smile.gif

Alex
Alex
NZFF Pro
 
Topic author
Joined: Fri Jul 14, 2006 3:39 pm
Posts: 3620
Top
Post a reply

Return to Technical Issues

Who is online

Users browsing this forum: No registered users and 8 guests

The teamDelete all board cookiesAll times are UTC + 12 hours
Board index