Went to a website i shouldn't have and now i have some virus...

Netsh runs on startup in dos, regardless of all the spyware and virus i remove in windows prior to startup. Task manager is disabled. I scanned for spyware and viruses in safemode and regular mode and it keeps coming back... any ideas on what to do?

do you know exactly where it is located or called?

tried using stinger tool to remove it?

I scanned for spyware and viruses in safemode and regular mode and it keeps coming back... any ideas on what to do?

If your using XP, try disabling system restore, then scan and remove again.

What antivirus are you using? What's the name of what you caught?

And use a different browser like Opera if you're going to frequent those sites, and a quality antivirus with an internet monitor module.

i am using symantec and ad aware and spybot.

I was able to restore my task manager and located a few programs causing "Windows has detected spyware blah blah" to pop up over and over again. The files were winstalls.exe and sndserv.exe. Once i closed those 2 files the pops-ups stop. but the Netsh dos exe file still runs when windows starts.

What is stinger tool,

also there are alot of virus names that come up...

I was looking for a "certain file" that will give me a discount on software... (ive done it many a time before, but for some reason this time i got a virus)

winstall...yeah, you have a variant of a w32spybot trojan, comes in many flavors.

Download, install and run CCleaner first. Also system restore is disabled, right?

Able to get any internet access on the rig? If so, get some more capable tools than Symantec, I'd go with an online scan at Trendmicro, and Kapersky. Also download a trial of Spysweeper, run several scans for a couple of days.

yeah i still have internet access, and no sys restore not off... doing so now :)

i will have to do all those scan when i get home :), i have been working on my laptop at work runnign scans and such

Also is there any way that netsh.exe doesn't pop up?

thanks for the help

last time I got something similar I had to work for over 2hrs to remove it.. I used adaware, virus protection of whatever desn't matter as long as it picks it up, booted a few times in safemode to do the scans also.. but the biggest help I found was a regedit tool I downloaded that allowed me to figure out where the file was that kept creating the other files to delete it so it wouldn't keep making its own annoying stuff when I rebooted each time. Its a nice little tool as long as you know what is what before deleting it.

feel free to help yourself


regedit tool (http://users.adelphia.net/~1frankster/regcleaner.exe)

i alreyad had regcleaner, but dont know how that would help me locate what is getting loaded

Prior to doing anything XP users MUST disable System Restore!!! You can re enable it after you are clean.

1. Download, install and run CrapCleaner (http://www.ccleaner.com) to remove any temporary and junk files.

2. Download Ad-Aware SE 1.06 (http://www.majorgeeks.com/download506.html) and set it up as shown HERE (http://broadbandnuts.com/drtweak/index.php?board=4;action=display;threadid=40).

3. Download SpyBot Search & Destroy 1.4 (http://www.safer-networking.org/index.php?page=download) and set it up as shown HERE (http://broadbandnuts.com/drtweak/index.php?board=4;action=display;threadid=41).

4. Download and run CWShredder 2.19 (http://www.trendmicro.com/cwshredder).

5. Download, update and scan with Spy Sweeper 4.5 (http://www.webroot.com/wb/products/spysweeper/index.php), there is a FREE 15-day trial and it is an EXCELLENT product. There is no need to use it's real-time protection, so uncheck all of those options.

6. Download Ewido Anti-Malware 3.5 (http://www.ewido.net/en/download) and set it up as shown HERE (http://broadbandnuts.com/drtweak/index.php?board=4;action=display;threadid=126).

7. Unless you are already using Kaspersky Antivirus do a FREE online virus scan from Kaspersky Online Scanner (http://www.kaspersky.com/service?chapter=161739400), make sure to check the option to use the EXTENDED DATABASE option listed under "Scanning Options".

8. It it also a good idea to run the Winsock Fix (http://www.snapfiles.com/get/winsockxpfix.html) to repair your TCP/IP stack. (you will have to redo any tweaks for your connection if this is used)

9. If after doing ALL of the above and you are still having problems please scan with HijackThis 1.99.1 (http://www.majorgeeks.com/download3155.html) as shown HERE (http://broadbandnuts.com/drtweak/index.php?board=4;action=display;threadid=58) and post a log here in this forum for us to look at.

10. Download SpywareBlaster 3.4 (http://www.javacoolsoftware.com/spywareblaster.html) and set it up as shown HERE (http://broadbandnuts.com/drtweak/index.php?board=4;action=display;threadid=42) to help stay spyware free.

11. Make sure you have ALL of the latest Windows Updates (only install SP2 for XP once you are spyware FREE).

:)

Then dump Norton and buy Kaspersky or NOD32.... a real antivirus program. ;)

thanks for the post :)

well i scanned with kaspersky and it found a few files... but there is no delete or clean button... what do i do now?

thanks for the post :)

well i scanned with kaspersky and it found a few files... but there is no delete or clean button... what do i do now?


The online scan will only remove viruses, not other types of malware. Since it showed what files were malicious you should boot into safe mode and delete them. You can also uninstall Norton and then use Norton's removal tool, SymNRT (http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html), to clean up the left over files then install the trial of Kaspersky. If you choose to do so I would recommend using the settings I suggest HERE (http://broadbandnuts.com/drtweak/index.php?board=4;action=display;threadid=103).

:)

woooo finnaly its gone :) thanks guys

woooo finnaly its gone :) thanks guys

Did you learn a lesson here?

Did you learn a lesson here?

Dad ?

Dad ?


Look at the AV, obviously its his mother!

Look at the AV, obviously its his mother!


Lol