how can i remove a virus

Pyxel Studio · #1 2009-11-03, 01:44 PM CST

Hi all, i have done some research and i can't seem to find a very good
tutorial or help on this problem, i have a dual boot pc, windows vista and
fedora 11, i want to remove some virus that i have on windows and also
on a portable hard drive, can some one tell me step by step on how to do
this.

Iron_Mike · #2 2009-11-03, 02:02 PM CST

How do you know you have a virus? The program that identified the virus should be able to remove it.

Dies · #3 2009-11-03, 02:30 PM CST

Sure.

Step 1 - Delete any and all files related to virus
Step 2 - Reverse any and all changes this virus may have made to the system

There you have it, a step by step as vague and as valid as your question.

badger_fruit · #4 2009-11-03, 02:41 PM CST

Quote:

Originally Posted by Pyxel Studio

i want to remove some virus that i have on windows and also
on a portable hard drive, can some one tell me step by step on how to do
this.

This is not a windows forum - although people here use it at some point, it's totally different.
It's like me posting in a Ferrari forum about a problem about a problem I have with a Vauxhall just because I drove a Ferrari once.

Virus removal is a tricky process, having done it myself on a friend's windows XP machine.
All I can advise is you:-

Disconnect from the internet (remove LAN/Network cable)
Run an Anti-virus program from safe mode (assuming Vista has a safe-mode).
Plug in the portable drive and scan that too. IIRC safe-mode should disable auto-run of inserted devices.

But seriously, ditch Vista and replace with Win7 if you really want/need Windows - get protection BEFORE you go online though

***bob*** · #5 2009-11-03, 02:48 PM CST

Here's the best method that I've had for my Windows friends. I personally run this in Safe Mode to avoid having the viruses load any more than absolutely necessary at start-up.

The top three links are to the tools and the instructions follow:

Sysclean: http://www.trendmicro.com/download/dcs.asp
LPT Virus Pattern files: http://www.trendmicro.com/download/viruspattern.asp
Spyware Pattern files: http://www.trendmicro.com/download/spywarepattern.asp

I. Description

This self-extracting archive is a stand-alone fix package that
incorporates the Trend Micro VSAPI Malware and Spyware scanning engines
as well as the Trend Micro Damage Cleanup Engine and Template.

This tool supports the following features:

o Terminate all detected malware/spyware instances in memory
o Remove malware/spyware registry entries
o Remove malware/spyware entries from system files
o Scan for and delete all detected malware/spyware copies in all local
drives

II. File List

o sysclean.com - the main executable module
o readme.txt - this file
o lpt$vpn.XXX - malware pattern file (see Requirements)
o ssapiptn.da5 - spyware pattern file (see Requirements)

III. Requirements

1. Download the latest versions of the following pattern files:

lpt$vpn.XXX in ZIP format as lptXXX.ZIP

from the following location:
<http://www.trendmicro.com/download/viruspattern.asp>

ssapiptn.da5 in ZIP format as ssapiptnXXX.ZIP

from the following location:
<http://www.trendmicro.com/download/spywarepattern.asp>

These files must be saved in the same folder where you run
this fix package.

2. This tool is designed to run under Windows NT/2000/XP/2003/VISTA 32-bit.

For users running Windows NT 4.0, you need to copy the file, PSAPI.DLL,
to the Windows system directory, which is usually C:\WINNT\system32.
You can find the file in the Windows NT 4.0 Setup CD at the
following locations:
\Support\Debug\i386\PSAPI.DLL

3. The Trend Micro Spyware Engine only supports Windows 2000/XP/2003/VISTA 32-bit
systems. The spyware scan feature is disabled in lower versions of
the Microsoft operating systems.

IV. How to Use
Performing System Scan and Cleanup

1. Create a temporary folder and copy SYSCLEAN.COM into this folder.

NOTE: This temporary folder should be created on a local or mapped drive.

