Solved

how to remove auto.exe virus

Posted on 2008-11-02
8
2,132 Views
Last Modified: 2013-11-22
I got a file auto.exe which includes a virus and each time trying to delete it not able, so please how to delete and remove that virus, I tried Mcfee 2009 but couldn't remove it. any suggestions?
0
Comment
Question by:ashrafsalah
  • 4
  • 3
8 Comments
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22862736
let's try for it malware bytes after disabling system restore...

then malware bytes...then a hijackthis log...

if not successful, try for the process at safe mode...
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22862810
If you know the name/location of the file you need to delete Pocket killbox does wonders. (download it here: http://oca.microsoft.com/en/windiag.asp) Try the different options involving delete on reboot and replace with dummy file.

In addition (or alternatively) download malwarebytes (http://www.malwarebytes.org/mbam.php - ignore the buy button it is free for our purposes), and run it. I would not recommend disabling system restore until after you have confirmed the virus is removed. Doing so will delete all system restore information and prevent you from using system restore to help remove the virus (or recover the system if removal causes problems or otherwise damages system files).

It is impossible for viruses to get out of system restore unless you perform a system restore. After the system is clean and stable, disable system restore, reboot, re-enable it, and manually create a system restore point. This will delete any traces of the virus in system restore and allow for future use of the system restore feature.
0
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22862825
>>After the system is clean and stable, disable system restore, reboot, re-enable it, and manually >>create a system restore point.

On contrary, before everything applied disable the system restore...

Best regards...
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Accepted Solution

by:
jazzIIIlove earned 50 total points
ID: 22862832
and send us a hijackthis log before the scan by malwarebytes and after the scan...Then have a scan with kaspersky...

hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Kaspersky:
http://www.kaspersky.com/virusscanner

Best regards...
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863148
We could debate on when to disable system restore for a while :p I have no use for system restore so disable it when starting to clean a system because it needs to be at some point anyway and it will speed scan times. However, I also know how to recover the operating system from nearly any corruption viri and their removal can cause. Not all end users have that experience to fall back on.

Either way, skip the McAffee scan, and use the online virus scanner mentioned above. I would also suggest a second online scan, such as Eset's (NOD32 antivirus) - www.eset.com/onlinescan.

If you have problems with these online scans let us know and I'll find the links to the standalone version of NOD32 and others.

0
 
LVL 12

Expert Comment

by:jazzIIIlove
ID: 22863279
Hi there;

>>We could debate on when to disable system restore for a while :p I have no use for system restore >>so disable it when starting to clean a system because it needs to be at some point anyway and it will >>speed scan times.

Ok, let's debate...Suppose one has scanned and fix the problems and THEN disable the restore...But what if the virus keeps active even in system restore and copy himself to directory during the scanning progress that the AV has passed scanning that directory...So, after disabling will ease the solution...Definitely not, because, the virus/trojan has copied himself alreadily...When you search for any reputable AV solution, you can see their warning to disable the system restore first...

An old scanner and reputable one: Norman

http://www.norman.com/Virus/Articles/Articles_previous_years/25782/en

best regards...
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863405
Files located in system restore do not execute, nor have the ability to move themselves out of the  operating system protected system restore folder. AV software will successfully scan all areas of the OS that may contain active (or potentially active) code. As long as the user (or some automated routine that would be caught by AV software) does not actually perform a system restore there is absolutely no way for any virus to 'hide' in system restore and subsequently escape.

I don't doubt that 'reputable' viris removal instructions suggest turning it off first (again it decreases scan times). However, I know of several reputable viri removal instructions that make the same statement I did..it's safe to leave it on during cleaning in case you need it.

I work for a break-fix computer repair and consulting firm and have seen many hundred infected systems, trust me on this one - there is absolutely no danger in leaving system restore on during viri removal. However, if any virus is detected it is absolutely vital to toggle system restore off and reboot the computer before re-enabling it. This will prevent some unexpecting user from doing a system restore and restoring a virus (once again the only way it will ever get out of system restore).
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now