Solved

how to remove auto.exe virus

Posted on 2008-11-02
8
2,140 Views
Last Modified: 2013-11-22
I got a file auto.exe which includes a virus and each time trying to delete it not able, so please how to delete and remove that virus, I tried Mcfee 2009 but couldn't remove it. any suggestions?
0
Comment
Question by:ashrafsalah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22862736
let's try for it malware bytes after disabling system restore...

then malware bytes...then a hijackthis log...

if not successful, try for the process at safe mode...
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22862810
If you know the name/location of the file you need to delete Pocket killbox does wonders. (download it here: http://oca.microsoft.com/en/windiag.asp) Try the different options involving delete on reboot and replace with dummy file.

In addition (or alternatively) download malwarebytes (http://www.malwarebytes.org/mbam.php - ignore the buy button it is free for our purposes), and run it. I would not recommend disabling system restore until after you have confirmed the virus is removed. Doing so will delete all system restore information and prevent you from using system restore to help remove the virus (or recover the system if removal causes problems or otherwise damages system files).

It is impossible for viruses to get out of system restore unless you perform a system restore. After the system is clean and stable, disable system restore, reboot, re-enable it, and manually create a system restore point. This will delete any traces of the virus in system restore and allow for future use of the system restore feature.
0
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22862825
>>After the system is clean and stable, disable system restore, reboot, re-enable it, and manually >>create a system restore point.

On contrary, before everything applied disable the system restore...

Best regards...
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Accepted Solution

by:
jazzIIIlove earned 50 total points
ID: 22862832
and send us a hijackthis log before the scan by malwarebytes and after the scan...Then have a scan with kaspersky...

hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Kaspersky:
http://www.kaspersky.com/virusscanner

Best regards...
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863148
We could debate on when to disable system restore for a while :p I have no use for system restore so disable it when starting to clean a system because it needs to be at some point anyway and it will speed scan times. However, I also know how to recover the operating system from nearly any corruption viri and their removal can cause. Not all end users have that experience to fall back on.

Either way, skip the McAffee scan, and use the online virus scanner mentioned above. I would also suggest a second online scan, such as Eset's (NOD32 antivirus) - www.eset.com/onlinescan.

If you have problems with these online scans let us know and I'll find the links to the standalone version of NOD32 and others.

0
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22863279
Hi there;

>>We could debate on when to disable system restore for a while :p I have no use for system restore >>so disable it when starting to clean a system because it needs to be at some point anyway and it will >>speed scan times.

Ok, let's debate...Suppose one has scanned and fix the problems and THEN disable the restore...But what if the virus keeps active even in system restore and copy himself to directory during the scanning progress that the AV has passed scanning that directory...So, after disabling will ease the solution...Definitely not, because, the virus/trojan has copied himself alreadily...When you search for any reputable AV solution, you can see their warning to disable the system restore first...

An old scanner and reputable one: Norman

http://www.norman.com/Virus/Articles/Articles_previous_years/25782/en

best regards...
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863405
Files located in system restore do not execute, nor have the ability to move themselves out of the  operating system protected system restore folder. AV software will successfully scan all areas of the OS that may contain active (or potentially active) code. As long as the user (or some automated routine that would be caught by AV software) does not actually perform a system restore there is absolutely no way for any virus to 'hide' in system restore and subsequently escape.

I don't doubt that 'reputable' viris removal instructions suggest turning it off first (again it decreases scan times). However, I know of several reputable viri removal instructions that make the same statement I did..it's safe to leave it on during cleaning in case you need it.

I work for a break-fix computer repair and consulting firm and have seen many hundred infected systems, trust me on this one - there is absolutely no danger in leaving system restore on during viri removal. However, if any virus is detected it is absolutely vital to toggle system restore off and reboot the computer before re-enabling it. This will prevent some unexpecting user from doing a system restore and restoring a virus (once again the only way it will ever get out of system restore).
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question