1. What scanner are you using? Has it been updated? I know, irritating questions, but it matters.
2. When you ran the scan, what virus names did it give you as the culprits?
3. Go into Control Panel | Add/Remove Programs and look for anything related to the virii and remove it. (And lots of times they're called "SaveNOW!" and crap, so look for that).
1. It is AVG. It has been updated, I run a full system scan every week.
2. Trojan Horse Downloader Generic2.jvp and Trojan Horse Downloader Generic2.jvq.
Okay. I'd gone into the control panel and deleted one file called ipwins.exe because I *know* it's related somehow... I would see it pop up trying to install on my screen. I also got rid of a few things that looked suspicious.
I've checked online and help desks and it's all foreign to me! And if I don't get that backdoor closed it'll just happen again anyway.
OK. It's probably going to require you to disable System Restore before you can completely remove the virii. When your computer creates a restore point in System Restore, the trojan gets captured, too. So, it lives in there, hiding, and just comes back. So, they usually want you to disable SR, do the removal, and then re-enable SR. It's not very hard to do, but I don't want to steer you into unfamiliar territory.
ipwins.exe IS spyware, good call. Have you checked the AVG website? I've never used it but I've heard it's a great tool. Sometimes you can plug the trojan name in there to get removal instructions.
These are Symantec's instructions for any Trojan removal (a good place to start):
# Disable System Restore (Windows Me/XP). # Update the virus definitions. # Restart the computer in Safe mode # Run a full system scan and delete all the files detected as Downloader # Delete the values that were added to the registry. # Restore the security level of Microsoft Internet Explorer
Thanks for going to all that effort. I read the detailed removal instructions and am not confident enough to try it... I don't even understand half of it!
I've just been running *yet another* virus scan and Ad-Aware scan, and this time the scanner let me put the second trojan in the vault. I'd like to think I'm okay now (once I can find and plug the hole, anyway) except that I'm also now at 35 Running Processes and 1578 Process Modules.
Have I mentioned that I just spent 10 minutes bawling?
Do you know if once viruses are in quarantine, if the computer is then safe from them? I mean, once they're in the vault/in quarantine I don't have to do anything else, do I?
I hate computers. And my chest. And sometimes the need to breathe.
I can't help you with the virus, but what browser do you use? If you use IE, STOP. Use another browser. Firefox or something. It will stop the pop ups almost completely, and the ones that do get through, pop up behind the main window. Sorry about the trojan. Did you empty you trash can? You might have to delete from the registry. Spybot usually shows the registry path. m :(
But these pop-ups are not from websites. It's not like when you go to a website and it gives you a pop-up. They're like, backdoor things. I cannot explain. I'm sorry.
The pop-ups aren't coming from a website. I mean, they don't happen when I click on a website. They're getting in through a backdoor somehow, last year or 2 years ago I had the same problem (with the pop-ups, not trojan horses) and someone here helped me to fix it, but that was before tagging and I have no idea where that post is.
Still not feeling particularly well; I think I need those hugs. And thank you for all the advice. I'm on Firefox now. And I'll look into Spy Sweeper. :)
Comments 17
1. What scanner are you using? Has it been updated? I know, irritating questions, but it matters.
2. When you ran the scan, what virus names did it give you as the culprits?
3. Go into Control Panel | Add/Remove Programs and look for anything related to the virii and remove it. (And lots of times they're called "SaveNOW!" and crap, so look for that).
Reply
2. Trojan Horse Downloader Generic2.jvp and Trojan Horse Downloader Generic2.jvq.
Okay. I'd gone into the control panel and deleted one file called ipwins.exe because I *know* it's related somehow... I would see it pop up trying to install on my screen. I also got rid of a few things that looked suspicious.
I've checked online and help desks and it's all foreign to me! And if I don't get that backdoor closed it'll just happen again anyway.
Yeah. Wanna cry.
Reply
ipwins.exe IS spyware, good call. Have you checked the AVG website? I've never used it but I've heard it's a great tool. Sometimes you can plug the trojan name in there to get removal instructions.
These are Symantec's instructions for any Trojan removal (a good place to start):
# Disable System Restore (Windows Me/XP).
# Update the virus definitions.
# Restart the computer in Safe mode
# Run a full system scan and delete all the files detected as Downloader
# Delete the values that were added to the registry.
# Restore the security level of Microsoft Internet Explorer
This is the full article with ( ... )
Reply
I've just been running *yet another* virus scan and Ad-Aware scan, and this time the scanner let me put the second trojan in the vault. I'd like to think I'm okay now (once I can find and plug the hole, anyway) except that I'm also now at 35 Running Processes and 1578 Process Modules.
Have I mentioned that I just spent 10 minutes bawling?
Do you know if once viruses are in quarantine, if the computer is then safe from them? I mean, once they're in the vault/in quarantine I don't have to do anything else, do I?
I hate computers. And my chest. And sometimes the need to breathe.
(Thanks for putting up with me. You're the best.)
Reply
Reply
Good idea, mdlaw. :) Firefox has a lot of plugins just for stopping adware and popups and it's almost effortless to use.
Reply
Reply
Gonna cry now.
Reply
Ditto on the Firefox.
Reply
*goes back to drawing board*
And I'll get firefox. I am convinced.
Reply
(The comment has been removed)
Reply
And are you sick again? Hope you feel better, and can get your computer issues straightened out as well.
Reply
Reply
Leave a comment