Can't get rid of Infostealer.Gampass

[Writer1]

Norton told me I had Infostealer.Gampass after a scan but couldn't remove it. I uninstalled Norton, installed Spysweeper with Virus protector and ran a scan. Nothing. I also installed SpywareBlaster and AVG spyware and get nothng but I don't think it's gone. I have turned off system restore. What can I do?

Thank you.
Writer1

 

[kiyhkuj]

why have u turned off system restore?
To turn on system restore go to:
1. right click on my computer, and go to properties.
2.Go to system restore tab and uncheck 'Turn off system restore on all drives'.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Turning off system restore was a bad move. As kiyhkuj quite rightly says, you should turn system restore back on.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of Writer1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Writer1]

In one of the things I was looking at it said to turn off system restore becasue if I restored it would be with the Infostealer.gampass in it.

Ok, have turned system restore back on.

 

[howard_hopkinso]

That`s a common misconception. You shouldn`t turn off system restore until you finished cleaning. better to be able to restore even to and infected system, than not be able to restore at all, if something goes wrong.

Regards Howard

This thread is for the use of Writer1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Writer1]

Have Quicken on my desktop. I hadn't put it on my laptop becasue I didn't think it would be safe! Now my desktop is compromised!

I backed up with retrospect last week to my desktop hard drive. That will have all my pictures. I believe my Quicken is backed up but if I do a back up with it now will it have the Infostealer.Gampass in it?

So this means I'm wiping my hard drive clean and starting over?
Bit nervous about it. Do you think this is what I need to do?

 

[howard_hopkinso]

If you use your computer for online banking etc, then a reformat is probably the best way to proceed.

Otherwise, follow the instructions and post the requested log files etc.

Regards Howard

This thread is for the use of Writer1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Writer1]

Norton said it was at documentsandsettings\max&rodagrubb\localsettings\temp\cc1fa.tmp
I can't find this file on the computer. Can't find the local settings. i have looked everywhere.

Is there a step by step on how to reformate?
Thank you.

 

[howard_hopkinso]

You need to do the following.

Diconnect from the net and don`t reconnect, until you have your firewall software installed.

1 Restart your computer and go to setup usually by pressing the F2 or delete key.

2 Once you get into setup look for the boot menu and make sure you set it to boot from cd first followed by your hard drive.

3 Put the Windows xp disk into your cd drive.

4 Now save your settings and exit setup.

5 While your computer is booting you will see a message that says "press any key to boot from cd" press any key.

6 When the welcome to setup screen appears press enter and then press F8 to accept the Microsoft licence agreement.

7 You will be prompted to repair an installation press the escape key.

8 Now select the partition that you want to reformat and press the D key to delete it you will be asked to confirm that you want to delete the partition.

9 Now press C to create a brand new partition you will be asked what size you want the partition to be in mega bytes. If you just press enter then the partition will be the maximum size that you can have. This is perfectly ok if you don`t want to create multiple partitions.

10 You will now be asked to format the partition select the ntfs file sytem and do a full format.

11 Once the format is complete setup will continue.

Your computer will restart during the remaining setup again you will be asked to press any key to boot from cd DO NOT PRESS ANYTHING and setup will continue. Once the setup is complete and you are back in Windows remove the Windows cd from your cd drive.

Install your firewall software and reconnect to the net. Install whatever drivers you need, then run Windows updates.

Finally, install whatever programmes/software you want.

Regards Howard

This thread is for the use of Writer1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Writer1]

Thank you so much. I'm nervous about this especially since I've just discovered my Quicken backup disks aren't where they ALWAYS are! But I shall percevere.

Thank you.

I have retrospect on my desktop harddrive. If I follow their Disaster Recovery Information will it reload my computer including the programs?

 

[howard_hopkinso]

I have no idea about that, as I have no experience of the Retrospect software.

I still think a reformat and reinstall is the best way to proceed, as this is the most effective way of making sure your system is clean.

Regards Howard

This thread is for the use of Writer1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.