Virus that cannot be removed

[frankcpl]

Been working on removing viruses for 3 days now, but never seem to get it right. any help would be appreciated.

 

[Jimbo420]

Sometimes only way to get rid of a Virus to is to format and reinstall.

 

[frankcpl]

That makes since, but is there any help for my computer?

 

[Peddant]

Do you know what the viruses were ? What are the symptoms ? Have you run the scans in safe mode with system restore off ?

 

[frankcpl]

Am not able to run a virus checker. Norton has become currupted, and not able to run trendmicro off the web. Cannot install AVG because of cannot write to AVG registry. Other symptoms are only can use internet for about 5 minutes then I have to shut down and reboot before using internet again.

 

[Peddant]

Just to clarify,you tried all this in safe mode with networking ?

 

[frankcpl]

Yep, tried in safe mood with networking and withoutnetworking.

 

[Peddant]

Unless howard hopkinso finds something in your HJT,Jimbo420s suggestion is starting to look like the correct one.

 

[frankcpl]

I am afraid that may be my last option. I just really hope not.

 

[Jimbo420]

It happens to the best of us sometimes. Which is why always good to have your important stuff on back up.

 

[frankcpl]

Yep, important information(docs pics) are backed up, just not programs that cds were destroyed by fire

 

[frankcpl]

I am tring something that just dawn on me. I have another computer available so I am going to try putting the infected hard drive on the other pc and run a virus checker form that way, any comments if this will work or am I wasting my time?

 

[howard_hopkinso]

Hello and welcome to Techspot.

Boot into safe mode. See how HERE.

Turn off system restore. See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE

Open your task manager, by pressing the ctrl/alt/delete keys together.

Click on the processes tab, and end process for(if there).

winlogin.exe
g1.exe

Close task manager.

Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\RunOnce: [winlogon] winlogin.exe

Fix all 016 DPF entries.

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

Now click on the fix checked button.

Close HJT.

Click start/run, and type services.msc into the run box, and press the enter key.

When the window appears, maximise it. Locate the above 023 service, and double click on it. If it`s running, select stop. Set the startup type to disabled. Click apply/ok.

Locate, and delete the following bold files(if there).

winlogin.exe
g1.exe

Reboot into normal mode, and turn system restore back on.

Regards Howard :wave: :wave: