LF Virus Removal Help

[Samadhi]

Got hit last night by what my anti-virus said was this: http://threatinfo.trendmicro.com/vin...TIX.BF&VSect=P.

Anti-virus program stated that the quarantine and the file deletion was a success. It obviously wasn't by the onscreen pop-ups I was and am still getting. Following the regedit instructions on the attached link was similarly unsuccessful in removing this; as has anything "on my own" I have tried. Hoping for some suggestions by all you knowledgeable folks

[Missing_Minds]

sounds more like you are getting hit from your system restore files.

I got hit once a year back, and it took 3 sweeps, 2 deep cleans, and several hand edits/deletions to get rid of the suckers. It was not just a one time though and you are done.

obviously, while you are working on the issue, you do NOT have your computer on any network at all.
Kill any and all processes running that are not essentual to your computer's opertaional state. (aka adobe reader? Kill the process)
services. manually turn off any and all services not needed.

start doing your deep scans and cleaning of registry.
Be certain to clean out your system restore files as well.

empty prefetch.

reboot, repeat until all signs of this sucker are gone.

optional: curse Ron and your reliance upon his nifty program.

[Samadhi]

If only I understood half of what that all meant

On the plus side, I found the "process" under task manager that is causing the issues and was able to kill the process temporarily. So now I just got to figure out how to stop the process from starting at all, at all...

[Missing_Minds]

If only I understood half of what that all meant

On the plus side, I found the "process" under task manager that is causing the issues and was able to kill the process temporarily. So now I just got to figure out how to stop the process from starting at all, at all...

oh boy... emm...

Kill the processes as you have, then try to repeat the steps you found instructions for.

The problem is that the trojan is a key logger. You know all those passwords you type in, credit card numbers, etc. Yeah, all of those are being sent back to home base for theift. That is why I said to unplug that computer from any network.

Next... see if you can't find a techy friend that is willing to take care of it for you then. Normally your friends can be bought by whiskey or beer.

[Harncw]

Usually I correct this problem by doing something along the lines of:

1. Reboot in safe mode with networking, so that none of the nasty processes get started...
2. Install AVG, update and scan entire computer
3. Install Malwarebytes' Anti-Malware update, and scan entire computer

Sometimes you need to use multiple tools to get rid of all the garbage, for example some of the pop-ups may not be viruses, hence the need for Anti-Malware.

"Hijack This" is also a good tool, but you can shoot your foot off with it.

HTH

[Samadhi]

A guildie pointed me to this:
http://technet.microsoft.com/en-us/s.../bb896653.aspx

And after having found the files location, killed it in process, then went there and deleted it - I just had my first full system restart without it coming back - so I *think* I'm in the clear. Yay for poor virus writing.

Thanks for the ideas all!!

[Oreg]

Agree with harncw

I recently had a nasty one and used Malware for the first time. It worked like a charm and its free. Normally I run with just Avast and it keeps my pc pretty clean but everyone once in awhile something sneaks by it. Usually when my wife is out of town

[Psyk0sisS]

Usually if I get something like that, FIRST THING I DO is reboot and mash the F8 button until you get the option to go into Safe Mode..and further down should be a choice like "Reboot using last known good..."

I've had atleast 2 times when I did that first and that took care of the problem.

Agree with harncw

I recently had a nasty one and used Malware for the first time. It worked like a charm and its free. Normally I run with just Avast and it keeps my pc pretty clean but everyone once in awhile something sneaks by it. Usually when my wife is out of town

LOL

[Yurtrus]

Download autorun
Download hijackthis

run hijackthis and create a text file.. copy the contents of that to

http://www.hijackthis.de/en

once you have that check off the offending items and fix

then use autoruns to see what is in the login tab. start this as admin if on vista or 7. Remove and delete anything from the LOGIN tab that is suspicious or runonce. etc..

BE careful you might FU your machine.. Make sure you know what you are deleting!

[Ron]

optional: curse Ron and your reliance upon his nifty program.

Don't blame me! That's not the virus that was on my site. Plus, my site was cleaned by the 24th. So you'll have to hunt elsewhere for your witch