Spybot Search & Destroy removes viruses etc. but always comes back.

Go
Here and Get Trojan-Hunter Fully working trial! and run a full scan
,,,,,,,,,,,,,,,,,,,,,
To remove trojans there is a tool which needs to be downloaded and run.

1. Please download Stinger and save it to your desktop

2. Double-click on the stinger.exe file and open the tool

3. Choose your entire hard drive to scan.

4. Choose Scan Now

5. Stinger will fix anything that it finds

6. Click the File menu and select Save report to file

7. Post the log file results here in this thread.

STINGER

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Reboot to SAFE mode to delete files
How to start computer in safe mode

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan Please do an online scan, 2 would be better,

Micro World http://www.mwti.net/antivirus/free_utilities.asp
Trend Micro http://housecall.trendmicro.com/housecall/start_corp.asp

Make sure that you choose "fix" or "clean".

.
,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from :-
HERE
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
If needed !!!!!!
Reboot and post a new HiJackThis log. You need an updated version of Hijackthis which you can get from HERE

Then post a HJT log as a reply to this topic.

caperjack,

Thank you for your quick response. Know that you've helped me a lot.

OK ,don't forget ,get hijackthis,scan and save a log and post it in the security part of this fourm and we'll have look at the log .

One of the main causes of Virus's and Malware coming back after removal is because they hide in the _Restore files (System Restore) and you don't need to restore your system for them to come back.

My advice for removing anything is to turn off System Restore first.

Windows XP

Press Start > Right Click My Computer and select Properties. Select the Restore Tab. Remove the ticks in the drives listed for restore and click Apply then OK.

Reboot and then run a Virus scan and clean the PC. Reboot and scan again, if its clean, Press Start > Right Click My Computer and select Properties. Select the Restore Tab and replace the ticks next to the drives and click Apply and OK.

Windows Vista

Press the Start Orb > Right Click Computer and select Properties. Select System Protection. Remove the ticks in the drives listed for restore and click Apply then OK.

Reboot and then run a Virus scan and clean the PC. Reboot and scan again, if its clean, Press the Start Orb > Right Click Computer and select Properties. Select System Protection. Replace the ticks in the drives listed for restore and click Apply then OK.

The virus or malware should be gone.

My advice for removing anything is to turn off System Restore first.

That used to be the prominent opinion three or four years ago. I admit I used to advise the same.... But now, with the influx of much more complex and difficult malware, the concensus in the anti-malware community is that "An infected System Restore Point is better than none at all!"

Of course, you are correct that System Restore needs to be flushed after a malware infestation. But, it should be done AFTER the machine has been cleaned.

Have a look ---> http://msmvps.com/blogs/spywaresucks/archive/2005/09/17/66724.aspx

Cheers :)
PP

I still disagree, that article was written way back in 2005.

Microsoft, 2007: [ http://support.microsoft.com/kb/263455 ] F-Protect 2007: Turn Off System Restore.

Windows Protection, will replace a file as soon as its deleted, some of these come from protected storage, others from the _restore files. So if you clean your PC whilst infected, as soon as an infected system file is deleted, its restored, in its infected glory. You will never get rid of it otherwise, but I must state, not all infections get caught in the restore files.

No matter what Anti-Virus program you use, it will not clean anything from the System Restore folder.

Advice from Eset, ZoneLabs, Symantic, MaCafee F-Secure, Computer Associates, Trend and more Still advise (with articles dated 2007/8) to turn off system restore before you clean your system.

The point here though, is that Susan has a recurring infection, that is most likely from the _restore folder. We know that when she cleans her system that it is fine, so we know by turning off System Restore will do no damage. And, as soon as its switched back on again, another (clean) restore point will be created.

Any virus/malware should be cleaned immediately to prevent further infection and spread. The article you posted above is also wrong, you can restore your PC if there is no restore point by doing a repair install.

As long as System Restore (Windows ME and above) has been incorporated into an Operating System, I have never had a PC break because it was cleaned with restore off, and believe me, in my work ive seen some really nasty infections that took days to clean.

The main thing here is to rid Susan's PC of an infection.

I still disagree, that article was written way back in 2005.

Microsoft, 2007: [ http://support.microsoft.com/kb/263455 ] F-Protect 2007: Turn Off System Restore.

You say this and then link to an article written for Windows ME....

I won't argue with you - on an open board such as this one, everybody is entitled to their opinion and I'll respect yours.

So if you clean your PC whilst infected, as soon as an infected system file is deleted, its restored, in its infected glory.

Only if you restore it. I DO advocate flushing the restore points after cleaning.

No matter what Anti-Virus program you use, it will not clean anything from the System Restore folder.

This is true, but if you look in the majority of Security Forums, you'll not see these tools in use. Rather, you'll see tools such as ComboFix and SDFix (which are more up-to-date and effective). And, most of these tools attempt to set a Restore Point BEFORE they clean to help avoid disaster...

The main thing here is to rid Susan's PC of an infection.

Susan's problem occurred 3 years ago ;)

Best :)
PP