[joshuageeks6999]

LET'S DO IT!!! ....at least, that's my first thought!...I like doing things the HARD way sometimes....

but, i'm not sure if it seems smart...will we be 100%? what about the other accounts? are you going to do this totally by hand!!!???

...and it does seem that i can easily upgrade the protection if I reload the OS...SP2 etc...

...what's your best judgement...? would it not be a cleaner system if i start with a clean drive...that is, can i truly trust that we've got them all...enough to restart the bank account programs, etc???

Please, weigh in on this with your best opinion!! joshua

[Advertisements]

Next, I need you to disable System Restore (you have, oh, about 1,000 trojans hiding in your System Restore! Disabling System Restore will clear them all OUT!):

*On the Desktop, right-click My Computer.
*Click Properties.
*Click the System Restore tab.
*Check Turn off System Restore.
*Click Apply, and then click OK.

[Michelle]

Next, I need you to disable System Restore (you have, oh, about 1,000 trojans hiding in your System Restore! Disabling System Restore will clear them all OUT!):

*On the Desktop, right-click My Computer.
*Click Properties.
*Click the System Restore tab.
*Check Turn off System Restore.
*Click Apply, and then click OK.

[Michelle]

Joshua - you're just going to have to trust me!!

[joshuageeks6999]

Oh, here...with you...I'm learning about trust....I just pulled the blindfold a little bit more snug....

....sysrestore off...

.......i do like to keep my hands free though....


PS...I just don't want you to get hurt if i still decide to wipe out the harddrive.....other issues in play....using it at work in the future....etc....so, please, with all that you're doing here...do understand that I may choose that path even if we get this bear clean. OF COURSE, getting it clean allows me to grab a few things that i need and use them with confidence on my other systems...joshua

[Michelle]

Did you clear out the quarantined items from Norton and MS Anti-Spyware?

[Michelle]

I need you to copy all of these instructions and paste them into a notepad and save it for use while in safe mode.

1) Please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) Select "Delete on Reboot".

4) Open the notepad file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\WINDOWS\BHOASSUI.exe
C:\WINDOWS\corelsys.dll
C:\WINDOWS\stlbd.dll
C:\WINDOWS\System32\corelsys.dll
C:\ntdetect_hta.vir
C:\Program Files\URLToysPerlSA\lib\WWW\URLToys.pm
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc40.exe
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc41.exe
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc45.exe
C:\RECYCLER\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc46.exe
C:\RECYCLER\xxx\Dc53\Dc51\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc49\S-1-5-21-3133878665-3290079477-1788334251-1003\Dc21\Dc14.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\d_alexeyman.exe
C:\WINDOWS\Downloaded Program Files\d_alexeyman.exe

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Let the system reboot.

[joshuageeks6999]

No...did you ask me to?? You mean last week...what??

I don't think we've discussed Norton or MS Anti today....first of all, Norton isn't working and i was asking you for help uninstalling it when you suggested Panda which i have run today. I did run MS Anti early today before we started discussing this....??

[Michelle]

Joshua - yes we did. Let me refer you to post 75 from just a little bit ago:

Joshua - I got it (nearly froze up my MS word haha j/k)

Ok, this isn't going to take as long as I thought!  Most of the infected items are quarantined! YAY!  Go here:

C:\Program Files\Norton AntiVirus\Quarantine

Delete EVERYTHING that is quarantined there (don't delete the Quarantine folder just the items in it).

Or an alternative way is to open Norton, click on "reports", then click on "View Report" under Quarantined Items and delete everything in there.

Then I need you to go into Microsoft Anti-Spyware program and delete everything it has quarantined also.

[joshuageeks6999]

Oops...sorry ...right after a comment to sysdba, i went over there and looked around a bit...then on to a new forum page here....

okay, so i explored the quarantine folder...about a thousand things in it...do i have to delete/ yes / okay to recycle for everyone?? a faster way.....??

Norton not working at last check...will try again while i await your response...will go ahead with MS Anti...

Also, should i delete the Folders inside the quarantine folder eg. Portal etc...joshua

[Michelle]

1.) I can fix Norton Auto-Protect/E-mail scanning - no problem just a little registry edit.

2.) Delete absolutely EVERYTHING in that folder. No, I don't know a quicker way!

3.) Norton is obviously working otherwise it wouldn't have quarantined umpteen thousand viruses.

[joshuageeks6999]

Norton was working for 1 1/2 years, but is not working now...can not get into reports, run scans, etc...

When i enter the Quarantine folder and start deleting, it responds by making copies of the files i'm deleting and labeling them Copy of ..... etc...

i've tried right click, left click, moving to recycle etc...same result...just makes a copy

Can i delete the whole folder and then create a new folder that's empty??

I tried to delete the folder, wouldn't let me...

Edited by joshuageeks6999, 25 April 2005 - 10:57 PM.

[Michelle]

Please follow my directions in post 81.

At the end when your computer is restarting, tap the f8 key to boot into safe mode, then try deleting the Norton quarantined items.

[joshuageeks6999]

whewwww!!!...well, i had a small seizure and my left hand is still sort of spazzing out...'delete enter delete enter delete enter delete enter delete enter delete enter delete enter delete enter....but its done...post 81 and deleted all files in the Quarantine folder (ps..why did i do that?? if you don't mind me asking...remember, i've been right there trying...but since my hand's shaking, i've got to ask...WHY???...you can answer off-forum if you like...you know, if it's personal...if you were just playing with me...now that i've deleted 1405 files one at a time!!!!!!!!!!)...

...and deleted the two files from MS antispy quarantine...and now what...joshua

[Michelle]

Why did you delete VIRUSES out of the quarantine folder? I figured that was pretty self-explanatory! Although they're in quarantine, they are still malware and I don't want them on your computer!!

Also, in Killbox did you have "delete on reboot" clicked or "standard file kill"? You shouldn't have had to keep hitting the X unless it was on standard file kill - one time woulda done it!

Please run MWav again to make sure we didn't miss any files (quite sure we got ALL of them, but I like to know FOR SURE!)

[Michelle]

EMPTY YOUR RECYCLE BIN!!!! before running MWav!!