The Steel Guitar Forum

This is a Trojan that I cannot get rid of... I was on ebay a few months back, the screen blinked,and all of a sudden I was on a porn site..
Now I cannot get rid of this.. we have a program number of some kind for it, have deleted it several times and it just keeps coming back within minutes. This virus will not let me reset the programs to an earlier date,the porn icon comes on every time you restart the computer,which has to be done CONSTANTLY,because it keeps shutting the system down. I get constant error messages, Norton can't delete it... and Dell told me re booting the system to its original programs would not take care of it.. they want big dollars to have one of thier phone techs help out.

Norton shows NO viruses in the system after we deleted it, BUT the system is still under constant attack, shutting down etc, and every time the computer is shut down,before you can get back into Windows,you have to click on a button to get the system running,that click takes you to the site, and you have to delete it before you can resume,the nasty site home page pops back up the icon is on the screen and the program shows in the "all programs
list... ANY ideas?? Help!! bob

You can download removal tools for a bunch of viruses and trojans here - http://securityresponse.symantec.com/avcenter/tools.list.html - but I couldn't see any for "KillAV". Is that the correct name of the virus?

Steinar

------------------
www.gregertsen.com

Steinar.. according to Norton thats what it is called.. somehow it attacks anti virus programs and attempts to delete them hence the name KillAV.... I'm about to throw this thing out the window,, this virus is BAD!! bob

If you can't get rid of it any other way, you may have to save whatever files you don't want to lose, burn them to CD if you have a burner, then run DEBUG and reinstall everything. It's a hassle but usually gets rid of viruses, and everything else. Otherwise, all you can do is keep trying everything else... Have you tried to "rollback" or restore a previous backup of the registry? With viruses, that may or may not help, or be possible.

According to Norton, there's killav B and killav C, make sure you have the right one or try them both. It could be that you got rid of the virus, but are still being taken to the porn site because Norton didn't remove the other files directing it there. Do you know how to edit the registry in Regedit? If you still have the virus running you can't, but if you can go to Start, Run, type in Regedit and search on killav, you might find other files or entries in the registry. If you don't know how to use Regedit you shouldn't do anything in it without help.

What O.S. are you running?

Here are the Norton pages on two killav viruses:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.b.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.c.html <font size="1" color="#8e236b"><p align="center">[This message was edited by Jim Phelps on 26 March 2005 at 11:59 AM.]</p></FONT>

Aside from trying anti-virus and spyware, have you tried dealing with it in safe mode?

Remove your access to the web either through your firewall software or by physically unplugging the connection, and see if you can get anywhere trying to find and eliminate it.

Can you get task manager to run long enough to see if there's anything you don't recognize running?

Same question related to startup programs in the registry. Look in HKLM/software/microsoft/windows/current version/run and look over the list for anything that shouldn't be there.

Standard disclaimer: Editing the registry is serious business. You can break your computer if you don't understand what you're doing in there (but sometimes it's the only way to get things done).

Bob, before you try to remove that trojan, be sure you turn system restore OFF else you'll just put it back on the drive. Give this site a try for a scan of your computer and be sure and clik the self clean button: http://housecall.trendmicro.com/


phred.

------------------
"From Truth, Justice is Born"--Quanah Parker-1904

<font size="1" color="#8e236b"><p align="center">[This message was edited by Fred Shannon on 26 March 2005 at 12:13 PM.]</p></FONT>

Bob, I had one similar to that on my computer and I finally got rid of it by actually clicking on the icon that gets installed on the desktop.
Then, they actually gave instructions how to uninstall the damn thing.
But it did everything yours did (kept coming back on program files, icon, etc.) until I actually clicked on the desktop icon and went to the site, then was able to unintsall it.

As I've said many times.... Get yourself a copy of DriveImage, reinstall Windows, and make a backup copy after you activate Windows. Then whenever you have a problem, it takes about 10 minutes to reinstall your entire system to like new.

It acts just like a fresh reinstall of Windows, but you can do it in 10 minutes rather that 2 hours or several days, depending on what programs you've installed.

I've made several backups at different points. One backup for every program (or 2 or 3 programs) that I've installed. Whenever my computer gets a bug, or just starts running slower than I want, a 10 minute refresh erases everything and starts me over.

Painless.

------------------
Gary Shepherd

Sierra Session D-10

Carter D-10

www.16tracks.com

Gary....... thats a great idea! Do you have to do something to eliminate the virus or will it be written over when you load in the backup?

Norton is by far the worst virusscanner I have had on my computer.I use AVG now and since I installed AVG I haven't had any Trojans anymore.I use the free version.
You can get this at http://www.grisoft.com

Ron