In programs like HijackThis they have a feature that allows you to select a certain file or folder to be deleted on reboot, meaning that when you turn your computer off to restart it the file will be deleted, the reason you can't delete the file at the current moment is because it brings up a message that says the file is currently in use, am I right. See at the time of restart no process is running, it's only the second you see the task bar come up that explorer.exe begins running, and then it starts needed tasks instantly, and it thinks said file is a required process.
Can you link me to a program that will do this? Also another problem is I can't shutdown or restart my computer. Like when i click start and click shutdown nothing happens. Probably due to the virus.
what exactly did you mean by "the first link doesn't work"?... that when you clicked on it, nothing happened? or that you tried running the tool, but the tool didn't remove the virus?
the first link was just to a page of instructions. basically, it tells you to download the actual removal tool FxNetsky.exe from the 2nd link.... store it in a place you can easily find/access it... shut down all running programs (including internet access)... run the FxNetsky.exe program, following any indicated directions.... reboot your computer.... and finally, run the FxNetsky.exe a second time....
(it also strongly suggests that you shut down system restore while running the FxNetsky program.... but i don't think it would hurt you to try running it with system restore on... because when you turn system restore off, you may lose ALL your previous restore points).
there are several possibilities that could be happening....
you may be the victim of a DNS (Domain Name System) "hijacking"
your HOSTS file may have been "hijacked"
the URL you're trying to access might have been placed in your "restricted" zone.
I realize this may sound overly technical... but it's not essential that you fully understand these.
Vandread had previously mentioned HiJackThis.... let's see if you can download and run it... and what it will tell someone about your problems:
Preliminary note: When attempting the following directions, if you can't access the internet or perform the indicated download of HiJackThis (HJT) on your "infected" machine, you should download it onto another "good" machine (one at work?), then transfer it via floppy (it's a tiny file) to the infected machine, run the UNZipped/.EXE file on the infected machine, and finally transfer the generated log via floppy over to the good machine, to post your log online.
Download the latest version of HJT(hijackthis) (version 1.99.1) from
you must create a separate folder and place it there.... people commonly use C:\HJT. Note: Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.
The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer. If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )
After Unzipping, double click on HiJackThis.EXE
Click on Do a System Scan and Save a LogFile
This will automatically open NotePad
Copy the entire file from NotePad: EDIT/SelectAll, EDIT/Copy
Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and PASTE the results there:
Be sure to include a detailed description of any problems/errors/warnings you are encountering.
Hopefully, one of the HJT experts will get to it as quickly as possible.
WARNING: HiJack This is a VERY POWERFUL tool. Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!! Improper use of this tool can severely damage your system.
Supplemental note: The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people. Nevertheless, it seems that many individuals try to be "creative", and make some variations. It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process.
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)
BAD:
using an older/outdated version of HiJackThis...
The experts only work with the current version. So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b)
BAD:
using a TEMP directory or your DESKTOP for HJT....
Some experts may insist you move HJT before they'll begin working with you. Others will start the repair process, advising you to move HJT as one of the very first steps.
Failure to do so can result in losing potentially critical information. So please, just use the suggested
C:\HJT directory, rather than try to be creative.
c)
BAD:
posting your log in the wrong forum...
if you post your log back here, in the Virus/SpyWare forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log... in the HiJackThis forum.
wiechfreak
6 Posts
0
October 8th, 2005 20:00
Vandread
98 Posts
0
October 8th, 2005 20:00
Vandread
98 Posts
0
October 9th, 2005 01:00
wiechfreak
6 Posts
0
October 9th, 2005 04:00
ky331
3 Apprentice
•
15.6K Posts
0
October 9th, 2005 12:00
try the Symantec Netsky removal tool:
instructions on how to use: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html
actual tool: http://securityresponse.symantec.com/avcenter/FxNetsky.exe
ky331
3 Apprentice
•
15.6K Posts
0
October 10th, 2005 15:00
what exactly did you mean by "the first link doesn't work"?... that when you clicked on it, nothing happened? or that you tried running the tool, but the tool didn't remove the virus?
the first link was just to a page of instructions. basically, it tells you to download the actual removal tool FxNetsky.exe from the 2nd link.... store it in a place you can easily find/access it... shut down all running programs (including internet access)... run the FxNetsky.exe program, following any indicated directions.... reboot your computer.... and finally, run the FxNetsky.exe a second time....
(it also strongly suggests that you shut down system restore while running the FxNetsky program.... but i don't think it would hurt you to try running it with system restore on... because when you turn system restore off, you may lose ALL your previous restore points).
wiechfreak
6 Posts
0
October 10th, 2005 15:00
wiechfreak
6 Posts
0
October 10th, 2005 17:00
wiechfreak
6 Posts
0
October 11th, 2005 01:00
ky331
3 Apprentice
•
15.6K Posts
0
October 11th, 2005 17:00
http://majorgeeks.com/download3155.html
you must create a separate folder and place it there.... people commonly use C:\HJT. Note: Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.
The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer. If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )
After Unzipping, double click on HiJackThis.EXE
Click on Do a System Scan and Save a LogFile
This will automatically open NotePad
Copy the entire file from NotePad: EDIT/SelectAll, EDIT/Copy
Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and PASTE the results there:
http://forums.us.dell.com/supportforums/board?board.id=si_hijack
Be sure to include a detailed description of any problems/errors/warnings you are encountering.
Hopefully, one of the HJT experts will get to it as quickly as possible.