PDA

View Full Version : pop ups or virus



bulldogdaddy
07-21-2007, 01:26 PM
getting a toolbar that i can't remove,plus it resets my homepage everytime i go to explorer
norton wants 100 bucks to fix it and i already have they're program in the puter.
any recomendations

pyro
07-21-2007, 02:14 PM
This isn't very hard. You can hit CTRL-ALT-DEL and go to Task Manager, you may be able to identify the program and shut it down, but you'll still need to edit the registry to remove the command line that executes the program each time you start up. Here's how I've done it in the past:

Go to "Start" > Run: REGEDIT

Navigate to: HKey_current_user; software; microsoft; windows; current version; run.

Look for any suspicious run lines here. It will usually be an entry in ALL CAPS pointing to a dirty FILENAME.EXE in the c:/Windows or C:/Windows/system directory. This is usually the command line that runs the virus each time the machine starts up. Right-click and delete the "value." There may be more than one dirty command line. Now go back to the main registry subfolders where you started Regedit and click "Hkey_local_machine", navigate to the same "run" subfolder in the same fashion. Sometimes the virus uses both RUN folders. Check the "Run-" and "runonce" folders next door too. Write down any values you remove so you can find the files on the hard drive to delete them later.

Some viruses will prevent you from terminating its processes, and some may immediately try to replace the value after you delete it!

Some viruses will also use the old windows startup files to execute. Here's how to weed them out from here:

Start > Run: SYSEDIT

This will display the INI files. Scroll through, if there is a suspicious "RUN = ******.exe" or unfamiliar "SHELL = *******.exe" or similar entry in any of the suspected virus or malware files here (usually at the bottom of the list), delete it, and choose to save the changes to the file.

REBOOT and hit ctrl-alt-del, task manager, check it again and make sure the virus is no longer being run. NOW you can track down and delete the virus and any of its related files. If you delete the virus without removing the commands from the registry and/or INI files, your system will crash when it boots, so don't skip any steps!

bulldogdaddy
07-22-2007, 12:26 PM
thanks pyro,now kinda nervous about it crashin though

Hottrucks
07-22-2007, 05:57 PM
try this it works great as you would expect it's from Greg!!

http://forums.screamandfly.com/forums/showthread.php?t=94307
theres a fix or better software for most and best of all it's FREE...as a matter of fact bring it BTTT so others ca grab it again!!
Good luck