Can’t delete virus
August 25th, 2016
http://www.eightforums.com/general-support/34958-windows-update-always-running-msunet-exe-please-halp.html
Here’s what it shows:
http://postimg.org/image/3ke5nzlqt/548b3046/
Try running malwarebytes which you did and spybot in SAFE MODE.
You can delete a lots of things running safe mode while not much during normal boot.
Try running malwarebytes which you did and spybot in SAFE MODE.
You can delete a lots of things running safe mode while not much during normal boot.
This.
But safe mode WITHOUT networking. Some kind of viri can still be active with internet connection in safe mode. Post results if virus check if you can.
Or use Hiren’s boot cd and boot to winxp live and do the work from there.
You can delete all the files but there’s some hidden thing being called to replace them.
If you can, manually delete that registry “run” entry, then boot to safe mode and delete the file.
If you ask me, It’s time for an OS reinstall!
I always give this advice to people who come here saying their PC was infected (And for good reasons too!)
Keep in mind that some spywares are extremely persistent and difficult to remove, And also, No Anti-Virus provides 100% protection, You may even have further infections you’re not aware of! (Some spywares download additional ones after they’re executed, They can also be manually uploaded by the hacker responsible for em at a later stage) To sum it up, Even if you manage to remove this one, In the back of your mind, You’ll always be wondering if your PC is truly clean! So better take my advice. First thing you should do is use a Linux Live CD (I.E Parted Magic) to change all of your passwords/secret questions (And better avoid using the same password for multiple accounts! By using a LiveCD, You are protecting em from being keylogged. After you’re done with that, Continue with backing up your data to a secondary (Non-OS) partition or an external hard drive, You can either do this manually with copy/paste, Or take a disk image backup with an app like acronis true image and go over it at a later time (You could mount it as a drive letter) Once you’re done with this part, Make sure you have all of the drivers for your computer handy (Download em from the manufacturer site and keep em in a safe place, Like a flash drive or burn em to a disc) Then just continue with the OS reinstall by booting from it’s disc and taking it from there. Make sure you format the first partition during setup (This would usually be C, But should be denoted as “Disk 0 Partition 0” if installing Vista+, Just refer to the partition’s capacity, That would give you a clue) Anyways, Good luck!
a 15 second search in google found a heck of a lot of information that would have helped you.
The 2nd result gave a lot of info & a fix.
http://www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader9.56455.html
I’m surprised that MB that found it, will not get rid of it. try running it in safe mode, if you can. Run a decent AV scan.
Try getting a program called unlocker, boot into safe mode & run unlocker ( as you know where it is hiding) & get at it that way.
If all as fails, as advices you, do a OS reinstall.
I also suggest to people to do a “FULL” format & OS install, do all drivers & windows updates, install all your “TRUSTED” programs, configure & optimize everything & make a backup image of it & save it away.
In the future if you run into problems, simply spend 5 minutes replacing the image, instead of 5 hrs formatting & reinstalling everything from scratch
Firstly, thanks for all the help .
I’m afraid the problem still persists. I think I know what the main problem is, it’s an .exe file on the System32 folder (I definately got the virus when I turned off Windows Defender to activate MS Office… sigh). I found it through the task manager while in safe mode. Dr. Web also detected it but it the endresult is the same as when I try to delete it manually: the pc restarts itself with a “CRITICAL_PROCESS_DIED” message. Any suggestions? Any way to delete that file without the pc restarting itself?
I also got this on startup:
http://postimg.org/image/71grf9z8x/
I’d really love not to do a OS reinstall, I think that’s beyond my humble tech skills (I use windows 8.1 if that’s useful)
Try spyhunter 4 best virus removal app i have used way better than malwarebytes heres a link http://www.google.com?t=18940708&highlight=
If this doesn’t work then do as suggests.
? can u change the file name , from .exe to , say WASexe … can u move it to another directory ??
If those above dont work then you can try Hiren’s boot or MRI (You can only get the 5.1.2 since its the last public version)
Or you can backup what ever you needed and do a format.
If you boot to Hiren’s boot dvd, start up XP live, use it’s windows explorer to go to that folder and delete the exe file.
Then reboot and you should be able to delete the reg startup entry as well.
Providing there isn’t another ‘hidden’ run thing that recreates it.
I think it’s solved. For now at least.
Spyhunter couldn’t delete it too, but I managed to delete the exe manually by putting it in another folder and changing its name (and then deleting it) like it was suggested. Then I ran all of the programs I installed, deleted the reg files and that was it. the The pc got really slow but now seems fine after uninstalling all the extra anti-virus/malware software. Task manager doesn’t detect anything now and spybot didnt detect anything after rebooting.
Some video files (movies and tv shows) that I had recently used can’t be read now though. It’s weird, but probably unrelated.
I think I’ll eventually have the OS reinstalled, but, right now, in the middle of the semester, is rather inconvenient.
Thanks for all the help.