SleepyXtreme Posted July 30, 2007 Share Posted July 30, 2007 (edited) So i got this really bad spam virus and i don't know how to get rid of it. basically what it does is it has a pop up window that doesn't have a tasbar slot. it's just a floating window with ads in it. I tried every single program to get rid of it and they don't work. Now i'm trying to use autoit to maybe find out where it's coming from. All the info i got is that its class is TN_BROWSER anyone know what this means? EDIT: OMFG, I USED GETPROCESS AND WHATNOT TO SEE WHERE IT'S COMING FROM AND IT SAYS EXPLORER.EXE! I'M SO SCREWED anyone know how i further investigate? Edited July 30, 2007 by SleepyXtreme Link to comment Share on other sites More sharing options...
GMK Posted July 30, 2007 Share Posted July 30, 2007 (edited) Have you tried Spybot Search & Destroy or AdAware? Edited July 30, 2007 by GMK Link to comment Share on other sites More sharing options...
Infinitex0 Posted July 30, 2007 Share Posted July 30, 2007 Well, just because it says explorer.exe doesn't necessarily mean it is the explorer.exe I've seen viruses that have the process name explorer.exe I suppose you could try any of the above software links. The below statement is False.The above statement is True.a lesson I learned from Greenmachine; give a man a code and he'll solve one problem. Teach a man to code and he'll solve all his problems.P.S please don't use autoIt as a virus creator/spyware maker(keyLogger especially)Cick this and help me[center]My Scripts:[/center][center]Port Scanner[/center] Link to comment Share on other sites More sharing options...
Lynix Posted July 30, 2007 Share Posted July 30, 2007 (edited) anyone know how i further investigate?Format C: Don't worry that it show's something with Explorer.exe. Normally you can repair everything with your Windows-Installation-CD. Do you have an updated Scanner? Edited July 30, 2007 by Lynix Link to comment Share on other sites More sharing options...
DW1 Posted July 30, 2007 Share Posted July 30, 2007 use a program called, Hijackthis to create a log of your pc. Submit this log to any of the many free hijackthis forums out there for further assistance AutoIt3 Online Help Link to comment Share on other sites More sharing options...
Info Posted July 30, 2007 Share Posted July 30, 2007 Kaspersky Anti-Virus ---> The best one. Link to comment Share on other sites More sharing options...
SleepyXtreme Posted July 31, 2007 Author Share Posted July 31, 2007 I've used all of those, it's not detecting it. Best program there is is hitman pro. it an autoit lover's dream for virus scanning. it goes through 3 or 4 scanners. it downloads, installs, and scans and fixes. Link to comment Share on other sites More sharing options...
lordofthestrings Posted July 31, 2007 Share Posted July 31, 2007 hitmanpro is one of the better AutoIt demonstrations.. (written completely in AutoIt.) Link to comment Share on other sites More sharing options...
qazwsx Posted July 31, 2007 Share Posted July 31, 2007 If those don't work you could get process viewer. And then see if explorer.exe is running twice. And then get the source of the fake explorer.exe and fix it manually. Link to comment Share on other sites More sharing options...
smashly Posted July 31, 2007 Share Posted July 31, 2007 SytemInternals ProcessExplorer.. At least with it you can actually close handles from threads that are running.. This way you can hopefully terminate the entry point and rectify the problem while the system is running. What OS are you running? If it's NT based is your user account a primary built in admin account? (not good if so) Booted into safe mode to run your scans? Have you compared your explorer.exe against a verified explorer.exe for path, version, crc, signature.. etc? If your using XP have you got SFC on or off , Using System restore (hope not)? ..... Link to comment Share on other sites More sharing options...
ashley Posted July 31, 2007 Share Posted July 31, 2007 follow the path it give u and delete it Free icons for your programs Link to comment Share on other sites More sharing options...
Bert Posted July 31, 2007 Share Posted July 31, 2007 PM me with all the info you have, and I will help you clean it. I do stuff like this all the time for folks. I will need the log when you run hijackthis. include it as a attachment. Also, what OS are you running? You may be able to run a System restore unless the infection has trashed the restore folder. The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 @Volly, I already tried to get him to submit a hijackthis log, and he didn't do it. I use the same method for virus removal for other people. AutoIt3 Online Help Link to comment Share on other sites More sharing options...
Bert Posted July 31, 2007 Share Posted July 31, 2007 Well, I can lead him to the water, but if he doesn't want to drink, that is his choice. He did start this thread after all The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
SleepyXtreme Posted August 1, 2007 Author Share Posted August 1, 2007 Sorry, i work at night so i only get to look at the forums when i get home. I'll pm you the results volly . also, i'm on xp pro Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now