PDA

View Full Version : Virus help please.



Shorty
10-02-2005, 07:09 PM
Stwoyle.Trojan.
Yep, I got it, and it sucks.
Heres the problem.
I have Nortons, updated all the time, and it keeps popping up the message window that lets me know I have a virus. It shows the location of the .dll but when I go to that directory there is no such file. Everytime Nortons box pops up the .dll name is changed, so I dont know if the virus is creating a new one each time or continually changing the name of the same file.
I went to Symantec and began the removal instructions.
1. was to turn off system-restore.
2. was to update and scan whole computer. Delete any found virus/trojan files.
This is where it wall went wrong. Nortons never found any viruses or trojan files. I updated again, even with intelligent updater, scanned again and no viruses.
The instructions go on to say if Nortons cant delete the detected file then to into Safe-mode and continue with intructions.
But Nortons isnt finding shit!
If anyone can help me with this Id greatly appreciate it.
(PS. Not a good time to tell me Nortons sucks :angry: )

L_T_S
10-02-2005, 07:38 PM
Here there are cleaning instructions

http://securityresponse.symantec.com/avcenter/venc/data/trojan.stwoyle.html

Shorty
10-02-2005, 07:54 PM
hehe LTS, thanx, but didnt you read my post? I went to Symantec and began the removal. The problem came up when Nortons didnt detect the virus. The keys in the registry that Im supposed to remove arent even there...so how can I remove them?
I will do more digging around, thanx :)

Mellisa
10-02-2005, 08:47 PM
We have Norton, Shorty. Any idea how you got the virus? I'd like to avoid it if I can.....

Wide
10-02-2005, 09:00 PM
You can get rid of it with McAvee or Ewido security suite, drop down to safe mode & run it



Also did you go into the registry & delete it also manually?


To delete the value from the registry
1. Click Start > Run.
2. Type regedit
3. Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

4. Delete the following subkeys:

HKEY_CLASSES_ROOT\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2
HKEY_CURRENT_USER\Software\Microsoft\style2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}

5. Exit the Registry Editor.

arthureld
10-02-2005, 09:09 PM
I had a similar problem Shorty. I ended up backing up my data and reformating. I had been on all of the help boards and they finally recommended I reformat. It only takes so much time to backup and reformat and I had twice that into trying to get rid of the virus.
I'm stubborn as hell, but time is money and I finally gave up.

coolhawg6622
10-02-2005, 09:23 PM
I had a similar problem Shorty. I ended up backing up my data and reformating. I had been on all of the help boards and they finally recommended I reformat. It only takes so much time to backup and reformat and I had twice that into trying to get rid of the virus.
I'm stubborn as hell, but time is money and I finally gave up.


Me to, just reformated at the tune of $90 american caged , Like to catch the dinks that dream this shit up. dafinger

Wide
10-02-2005, 09:29 PM
If Y'All dont have any Window speficic programs you need to run.

Try url=speficic]Ubuntu Linux[/url], that what my O/L & me run & it's free.

Linux does not get viruses ;)


Just have to plug this stuff ;)

arthureld
10-02-2005, 09:30 PM
You can get rid of it with McAvee or Ewido security suite, drop down to safe mode & run it



Also did you go into the registry & delete it also manually?


To delete the value from the registry
1. Click Start > Run.
2. Type regedit
3. Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

4. Delete the following subkeys:

HKEY_CLASSES_ROOT\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2
HKEY_CURRENT_USER\Software\Microsoft\style2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}

5. Exit the Registry Editor.

Not being able to edit the registry was a big part of my problem. The virus I had was smart as hell. It seemed to be alive. It wouldn't allow me to go to antivirus websites either. It seemed to learn what I was trying to do and block me from doing it.
Almost like someone was watching what I was doing. Too creepy had to kill it.

arthureld
10-02-2005, 09:33 PM
If Y'All dont have any Window speficic programs you need to run.

Try url=speficic]Ubuntu Linux[/url], that what my O/L & me run & it's free.

Linux does not get viruses ;)


Just have to plug this stuff ;)

Not running any Windows specific programs would be like stepping back in time about 20 years. :lol:

Sorry Wide, couldn't resist.

Sandman
10-02-2005, 10:27 PM
norton's is notorious for not detecting trogans. its about as useful as puttin diesel in the scoot (ask fatboy bout that 1) ^_^

u gonna have to wack all the system restore points also. cause sr is a ''backup tool'' and the trojan will still be there.

is this comp a 'store bought' or a home built. if it's store bought, their restore disk should have all the drivers for all devices that originally came with it. if not, u'll need ur mobo driver cd, windows install cd, and any and all drivers for sound/video, ect. a reformat can be a reaaaaaaaaaaaaaaal bitch. but at least the trojan wont survive it.
dr evil

Wide
10-02-2005, 11:29 PM
Not running any Windows specific programs would be like stepping back in time about 20 years. :lol:

Sorry Wide, couldn't resist.


I'm working on a linux package that runs CATIA, Flash CADD & other window apps nativly through vmware.


I may have a really swwet thing here boobs

Shorty
10-02-2005, 11:33 PM
We have Norton, Shorty. Any idea how you got the virus? I'd like to avoid it if I can.....

Umm yeah, I got an idea hehe. Dont worry Mel, I doubt youll see this one on your machine. As for how Nortons is ignoring it I dont have a clue.

