Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Need help removing a virus!!!

  1. #1

    Join Date
    Jan 2010
    Location
    St.Helens
    Posts
    645
    Thanks
    115
    Thanked 33 Times in 29 Posts
    Rep Power
    1

    Default Need help removing a virus!!!

    dfg.exe to be exact.

    MSSE removes it then asks to restart. After restart it comes back.

    It claims to be a "data recovery" thing. It isnt, MSSE says its a Trojan.

    How do i get rid?

    Its my Dad's PC and my sister has been on it and royally ****ed it up.

    Oh and its only on one user account. Which is strange. Il try deleting the account.

    Thanks

    Core i5 4690K | ASUS Z97-AR | HyperX Blu 8GB | WD Green 2TB | EVGA GTX 970 SC | Silverstone TJ07

  2. #2
    Moderator Snakedoc's Avatar
    Join Date
    Jan 2010
    Location
    Harran
    Posts
    17,733
    Thanks
    2,107
    Thanked 3,321 Times in 2,142 Posts
    Rep Power
    11

    Default

    Try Ccleaner, Mbam and Superantispyware. Then delete all restore points and reboot.

    Give a man a gun and he can rob a bank. Give a man a bank and he can rob the world.

  3. The Following 2 Users Say Thank You to Snakedoc For This Useful Post:


  4. #3
    Moderator Spaceboy's Avatar
    Join Date
    Aug 2010
    Location
    Leicester
    Posts
    19,343
    Thanks
    4,426
    Thanked 4,100 Times in 3,057 Posts
    Rep Power
    12

    Default

    What snake said
    malwarebytes is where I'd start
    Quote Originally Posted by omega View Post
    as soon as I get home it's #kleenexcentral
    ---------------------------------------------------------------
    Fractal R4 (shhh!) 3570k, z77x-d3h, 8gb, GTX480, 240gb M500, 2x2tb mirror w/ 60gb cache drive

  5. #4
    The Original Bammster Bammy's Avatar
    Join Date
    Nov 2007
    Location
    192.168.0.4
    Posts
    2,250
    Thanks
    615
    Thanked 723 Times in 462 Posts
    Rep Power
    5
    Last edited by Bammy; 4 years ago at around teatime.

  6. #5

    Join Date
    Jan 2010
    Location
    St.Helens
    Posts
    645
    Thanks
    115
    Thanked 33 Times in 29 Posts
    Rep Power
    1

    Default

    Deleted the user account.

    Just ran CCleaner,

    Running Malwarebytes now.

    Then il run superantispyware


    Thanks alot guys!

    Core i5 4690K | ASUS Z97-AR | HyperX Blu 8GB | WD Green 2TB | EVGA GTX 970 SC | Silverstone TJ07

  7. #6
    Moderator Spaceboy's Avatar
    Join Date
    Aug 2010
    Location
    Leicester
    Posts
    19,343
    Thanks
    4,426
    Thanked 4,100 Times in 3,057 Posts
    Rep Power
    12

    Default

    As snake said, don't forget to delete the restore points, viruses hide there sometimes.
    Quote Originally Posted by omega View Post
    as soon as I get home it's #kleenexcentral
    ---------------------------------------------------------------
    Fractal R4 (shhh!) 3570k, z77x-d3h, 8gb, GTX480, 240gb M500, 2x2tb mirror w/ 60gb cache drive

  8. #7
    ( ͡ ͜ʖ ͡)
    Join Date
    Mar 2011
    Location
    London
    Posts
    407
    Thanks
    118
    Thanked 61 Times in 42 Posts
    Rep Power
    1

    Default

    Malwarebytes!

  9. #8

    Join Date
    Jan 2010
    Location
    St.Helens
    Posts
    645
    Thanks
    115
    Thanked 33 Times in 29 Posts
    Rep Power
    1

    Default

    Ye ive just deleted the restore points.

    EDIT: Malwarebytes has just found something 10 minutes in!

    Thanks

    Core i5 4690K | ASUS Z97-AR | HyperX Blu 8GB | WD Green 2TB | EVGA GTX 970 SC | Silverstone TJ07

  10. #9
    Moderator Snakedoc's Avatar
    Join Date
    Jan 2010
    Location
    Harran
    Posts
    17,733
    Thanks
    2,107
    Thanked 3,321 Times in 2,142 Posts
    Rep Power
    11

    Default

    When MBAM scan completes (It can take a couple of hours) make sure when removing infections, that all items are selected. MBAM tends not to select tracking cookies and such so right click on a infection and click "Select all".

    Give a man a gun and he can rob a bank. Give a man a bank and he can rob the world.

  11. #10

    Join Date
    Jan 2010
    Location
    St.Helens
    Posts
    645
    Thanks
    115
    Thanked 33 Times in 29 Posts
    Rep Power
    1

    Default

    Haha!

    The one result with Malwarebytes was RemoveWAT!

    All clean otherwise. Which is good i suppose...

    Core i5 4690K | ASUS Z97-AR | HyperX Blu 8GB | WD Green 2TB | EVGA GTX 970 SC | Silverstone TJ07

  12. #11
    Moderator Snakedoc's Avatar
    Join Date
    Jan 2010
    Location
    Harran
    Posts
    17,733
    Thanks
    2,107
    Thanked 3,321 Times in 2,142 Posts
    Rep Power
    11

    Default

    Oh dear, I hope your Windows is genuine.

    Give a man a gun and he can rob a bank. Give a man a bank and he can rob the world.

  13. #12

    Join Date
    Oct 2011
    Location
    Manchester
    Posts
    32
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    1

    Default

    I would format the Drive...

  14. #13
    I Oc'd my beard in 2012 Tainted's Avatar
    Join Date
    Dec 2009
    Location
    Belfast
    Posts
    2,860
    Thanks
    638
    Thanked 579 Times in 334 Posts
    Rep Power
    2

    Default

    Quote Originally Posted by flyboyovyick View Post
    Haha!

    The one result with Malwarebytes was RemoveWAT!

    All clean otherwise. Which is good i suppose...
    Naughty, naughty!

    Those who believe in telekinetics, raise my hand.

    15 2500k | H60 Cooler | 8GB RAM | GTX 660 Direct CU II OC

  15. #14

    Join Date
    Oct 2010
    Posts
    372
    Thanks
    6
    Thanked 45 Times in 35 Posts
    Rep Power
    1

    Default

    normally i would just use Spybot , but most antiviruses cant check you RESTORE folder so first thing i do is make sure system restore is disabled or any viruses you get rid of can be reinstalled (i think)

  16. #15
    MICHELIN -gate Aaron's Avatar
    Join Date
    May 2006
    Posts
    26,377
    Thanks
    735
    Thanked 2,554 Times in 1,769 Posts
    Rep Power
    15

    Default

    I think its more that it appears the user is potentially stealing the software and using a pirated/non registered version.

    Not a good idea to post that you have that file on your computer. And definitely not on the forum of a Microsoft Partner who may be obliged to report the IP to MS. But it is a great way of ringing the forum alarm bells and making sure you're watched very closely!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •