Thread: Little virus help please.

  1. #1
    Registered User
    Join Date
    Sep 2006
    Location
    Iowa
    Posts
    14

    Little virus help please.

    Ok, this previouse Friday (December 8) I was gone from my dorm all day, but my roommate need to use a computer so I told him he could use mine. Let's jst say he's not very good with computers, but I didn't see any harm from it. Well, when I got back that night, my computer started acting up. I scanned for virusus but nothing came up. Then, an automated virus scan picked up and deleted to threats, and part of the problem went away. However, it didn't get everything, so after several hours and checking each and every file in my C: drive, I found a new ActiveX Object file that was not there before and was created on December 8. I did not download anything, so whatever got it there was something my roommate did, but let's not go there. Anyway, after finding the file, I was able to delete several parts inside the file, but now there are 5 different parts that I can't get rid of. When I try to delete it, I get the message, "Cannot delete <name of the part>: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

    Ok, I really don't know what the file is doing, so I can't tell if it's in use or not. The only things it's doing to my computer is it is popping up windows telling me I have some virus and to download this stuff to get rid of it. I've gotten more then one product it tells me to download, and I personally don't trust any of them. If anyone has any suggestions or can help me out I would GREATLY appreciate it. Thank You.

  2. #2
    Registered /usr
    Join Date
    Aug 2001
    Location
    Newport, South Wales, UK
    Posts
    1,273
    It's preventing you from deleting certain parts of it because Microsoft's all-encompassing process-that-does-everything (Explorer) has loaded it, locking the file. Pretty standard stuff for rubbish: get in via IE and have fun because you can't be touched.

    You should be able to remove the files by booting into Safe Mode.

  3. #3
    Registered User
    Join Date
    Sep 2006
    Location
    Iowa
    Posts
    14
    So just get into Safe Mode and find the files from there?

  4. #4
    Registered /usr
    Join Date
    Aug 2001
    Location
    Newport, South Wales, UK
    Posts
    1,273
    Easiest way, yes. There's a good chance that something in the system will continue to refer to it, so if possible try running regsvr32 /u on it, e.g.:-
    Code:
    C:\WINDOWS>regsvr32 /u C:\WINDOWS\System32\crappycrapcrap.dll
    This will ensure that the system's registry will stop referring to it.

  5. #5
    Registered User
    Join Date
    Sep 2006
    Location
    Iowa
    Posts
    14
    Ok, I'll try that later tonight and post what I get. Thanks.

  6. #6
    Fear the Reaper...
    Join Date
    Aug 2005
    Location
    Toronto, Ontario, Canada
    Posts
    625
    Are the pop-ups something like SpyDoctor or SpySheriff or some other lame name telling you you have a million viruses on your computer ? Sounds like a Smitfraud deviant. There's an app out there called Smitrem which gets rid of it, I believe.
    Teacher: "You connect with Internet Explorer, but what is your browser? You know, Yahoo, Webcrawler...?" It's great to see the educational system moving in the right direction

  7. #7
    Darkness Prevails Dark_Phoenix's Avatar
    Join Date
    Oct 2006
    Location
    Houston, Texas
    Posts
    174
    I had the exact same problem about a couple weeks ago. I ended up going to symantic's web site and using there free online virus scan tool. There are a couple active x controls you have to download but t worked. It found a trojen that nothing else could find (I do not remember the name of it). I had a lot of problems with it. The site told you how to get rid of it but I still kept getting the popups. I ended up using Windows XP's System Restore to go back to a couple days before. I am not a big fan of these 'GoBack' programs but it worked. Set everything back to normal. Just make sure you back up anything you saved in that time period.

    Hope that helps a little.
    Using Code::Blocks and Windows XP

    In every hero, there COULD be a villain!

  8. #8
    verbose cat
    Join Date
    Jun 2003
    Posts
    209
    I've used Process Explorer to help track down fishy behavior quite nicely. In one case I was trying to delete a folder but it was in use even though I didn't have anything open that was using it (or so I thought). This not only showed me that explorer was accessing the folder (why? It was empty!) but let me remove the reference that was holding the folder in place so I could delete it without having to reboot the computer.

    It'll show you all the file handles, registry handles and processes that a given process is using, so you can use it to find out which processes are running, get more details on the processes that you are worried about, kill the processes, or just make them release a resource so you can delete the file. And at worst, it'll give you more information to use on a websearch.
    abachler: "A great programmer never stops optimizing a piece of code until it consists of nothing but preprocessor directives and comments "

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Trojan horse generic
    By crvenkapa in forum Tech Board
    Replies: 8
    Last Post: 06-04-2007, 08:49 PM
  2. Virus in Commercial Download - Can anyone confirm this?
    By Davros in forum A Brief History of Cprogramming.com
    Replies: 6
    Last Post: 08-03-2004, 05:07 PM
  3. virus help
    By Benzakhar in forum Tech Board
    Replies: 9
    Last Post: 01-20-2004, 12:28 AM
  4. Virus Warning!
    By Hillbillie in forum A Brief History of Cprogramming.com
    Replies: 19
    Last Post: 08-17-2001, 01:22 AM