Shorty
10-02-2005, 11:35 PM
You can get rid of it with McAvee or Ewido security suite, drop down to safe mode & run it.
Also did you go into the registry & delete it also manually?
Yeah, I went into registry and those keys arent there.
I will take it into safe-mode tonight and see what becomes of it.

Arthur, thanx for the advice. Im hesitant to reformat because I dont have all the orginal install files for my software. And Id be lost without my software. If it comes down to it thought thats just what I might have to do.

Shorty
10-02-2005, 11:36 PM
Me to, just reformated at the tune of $90 american caged , Like to catch the dinks that dream this shit up. dafinger

$90 for what? Did you pay someone else to do it?

Shorty
10-02-2005, 11:41 PM
norton's is notorious for not detecting trogans. its about as useful as puttin diesel in the scoot (ask fatboy bout that 1) ^_^

u gonna have to wack all the system restore points also. cause sr is a ''backup tool'' and the trojan will still be there.

is this comp a 'store bought' or a home built. if it's store bought, their restore disk should have all the drivers for all devices that originally came with it. if not, u'll need ur mobo driver cd, windows install cd, and any and all drivers for sound/video, ect. a reformat can be a reaaaaaaaaaaaaaaal bitch. but at least the trojan wont survive it.
dr evil

Thanx Sandman. Ive got my system restore off till I get this fixed. I understand about accidently restoring a virus/trojan.
My computer is 'store' bought so to speak. Its a Sager and Ive had it for about 6 years now. Im not worried about reinstalling the OS n shit, just not willing to lose all my software. Not yet anyways.
Im currently on my husbands desktop so I will do the safe-mode removal instructions tonight when Im on my laptop, and we'll see what becomes of me hehe.
Thanx everyone, Ill let yall know how it turns out.

Wide
10-02-2005, 11:43 PM
Shorty, If your going to wipe it clean I highly reccomend writing over the HD completly, not just the "windows" format.


Go to your HD man website & get their utility program to make sure you get everything, if you dont there can still be virus rements on the boot sectors.

Also take a look at the free virus & firewall programs I listed, they out preform just about any paid ones out there

L_T_S
10-02-2005, 11:52 PM
Not running any Windows specific programs would be like stepping back in time about 20 years. :lol:

Sorry Wide, couldn't resist.


I'm working on a linux package that runs CATIA, Flash CADD & other window apps nativly through vmware.


I may have a really swwet thing here boobs

I was just thinking about trying VMWare on a linux machine. Have run it on a windows machine and it works pretty good. Lots of RAM helps.

Sorry Shorty not trying to steal your post.
What I have been reading running that fix I sent you in Safe Mode is the key.

arthureld
10-03-2005, 12:00 AM
Not running any Windows specific programs would be like stepping back in time about 20 years. :lol:

Sorry Wide, couldn't resist.


I'm working on a linux package that runs CATIA, Flash CADD & other window apps nativly through vmware.


I may have a really swwet thing here boobs

CATIA was origanally writtin for Unix in the 70s. And CATIA V5 will run on Unix but IBM announced last month that it will no longer support CATIA on the Unix platform.

Tony
10-03-2005, 01:33 AM
We have Norton, Shorty. Any idea how you got the virus? I'd like to avoid it if I can.....

Umm yeah, I got an idea hehe...

LOL, Stay off the porn sites!!!

Shorty
10-03-2005, 04:08 AM
We have Norton, Shorty. Any idea how you got the virus? I'd like to avoid it if I can.....

Umm yeah, I got an idea hehe...

LOL, Stay off the porn sites!!!

Me? Porn?? hehe Now what makes you think that? :P

arthureld
10-03-2005, 04:19 AM
We have Norton, Shorty. Any idea how you got the virus? I'd like to avoid it if I can.....

Umm yeah, I got an idea hehe...

LOL, Stay off the porn sites!!!

Me? Porn?? hehe Now what makes you think that? :P

Yer more likely to get viruses from downloading cracked software or illegal music than from porn.
Don't ask how I know that. :lol:

Wide
10-03-2005, 05:35 AM
What about cracked porn? ^_^ ^_^

arthureld
10-03-2005, 06:05 AM
What about cracked porn? ^_^ ^_^

butt crack? :blink2:

Shorty
10-03-2005, 06:48 AM
What about cracked porn? ^_^ ^_^

Jimmy cracked porn and I dont care. kam

I ran McAfee as recommended to me by a good friend and my virus has been found and eradicated! Yeeehaw. I love you guys! :lol:

arthureld
10-03-2005, 07:04 AM
What about cracked porn? ^_^ ^_^

Jimmy cracked porn and I dont care. kam

I ran McAfee as recommended to me by a good friend and my virus has been found and eradicated! Yeeehaw. I love you guys! :lol:

That's great news Shorty. woot

macsRKC
10-19-2005, 03:28 PM
Old post, but I have very good results running Trendmicro's Housecall. Its a free, online virus scan and also looks for spyware and MS security holes.

hogwylde
10-21-2005, 01:07 AM
I had the same pop-up, but then realized I merely opened the attachment Shorty attached. PHEW!...........LOL

To get rid of it, I clicked on the little red X in the top right hand corner. Hope that is of some help... :rolleyes:

Shorty
10-21-2005, 07:51 AM
I had the same pop-up, but then realized I merely opened the attachment Shorty attached. PHEW!...........LOL

To get rid of it, I clicked on the little red X in the top right hand corner. Hope that is of some help... :rolleyes:

hehe smart ass :P