2. Download latest malware and spyware pattern files.
Extract the downloaded ZIP pattern files into the created folder.

3. Close all applications running on your system, including any
antivirus software.

4. Run the executable file, SYSCLEAN.COM, by either:

a. Double-clicking the tool in Windows Explorer.
b. Executing it via command prompt using syntax based on the
aforementioned parameters.

5. Enable any antivirus software that is installed on your system and
perform a manual scan.

NOTE: This fix tool generates the log file, SYSCLEAN.LOG, in its
current folder.

Good luck with it.

Dies · #6 2009-11-03, 02:52 PM CST

Wow!
Bob, so you really just keep that info handy like that?

You must have some really dopey "Windows friends".

***bob*** · #7 2009-11-03, 04:01 PM CST

They are spread all across the east coast, so I sometimes have to email them the info. This is all copy/paste from Trend Micro's website, btw.

The nice thing with it is that there's an anti-virus tool, but also an anti-spyware tool involved, since most of the crapola today is likely spyware-related. Attack it with this, whatever virus tool your protection has provided, Spybot and Ad-Aware and you've got at least a good chance of success.

However, these days the attacks are much tougher to battle. My belief is that Win7 is a serious necessity if you skipped Vista.

JN4OldSchool · #8 2009-11-03, 04:12 PM CST

Quote:

Originally Posted by bob

They are spread all across the east coast, so I sometimes have to email them the info. This is all copy/paste from Trend Micro's website, btw.

The nice thing with it is that there's an anti-virus tool, but also an anti-spyware tool involved, since most of the crapola today is likely spyware-related. Attack it with this, whatever virus tool your protection has provided, Spybot and Ad-Aware and you've got at least a good chance of success.

However, these days the attacks are much tougher to battle. My belief is that Win7 is a serious necessity if you skipped Vista.

I would agree. It is too bad Vista got off to such a rocky start because the common advice/willingness to hang on to XP is actually a very bad policy.

I did note that the OP says it is Vista that has the virus. My advice would be once you get it cleaned up to find out what you did wrong so it will not happen again. If you do not install it you will not get infected.

Dies · #9 2009-11-03, 04:51 PM CST

Quote:

Originally Posted by JN4OldSchool

...
If you do not install it you will not get infected.

Not entirely true if you're using Internet Explorer.

Playing with Win7, if I hadn't had the free Microsoft Security Essentials installed, this machine would've already been infected with something. Amazingly enough all the times that a 'drive-by' was tried, they all seem to be attempts to exploit holes in Adobe products.

Oh, for anyone who doesn't already have anti-virus or who's looking for a different one, I prefer this since it seems to not be a hog like most others

http://www.microsoft.com/security_essentials/

kyryder · #10 2009-11-03, 04:57 PM CST

I have had some success with clamav from a Fedora live cd to remove viruses. The --remove switch has worked for all but one thing that was easily deleted with BCwipe.

***bob*** · #11 2009-11-03, 04:58 PM CST

My oh my, is MS finally giving anti-virus/anti-spam protection without charge? It's about time, IMHO.

JN4OldSchool · #12 2009-11-03, 05:24 PM CST

I hate IE. Never use it.

stevea · #13 2009-11-03, 05:31 PM CST

Want to remove the viruses - find the windows partition and clean it ...

for dev in $(fdisk -l | grep -i ntfs | cut -d' ' -f1) ; do dd if=/dev/zero of=$dev; done

Noobs - DON'T do the above - it's a joke.

GreyWizzard · #14 2009-11-04, 10:48 AM CST

Quote:

Originally Posted by stevea

Want to remove the viruses - find the windows partition and clean it ...

for dev in $(fdisk -l | grep -i ntfs | cut -d' ' -f1) ; do dd if=/dev/zero of=$dev; done

Noobs - DON'T do the above - it's a joke.

OMG!! What happened to my Windoze drive?!?!?

Stevea, you got me into this. How do I get it all back now???