Can anyone help trying to remove adaware/virus please.

Z

Zorge

n00b
Joined
Nov 25, 2005
Messages
38
Ok, only details I know is that its possibly TrojanDownloader.Win32.Swizzor

and the following directory
C:\Documents and Settings\<user>\Local Settings\Temp

constantly gets filled up with sta*.exe
where * is any sort of hexidecimal looking number. eg sta3C.exe or sta38F.exe

and leaving the computer for awhile seems to end up with like, 30 of these in there, all filesize 199 KB (204,622 bytes) I believe.

Dont see any wierd programs running in processess...

This PC picks up the sta*.exe's as a virus (it has avg installed), and other programs detect it as adaware (such as spybot or lavasoft ad-aware).

And having a look at online instructions for removal asks me to remove a bunch of stuff i dont see, (eg kill certain processes and they aint there)
 
None of the registry keys are there, I searched for a random 4 or 5 of the other exes and none of them there except sta*.exe, no processes, no folders.

This PC just keeps getting sta*.exe files, which I assume would cause all the other crap to hit the fan if I ran any of them, (which I know would be the dumbest thing to do) so now its trying to pinpoint the source of all these exes constantly cropping up and stopping it. But what on earth is doing it Oo

I wish windows had a "file originated from" feature. (From what file/program/process and url would be nice)
 
Try booting into safe mode and look around........A lot of times this is the only way to remove this crap, as it wont load in safe mode...or at least it might not..:)
 
Turn off System Restore before you start cleaning anything. Clean it all you want, but the real trojan hiding in the last restore point will keep putting stuff back.
 
Zamboni said:
Turn off System Restore before you start cleaning anything. Clean it all you want, but the real trojan hiding in the last restore point will keep putting stuff back.
Click to expand...

Do that, also run ad-aware, spybot in safemode with updated def files
Should clean it out
 
Adding to Spybot and Adaware (which are "OK" at removal)...download and run the trial of Ewido...it's like a 2 week trial or something. REALLY strong at detection/removal.

After killing system restore, but before scanning with any tools, download and run CCleaner. It does a great job at removing temp and temp internet files. Might as well delete all of those..save yourself some substantial scanning time, plus..hey..get rid of them.

Look for oddly named files in the roof of your C drive.

Also do an online scan at Kapersky, and TrendMicro. Not knowing what your current AV is....always good to get second and third opinions anyways.
 
Right, first I'll try avoid downloading more programs, so I'll disable system restore, go into safemode, clear out the temporary folders and delete the new batch of sta*.exe's thats shown up, and run spybot/ad-aware and see if they still keep appearing first.
 
Oh, what on earth is this?
maybthis.jpg


*doesn't enjoy cleaning up other peoples computers very much*

At the moment I'm assuming this is something worth removing... I dont know where/what it could've come from.
 
I think its stopped since i got rid of the "...user\application data\no eggs poke" folder as well as a ".docume~1\All Users\Application Data\4wipewaitstart" folder wich also contained a bunch of exe files that meant nothing to me. I have left PC running for a couple of days and havn't seen the return of these sta*.exe and *.exe files in temp folder.

Not only was I getting sta*.exe at 199kb, I was also getting a ton of exe files in temporary folder, they where smaller, more frequent and names where more like 6 random letters/numbers. I didn't keep any of them so I cant give any examples.

Yay, now I believe I'm not getting quite so much wasted bandwidth.

Thanks for input
 
I would go into safe mode under admin account and check all those folders to make sure their clean, temps folders, temp internet, cookies, another great place to look is goto internet options under Temp files, click on settings than view objects to make sure they are no nasty's in there.
 
You must log in or register to reply here.
Back
Top