This is a discussion on Re: OT: Malware, virus or whatever (IE) - Hewlett Packard ; Penney, John wrote: > > So, I have a malware in my Startup. Now that we know that does anybody have any suggestions on how to figure a way to remove same? [Insert caveat emptor, EULA, and other disclaimers... :-) ...
Penney, John wrote:
> So, I have a malware in my Startup. Now that we know that does anybody have any suggestions on how to figure a way to remove same?
[Insert caveat emptor, EULA, and other disclaimers... :-) ]
There are a few live, online scanners that are trustworthy. If you can
get safe mode with networking up, and IE is intact, try
http://safety.live.com. It's not the best in the business, but it is
If you're lucky, it will find/remove the issue(s). If not, you're in
for some surgery.
There is likely "some entry" in the startup registry items that is
launching the thing. Removing/disabling the malware startup entry may
be adequate (malware stays on the disk, but never gets executed).
Finding the *proper* entry/entries is the challenging part.
One of the more straightforward GUI-ish approaches is to use Spybot
Search & Destroy. Get yourself a copy if you don't already have it.
Start it up, under "Mode" select "Advanced". Now open up the "Tools"
option at the left. Choose "System Startup".
This will list all of the common startup items, and differentiate
between known good things and the ones it has never heard of. You can
open up split-pane display, click on any entry, and it will tell you
what it knows about the entry on the right.
Now, any items you "uncheck" will be disabled at startup. Similarly,
any you've removed and want to add back, you just check again. It is
reversible (unlike HiJackThis).
I'd suggest disabling things you [and Google :-) ] don't recognize and
try rebooting normally to see what happens.
This isn't a universal fix either (the really bad stuff just re-enables
itself) but easily meets the 80/20 rule :-)
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *