-
Elliandr Go to post #315843
Because it directs attention. That is what they are for. I do that in forums when I have multiple points to respond to.
Back on topic please? -
Elliandr Go to post #315837
I rans topsign free scan. (any scan will do as long as you can see it.) and looked for some key file names.
the one that loaded :!!!: was located in C:\Windows\System32 ... I *think* it was named Appmgr.exe It was the only program with that icon though so should be easy to find. It also had some other files in there tied to it. If you don't scan, they are typically files that have been modified on that day (unless you installed something that day, in which case not sure.) It had some files in .tmp to restore itself, and some files in C:Windows\System32\1024
I was only able to delete it by loading the computer in Safe Mode. It won't load in safe mode, even if you enable Network in safemode. Otherwise, no removal tool seems able to really get rid of it.
If you ended up also getting another program that makes a big Red Square pop up over the taskbar, that one was also in C:\Windows\System32 but it loaded even in safe mode with Network. I was able to remove that by safe mode without network.
I'm sorry I forgot to write down the file names.
oh, but I would suggest not doing it that way. Seems although I am clean, something I had to remove was important or something so my computer isn't working right. (yet still better than it was before, much less annoying.)
You might also want to give Zonealarm a try. At the very least, it can stop many of the intrusions associated with a trojan and keep forced installs from happening. There are actually people out there who will scan random IPs multiple times a given second for access, so I ended up having like 10 blocked intrusions every second while I was infected with Kelly.exe - I would have used it with this problem, but mine expired and I am cheap.Wait, wait, go back to the Spy Falcon thing. How did you get rid of it?
-
Elliandr Go to post #315835
Stopsign is NOT a big scam. I have used it before and it worked. It removed an infection that all other programs would not. (and no, it did not give it to me. I was at wits end with a virus that infected all exe files and AVG wanted to delete them, but if I lost those files windows would not work so I saw them on TV and gave it a try.) I also experianced positive customer service in resolving my issue. My only problem with them is that it is expensive. At least, more expensive than other services. But because they promise to make a custom remover if their program will not work, it can be worth it. Although in this case, I just used the program to locate the infections, I don't think it is right to say stuff about a program that isn't true.
Furthermore, Adaware didn't really work in this case. It could not detect all the files, and was unable to remove them. I love the program, but it doesn't always work.
I have never heard of Spybot S&D, Hijack this, or Windows Defender. Where can I find them and what do they do?
...
Is there any programs that would scan my computer for missing windows or registry files? In manually deleting some of the infected files, I lost my USB functionality, my Taskbar changed a bit (basically, imagine looking at a windows 98 taskbar while running XP), startup has slowndown a bit and over "start" and "date" I get a bit blue sqare as it loads. I get some kind of error message, saying it cannot load 'SquareSquare' (not the words, the actual characters) from the Registry or Programs, but in the task Manager I cannot remove that. I also, while running the system, get occasion instabilities where something just stops responding. A few programs won't work at all anymore.
Is there anything I can do about all this, other than reinstalling windows?Ugh....dont use StopSign!!!!!!
Stick to the trusted ones - AdAware, Spybot S&D, HijackThis, WINDOWS DEFENDER, Webroot Spysweeper.
StopSign is a big scam. -
Elliandr Go to post #315227
I think I finally got rid of it. I figured that becuase i ran in safemode with network support, it was enabling it to load. When I ran in normal safe mode, it didn't, so I used Stopsign to scan for it then just deleted the files manually.
It was so annoying. But not the most annoying. I am just lucky it wasn't the type to infect files.
Now, I have a new problem. Every time windows loads up, I get two error messages. It fails to load some program, then says it fails to find it in the registry, and it is just a line of Square Characters. I try disabling it in msconfig, but each reboot brings it back. It's just an annoyance though, but I do wonder what kind of program would use characters not on the keyboard. (reminds me of a virus I once had which renames everything to characters not on the keyboard, and even the hard drive name, which prevented even selecting it on the partition table since I could not type in the Hard drive name to select.)
I also now no longer have the flashy Windows XP tyle taskbar. Not sure why that happened. Although it isn't a really big deal, I am curious to know what files make it appear, and what loads it. -
Elliandr Go to post #315199
I ran the computer in safemode, so most of the infected files did not load, then manually deleted them. Most of them were in System32, or System32/1024, a few were temp files, some were dll, some were exe. Basically, acting more as a program than something that infects other files. However, one program which was installed by it that only advertises one program called "Spy Falcon" is still stuck on my computer, since it decided to run even in safemode.
http://www.spyfalcon.com/?aff=259 (I would recomend not getting it since it is ad by spyware)
Since manuallt deleting the other infected files, now I am stuck with a new problem. When I load my computer, SVGHOST gets some error and crashes. Even though I can hear windows sounds, I cannot play any media file because, as it says, I don't have an Audio Device, but windows says it is working fine. And I am seeing that download button again, and don't know what I can do about it.