PLEASE HELP GET RID OF TROJAN HORSES AND VIRUSES
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off.
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
HI, Can anyone out there help me, I have Viruses or Trojan Horses(whatever you want to call them, I'm sure it's a Trojan) on my computer. I currently use Avast antivirus, Ad-Aware SE, Search and Destroy, Microsoft Antispyware and nothing seems to get them off. I use Windows xp. The names of the Trojans are:
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
C:Winnt\system32\hotkeysvc.exe
Win32:Rbot-SI[Trj]
Win32:Kelvir[wrm]
tmp.exe
updater.exe
setup.exe
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
Jason ;(
Second:
update all your antivirus/antiad/spy/malware programs.
Download program called hijack this.
Scan and save log. Post the log here.
Reboot into Safe mode. Press F8 after BIOS loads and before Windows loads.
Do system scan with all programs you got.
The Avast! have nice feature called boot-time scan.
Use it.
In the Simple User Interface, go to the main menu, "Settings" and select "Schedule Boot-Time Scan". From the Enhanced User Interface, select the Scheduler toolbar and you'll see the icon "Schedule boot-time scan" (the rightmost one).
These for start.
<edit>
1) Boot into Safe Mode.
2) Disable System Restore.
Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore, if you want to re-enable it.
3) Terminate malware processes
Press Ctrl+Shift+Esc at same time to open Task Manager. Goto Processes tab, find the processes you mentioned. Select them one by one and right-click and select End Process from pop-up menu.
4) Remove autostart entries from the registry.
Open Registry Editor.
Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run" In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>RunServices"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following: "HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>
RunServices"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Ole"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Lsa"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
5) Restoring Modified Registry Entries
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>Ole"
In the right panel, locate and modify the following registry entry from:
EnableDCOM = "N" to
EnableDCOM = "Y"
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control>Lsa"
In the right panel, locate and modify the following registry entry from:
Restrictanonymous = "00001" to
Restrictanonymous = "00000"
Close Registry Editor.
6) Rescan system
</edit>
update all your antivirus/antiad/spy/malware programs.
Download program called hijack this.
Scan and save log. Post the log here.
Reboot into Safe mode. Press F8 after BIOS loads and before Windows loads.
Do system scan with all programs you got.
The Avast! have nice feature called boot-time scan.
Use it.
In the Simple User Interface, go to the main menu, "Settings" and select "Schedule Boot-Time Scan". From the Enhanced User Interface, select the Scheduler toolbar and you'll see the icon "Schedule boot-time scan" (the rightmost one).
These for start.
<edit>
1) Boot into Safe Mode.
2) Disable System Restore.
Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore, if you want to re-enable it.
3) Terminate malware processes
Press Ctrl+Shift+Esc at same time to open Task Manager. Goto Processes tab, find the processes you mentioned. Select them one by one and right-click and select End Process from pop-up menu.
4) Remove autostart entries from the registry.
Open Registry Editor.
Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run" In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>RunServices"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following: "HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>
RunServices"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Ole"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
In the left panel, double-click the following:
"HKEY_CURRENT_USER>Software>Microsoft>Lsa"
In the right panel, locate and delete the entry:
CPQHotKeys = "hotkeysvc.exe"
5) Restoring Modified Registry Entries
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>Ole"
In the right panel, locate and modify the following registry entry from:
EnableDCOM = "N" to
EnableDCOM = "Y"
In the left panel, double-click the following:
"HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control>Lsa"
In the right panel, locate and modify the following registry entry from:
Restrictanonymous = "00001" to
Restrictanonymous = "00000"
Close Registry Editor.
6) Rescan system
</edit>
AND:
Open System Configuration Editor.
To do this, click Start>Run, type SYSEDIT, then press Enter.
Select the SYSTEM.INI window.
Under the [boot] section, locate the line that begins with:
"Shell = explorer.exe load.exe –dontrunold"
Modify that line so that it will read:
"Shell = explorer.exe"
Select the WIN.INI window.
Under the [windows] section, locate the line that begins with:
"run =".
Modify the line to:
"run ="
Close System Configuration Editor and click Yes when prompted to save.
Click Start>Run, type WININIT.INI then hit the Enter key.
Look for and then delete the lines that contain the following text string:
mepXXXXX.tmp.exe
Save and close WININIT.INI file.
Open System Configuration Editor.
To do this, click Start>Run, type SYSEDIT, then press Enter.
Select the SYSTEM.INI window.
Under the [boot] section, locate the line that begins with:
"Shell = explorer.exe load.exe –dontrunold"
Modify that line so that it will read:
"Shell = explorer.exe"
Select the WIN.INI window.
Under the [windows] section, locate the line that begins with:
"run =".
Modify the line to:
"run ="
Close System Configuration Editor and click Yes when prompted to save.
Click Start>Run, type WININIT.INI then hit the Enter key.
Look for and then delete the lines that contain the following text string:
mepXXXXX.tmp.exe
Save and close WININIT.INI file.
