cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Virus loop problem - Help Please?

God
Grafter
Posts: 1,112
Registered: ‎30-07-2007

Virus loop problem - Help Please?

‎19-02-2009 10:48 PM

Hi folks
I am having a bit of a ‘mare’ with a pal’s computer. He has managed to get infected with Antivirus 2009 /360 and I am having a hell of a job getting rid of it.
I have the latest versions (with up to date signatures) of Malwarebytes and Kaspersky on his machine and both are spotting the problems killing various files and then finding one that requires a reboot to kill.
After the reboot the same file is recognised again and there is a request for a reboot to kill it and so it goes on. The virus seems t be in a file called userinit.exe Having looked on the net it seems that deleting it isn’t a good idea as then folks can’t logon at all and get in to a loop that probably requires a reinstall.
All the articles I have seen suggest that malwarebytes can take this nasty out but it isn’t happening here. Have any of you dealt with this issue and are able to offer advice?
Cheers
Peter
Message 1 of 4
(1,253 Views)
Reply
0 Thanks
3 REPLIES 3
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: Virus loop problem - Help Please?

‎20-02-2009 12:00 AM

It should be easy to get rid of I have done it a few times for people for detailed instruction try
http://www.2-spyware.com/remove-antivirus-2009.html or
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-360
The key to success is to kill the process first as if its still running it will lock attempts to delete files
Follow the instruction on the first link when you have finished check again that its not running dont reboot run Malwarebytes  and see if it detects anything if it does make a note of the reg keys and files.
Kill the memory process again.
Check the files arnt read only and that the reg key isnt set to no access for everyone
Message 2 of 4
(512 Views)
Reply
0 Thanks
pnf
Grafter
Posts: 269
Registered: ‎07-11-2007

Re: Virus loop problem - Help Please?

‎20-02-2009 12:04 AM

If System Restore is switched on, does switching it off help with the clean up process?  It might be worth running msconfig to see if there are any startup processes or services that look suspicious and stop them.  Is it possible to do the clean up in safe mode?  Do you have the ability to boot the PC from CD and to scan the partitions 'off-line'?  In the past I have used Bart PE (XPE) with Avira Antivirus installed on a CD to do this.  Whether something like that might help I'm not sure as I've never actually dealt with that specific virus, but it might be worth a try if all else fails.

Message 3 of 4
(512 Views)
Reply
0 Thanks
God
Grafter
Posts: 1,112
Registered: ‎30-07-2007

Re: Virus loop problem - Help Please?

‎20-02-2009 12:10 AM

Quote from: Samuria
It should be easy to get rid of I have done it a few times for people for detailed instruction try
http://www.2-spyware.com/remove-antivirus-2009.html or
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-360
The key to success is to kill the process first as if its still running it will lock attempts to delete files
Follow the instruction on the first link when you have finished check again that its not running dont reboot run Malwarebytes  and see if it detects anything if it does make a note of the reg keys and files.
Kill the memory process again.
Check the files arnt read only and that the reg key isnt set to no access for everyone

Cheers Sam I will give this a go. I won't be able to get to it again until Saturday but I will let you know what happens. It does surprise me that both those AV products can be so easily defeated mind you!
Message 4 of 4
(512 Views)
Reply
0 Thanks