Trying to get this shit off my mom's XP system. But just when I think I have it cleaned up, it reinstalls itself. I've tried four different remedies I found on google. But none of them work. I've tried using Malwarebytes, AVG, Kapersky, and others.

Anyone have any ideas?

what is the virus?

total security?
antivirus 360?

Sometimes you have to go in there and do it manually, anti-virus programs can't get them all.

Sometimes you have to go in there and do it manually, anti-virus programs can't get them all.

I did try to do this with my limited knowledge of Windows. I got a mac so all this seems a bit tedious and futile to me. There were four or five different remedies I found on google about ending processes, deleting program files, temp files, and registries. I am pretty sure I followed all of them step by step but no luck.

I then began to monitor the task manager to see which processes are causing the virus to function. As I ended a process, I noticed certain part of the virus would end. I wrote those file names down and deleted them. I would then scan with malware and avg to quarantine the rest of the files I couldn't locate.

I was able to isolate the virus to one infected registry related to the windows logon but malware couldn't remove it. The trojan would just reinstall itself.

I don't know if I am even going about this correctly. I was just hoping someone with more experience could point me in the right direction.

The trojan is called advanced virus removal.

I'm far from an expert but it certainly sounds like you are on the right track. The idea is that you can either have it removed automatically via software, or for the more stubborn ones you have to remove them manually, which is what it sounds like you are trying to do.

In the past when I've had a really bad bug I was able to remove it by using HijackThis and posting the log on a forum. I don't know if this is the exact forum I used but it's the same general idea:

http://www.bleepingcomputer.com/forums/forum22.html

So get hijack this, post the log on that forum, and someone will come around and tell you what to do.

You might want to search around for similar forums just in case that one isn't busy enough to answer your question quickly.

Search Terms: HijackThis Log Forum

superantispyware.com is good.

superantispyware.com is good.

Tried it. One of the remedies I found suggested using a combination of smitfraud, superantispyware, and malware. Virus deactivated smitfraud in the middle of it's scan. And Superantispyware couldn't complete the removal and quarantine. The program just freezes up right at the end of the cleaning process.

I think I'm gonna just reformat and reinstall windows. Not sure if I can even locate a copy of XP.

I think I'm gonna just reformat and reinstall windows. Not sure if I can even locate a copy of XP.

I think you should fix it, that way when it happens again you'll be able to take care of it a lot faster, especially since you don't already have XP handy or a backup.

Have you tried a-squared? It's real good.

http://www.emsisoft.com/en/software/free/

boot the computer up in safe mode by hitting f8
go to the control panel
go to folder options
check show hidden files
if you go to documents and settings
go to all users
go to Application Data
the folder in their that says 1247 I bet contains the virus
if the virus is not their then check programs files

I bet it is alot like total security, personal virus, antivirus 360. antivirus 2007



I would have replied sooner expect I went on 6 house calls yesterday ...

http://removal-tool.com/advanced-virus-remover/

Have not tried that
but their are manual instructions to get rid of the virus there

Spybot SD has a permanent delete feature. Also, if you take your hard drive and connect it to a Mac or Linux box, you can manually delete the file. Or, you can get an UBUNTU boot CD and boot from Linux without installing anything and delete the file...

Have you tried a-squared? It's real good.

http://www.emsisoft.com/en/software/free/

Thanks. A-squared with ccleaner and malware seems to have done the job. No more pop ups or virus alerts.

But malware still detects an infection in one of the registry files. I guess it will take some testing to see if the virus is cured or just dormant.

ran them in safemode
go to run type msconfig and startup
just start up your virus prgram when you start windows

Have you tried a-squared? It's real good.

http://www.emsisoft.com/en/software/free/

this shit is good