I recently got my tablet pc about a week ago and when I installed McAfee virus scan last night it said I had sdbot.worm. I removed it, but since then, I keep seeing different variations of the virus on my system. McAfee deletes the file, but then not too much time later, another variation shows up. I chech the registry every time the virus is removed to make sure it's out of my system, but I guess it never is. Any tips on how to remove it for good?
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
how to remove a virus that keeps coming back?
- Thread starter iTWoRxbRo
- Start date
Schadenfroh
Elite Member
1. Is system restore enabled? if it is, disable it, malware returns thru it.
2. Is your machine running SP2?
3. Do you have a firewall / router?
2. Is your machine running SP2?
3. Do you have a firewall / router?
If this doesn't work, the virus is probably being called up through a program that launches at startup.
Go to start >> run >> type "msconfig". Go to the startup tab and uncheck everything, unless you absolutely positively need it to get into windows. Restart, run your virus scan.
go back into MSconfig and turn a couple items back on. Restart, run your scan (you can save time by just scanning the folder/location it keeps coming up in, likely C:\Windows\System32\
If after you turn something on it comes up in a scan, then it is likely that program has an infected file that it can't get cleaned... uninstall the program, run your virus scan, restart, and then reinstall the program.
Funny enough, the most likely candidates for being infected are anti-virus programs.... only preventative is keeping them up-to-date.
Go to start >> run >> type "msconfig". Go to the startup tab and uncheck everything, unless you absolutely positively need it to get into windows. Restart, run your virus scan.
go back into MSconfig and turn a couple items back on. Restart, run your scan (you can save time by just scanning the folder/location it keeps coming up in, likely C:\Windows\System32\
If after you turn something on it comes up in a scan, then it is likely that program has an infected file that it can't get cleaned... uninstall the program, run your virus scan, restart, and then reinstall the program.
Funny enough, the most likely candidates for being infected are anti-virus programs.... only preventative is keeping them up-to-date.
mechBgon
Super Moderator<br>Elite Member
Suggestions:
1) Go through your McAfee configuration menus and confirm that it is using Heuristics, scanning within compressed files, and scanning all files and types without exception, including for adware, spyware, trojans and dialers if those options are available to you.
2) Make sure McAfee runs scans of the entire contents of the hard drives, perhaps overnight.
3) Get your Windows patches and updates, foo 😀 Supplement your router's protection with the Windows Firewall or another software firewall.
4) Log on in Safe Mode, go to Control Panel > User Accounts, and set strong passwords on all of the Administrator-class accounts. Why, you ask? Read McAfee's info under the Network Propogation header on their description of the Spybot.worm family, which now comprises more than 4000 variants.
5) If your router has SPI, enable it.
6) Run Microsoft Baseline Security Analyzer and see how you did.
7) Make an Admin-class account to use just for when you actually need Admin powers, and change your own account to Limited. This is a big stumbling-block to any malware that intends to use your account to do its dirty work. It's like someone stealing your handgun to kill you, only to find out that HAHA, IT ISN'T LOADED, FOOL :evil:
If it were me, I'd just blow away the Windows installation, start over, and get it right from the start this time. But maybe I'd feel differently if I were most of the way through HalfLife 2 or something 😀
1) Go through your McAfee configuration menus and confirm that it is using Heuristics, scanning within compressed files, and scanning all files and types without exception, including for adware, spyware, trojans and dialers if those options are available to you.
2) Make sure McAfee runs scans of the entire contents of the hard drives, perhaps overnight.
3) Get your Windows patches and updates, foo 😀 Supplement your router's protection with the Windows Firewall or another software firewall.
4) Log on in Safe Mode, go to Control Panel > User Accounts, and set strong passwords on all of the Administrator-class accounts. Why, you ask? Read McAfee's info under the Network Propogation header on their description of the Spybot.worm family, which now comprises more than 4000 variants.
5) If your router has SPI, enable it.
6) Run Microsoft Baseline Security Analyzer and see how you did.
7) Make an Admin-class account to use just for when you actually need Admin powers, and change your own account to Limited. This is a big stumbling-block to any malware that intends to use your account to do its dirty work. It's like someone stealing your handgun to kill you, only to find out that HAHA, IT ISN'T LOADED, FOOL :evil:
If it were me, I'd just blow away the Windows installation, start over, and get it right from the start this time. But maybe I'd feel differently if I were most of the way through HalfLife 2 or something 😀
Some worms and trojans - once they get inside your firewall - are very effective at preventing AV programs from finding and deleting them. Your AV program can find and delete infections generated, but it can't find the source of the infections.
One method is to open all running processes, open your browser, and google for information about any running process you are uncertain about. If it's malicious, you'll find a description and suggested removal tactics. Repeat until all processes are confirmed. If it's an authentic process, you'll find about that too.
Some trojans are pretty blatant and obvious - they just quietly install themselves with a quiet setup - and you'll find them simply by close inspection of your Add/Remove Programs listing. Again, if you're not certain about what the program does, google for info about the program before uninstalling it.
One method is to open all running processes, open your browser, and google for information about any running process you are uncertain about. If it's malicious, you'll find a description and suggested removal tactics. Repeat until all processes are confirmed. If it's an authentic process, you'll find about that too.
Some trojans are pretty blatant and obvious - they just quietly install themselves with a quiet setup - and you'll find them simply by close inspection of your Add/Remove Programs listing. Again, if you're not certain about what the program does, google for info about the program before uninstalling it.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
-
-
