cant get rid of virus

[Greg Pookanus]

someone sent me a picture url on AOl, it turned out to be a virus disguised as a img.file.
when it opened it disconectd me from aol, so i thought shit and restarted the pc.

on restart a message pops up asking me to make surfYa.com my default dial up connection, and Yes/no box.

when i click no. and try to open IE surfya.com is my default homepage. and it appears as a shorrtcut on my desktop.

every 3 minutes a pop up comes on my screen which is blank but links to a webpage.

ive ran norton anti virus, spywayre search and destroy, and ad aware.
they have found things but removed them, so i did it again removed it again but still getting the same problem. i uninstall surfYa but when i restart my pc it comes back again. Please help.

Thanks.

 

[fibroptikl]

Try running the stuff in Safe Mode.

 

[Lethal]

A quick google search on surfya.com virus leads to a bunch of forum threads about this nasty little sucker.

 

[Greg Pookanus]

woah this looks complicated just to remove 1 virus? theres no easier way?

 

[Rich Tate]

Sadly nowadays, the word easy belongs nowhere near a spyware discussion

Agreed with above follow the instructions, itll get you clean...maybe

 

[Rembrandt]

I agree with fibroptikl. Run it in Safe Mode. A lot of virus’s and Worms work with and in vital Windows files. Windows will not allow any running part it’s self to be deleted if that program is running. By running the computer in Safe Mode you eliminate all but the most vital Window files and then you have a possibility to get rid of the virus. This is an extremely very nasty bug that is not easy to get rid of. At the end, a lot of times you may have to reinstall Windows if it will not unattach itself to it. You will also need to do a complete reformat of the drive when reinstalling.

If you want to try to get rid of it yourself go to:
http://tankweb.net/Forums/viewtopic/t=641.html

 

[Rich Tate]

Sadly, looking at the link above that may not work. It looks like it has processes that will load in safe mode as well. Thats why you need to use Killbox. I do spyware/virus removal pretty much all day, alot of them just won't go away with a safe mode scan anymore

 

[rapid]

not sure if this will help your situation, but a poster in this thread seems to have had the same problem - and one of the regulars offered some removal help near the bottom which looks to have worked for them

For the cause of the problem, do you know if it was a jpeg image they sent to you across the msg program? If so then it will exploited the gdi fault
now I could be wrong about this, but Ive read that the gdi exploit was patched by microsoft for windows only. If another program installs a different graphics library then the file could potentially be at fault and windows update will do nothing about it, leaving your system at risk. Ive learnt the hard way on this myself
refer to here for about as much info as you'll need on this particular subject