Help... i have been infected with some internet virus thing

**robertjuric** · 10-11-2003, 11:32 AM

Check your add/remove programs for anything that shouldnt be there. You might could try to use Ad-Aware, that might help.

If not you could always completely uninstall both of the programs and reinstall.

Is it just AIM and IE?

**thatgoofytroll** · 10-11-2003, 12:50 PM

nope nothing in add/remove..
im gonna try ad aware.

and yes to the best of my knowledge its just IE and AIM

**thatgoofytroll** · 10-11-2003, 02:44 PM

ok... a friend said they killed it by deleteing files mshta.exe and av.exe
ill come back when i found out if they worked

(ad-aware did NOT work)

**thatgoofytroll** · 10-11-2003, 03:17 PM

well i thnk i got it....

i deleted the files, then restarted... and did this about 3 times... when mshta.exe wudnt go away i just took it off archive and put it as read only....

its working so far...

**OfficerGoat** · 10-11-2003, 03:35 PM

To get rid of that file boot the machine in safe mode.... (F8 during boot up and select safe mode) This will unlock the files. Blow it away and that will kill that part. You may have to tweak the registry to fully remove that from I.E.

**CoFFeY[NiTrO]** · 10-11-2003, 04:23 PM

How would I get rid of these two processes that start up whenever I log into WindowsXP?

They are called
DownloadPlus.exe
realsched.exe or something like that.

Ad-Aware can't find it, and theres nothing in the Add/Remove thing. Also the LogiTech keyboard I have doesn't 'turn on' until I'm at the user log-in screen.

**PyRo** · 10-11-2003, 04:28 PM

Have you tried add/remove programs and seeing if they are in the list? Or just search for the files on your computer?

**mikey101** · 10-11-2003, 04:36 PM

try going to start-run then type in msconfig and go to startup. see if the files are in there, if so, uncheck the box next to them.

**thatgoofytroll** · 10-11-2003, 05:43 PM

yeah msconfig is where to go, especially if you dont know how to delete the files themselves.

**dave_p** · 10-11-2003, 07:20 PM

the internet is the modern equivelent of the wild west. to travel it unarmed is very unwise. heres a few places to arm yourself:

Counterexploitation [cexx.org]

http://www.cexx.org/

https://www.happyhacker.org

Home of Gibson Research Corporation

https://www.grc.com

Steve Gibson's and Gibson Research Corporation's Web homepage.

**AFRaven** · 10-11-2003, 07:49 PM

I got this today also. I also fixed it today. Here's how:

1. Restart your computer

2. Before Windows loads, hit F8 and boot in Safe Mode.

3. Click: Start/Search/For Files or Folders

4. Type in "av" and press search

5. Delete and files named "av.exe" or "av". You are done the first part.

6. Click: Start/Run

7. Type "Regedit"

8. Browse to "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run"

9. Delete the "Antivirus" key with a value of "c:\av.exe"

10. Browse to "HKEY_CURRENT)USER\Software\Microsoft\Internet Explorer\Explorer Bars\[Random Numbers]\FilesNamedMRU"

11. Delete the "000" Key with a value of "av.exe"

12. Close "Regedit"

13. Click: Start/Settings/Control Panels/Internet Options

14. Change your default homepage to www.yahoo.com (or whatever you want it to be)

15. Restart your computer, this time NOT in Safe Mode.

16. Log on to AIM, and change your profile.

That should be it. I hope this works for you, and tell your friends to do the same thing.

Edit: Forgot to mention, Spybot and Ad-Aware won't work. Also, virus scanners won't pick it up.

Help... i have been infected with some internet virus thing

Help... i have been infected with some internet virus thing

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment