1. What scanner are you using? Has it been updated? I know, irritating questions, but it matters.
2. When you ran the scan, what virus names did it give you as the culprits?
3. Go into Control Panel | Add/Remove Programs and look for anything related to the virii and remove it. (And lots of times they're called "SaveNOW!" and crap, so look for that).
1. It is AVG. It has been updated, I run a full system scan every week.
2. Trojan Horse Downloader Generic2.jvp and Trojan Horse Downloader Generic2.jvq.
Okay. I'd gone into the control panel and deleted one file called ipwins.exe because I *know* it's related somehow... I would see it pop up trying to install on my screen. I also got rid of a few things that looked suspicious.
I've checked online and help desks and it's all foreign to me! And if I don't get that backdoor closed it'll just happen again anyway.
OK. It's probably going to require you to disable System Restore before you can completely remove the virii. When your computer creates a restore point in System Restore, the trojan gets captured, too. So, it lives in there, hiding, and just comes back. So, they usually want you to disable SR, do the removal, and then re-enable SR. It's not very hard to do, but I don't want to steer you into unfamiliar territory.
ipwins.exe IS spyware, good call. Have you checked the AVG website? I've never used it but I've heard it's a great tool. Sometimes you can plug the trojan name in there to get removal instructions.
These are Symantec's instructions for any Trojan removal (a good place to start):
# Disable System Restore (Windows Me/XP). # Update the virus definitions. # Restart the computer in Safe mode # Run a full system scan and delete all the files detected as Downloader # Delete the values that were added to the registry. # Restore the security level of Microsoft Internet Explorer
Thanks for going to all that effort. I read the detailed removal instructions and am not confident enough to try it... I don't even understand half of it!
I've just been running *yet another* virus scan and Ad-Aware scan, and this time the scanner let me put the second trojan in the vault. I'd like to think I'm okay now (once I can find and plug the hole, anyway) except that I'm also now at 35 Running Processes and 1578 Process Modules.
Have I mentioned that I just spent 10 minutes bawling?
Do you know if once viruses are in quarantine, if the computer is then safe from them? I mean, once they're in the vault/in quarantine I don't have to do anything else, do I?
I hate computers. And my chest. And sometimes the need to breathe.
the trojans you have don't seem to be the variety that cause your computer to restart every five minutes (I had that one and oh was THAT fun).
Heh. I had that one too, back on my old computer. I remember trying desperately to use that five minute window to find the cure, and then once I had that, trying to actually do the repair IN the five minute window. Um yeah. I ended up taking it to the shop. (If I knew anything about those safe modes and system restores and all that jazz, I'm sure that wouldn't have been an issue. *sigh*)
Do you have a respiratory infection?
They've been trying to figure out what's wrong for about 2 years. First it was bad, then it got much better, now it is bad again. It's scary and I hate it. But I will have some nice soup in the morning and just pretend that you brought it to me. :)
Thanks for the info on Process Modules. 1500+ just sounds like such a LOT. And I will keep the Troubleshooter in mind.
1. What scanner are you using? Has it been updated? I know, irritating questions, but it matters.
2. When you ran the scan, what virus names did it give you as the culprits?
3. Go into Control Panel | Add/Remove Programs and look for anything related to the virii and remove it. (And lots of times they're called "SaveNOW!" and crap, so look for that).
Reply
2. Trojan Horse Downloader Generic2.jvp and Trojan Horse Downloader Generic2.jvq.
Okay. I'd gone into the control panel and deleted one file called ipwins.exe because I *know* it's related somehow... I would see it pop up trying to install on my screen. I also got rid of a few things that looked suspicious.
I've checked online and help desks and it's all foreign to me! And if I don't get that backdoor closed it'll just happen again anyway.
Yeah. Wanna cry.
Reply
ipwins.exe IS spyware, good call. Have you checked the AVG website? I've never used it but I've heard it's a great tool. Sometimes you can plug the trojan name in there to get removal instructions.
These are Symantec's instructions for any Trojan removal (a good place to start):
# Disable System Restore (Windows Me/XP).
# Update the virus definitions.
# Restart the computer in Safe mode
# Run a full system scan and delete all the files detected as Downloader
# Delete the values that were added to the registry.
# Restore the security level of Microsoft Internet Explorer
This is the full article with ( ... )
Reply
I've just been running *yet another* virus scan and Ad-Aware scan, and this time the scanner let me put the second trojan in the vault. I'd like to think I'm okay now (once I can find and plug the hole, anyway) except that I'm also now at 35 Running Processes and 1578 Process Modules.
Have I mentioned that I just spent 10 minutes bawling?
Do you know if once viruses are in quarantine, if the computer is then safe from them? I mean, once they're in the vault/in quarantine I don't have to do anything else, do I?
I hate computers. And my chest. And sometimes the need to breathe.
(Thanks for putting up with me. You're the best.)
Reply
Reply
Heh. I had that one too, back on my old computer. I remember trying desperately to use that five minute window to find the cure, and then once I had that, trying to actually do the repair IN the five minute window. Um yeah. I ended up taking it to the shop. (If I knew anything about those safe modes and system restores and all that jazz, I'm sure that wouldn't have been an issue. *sigh*)
Do you have a respiratory infection?
They've been trying to figure out what's wrong for about 2 years. First it was bad, then it got much better, now it is bad again. It's scary and I hate it. But I will have some nice soup in the morning and just pretend that you brought it to me. :)
Thanks for the info on Process Modules. 1500+ just sounds like such a LOT. And I will keep the Troubleshooter in mind.
Thanks again for all your help. You're awesome.
Off to bed now.
Reply
Leave a comment