Add/Remove

[chris]

I downloaded a program I thought was to view PPS files but selected the wrong one and only to find out when I went to remove it and clicked on remove my AVG quaranteed it. It would not let me remove the program. I deleted the icon on my desktop and out of my Programs but not sure if when AVG quaranteed it that took care of it or is it still lurking in my PC somewhere. Anyone know....

Apparently this was a trojan. I ran Malwarebytes and nothing was found.

[Ralph]

I am assuming that AVG probably caught it during the exec function and squashed it.
You should be able to go into the quarantined files there and see it then delete it.
Malwarebytes is a damn good program and if it didn’t find anything you should be fine.

If you have want to be really thorough you can download tdsskiller from Kapersky Labs.
Once you scan with this is should remove any rootkits, bootkits, etc. left behind from your system that your malware programs and AVG can’t see. It’s an excellent “clean up” tool.

support.kaspersky.com/faq/?qid=208283363

[clarencebunsen]

Chris,
Does this help?
I quit using AVG (don't remember why) & I've forgotten the details on how its quarantine works.

[firstamendment]

I have been using Avast and you can set up a boot time scan to run before everything boots up. This is a good way to catch things that run in the background once windows starts up. It does not catch everything because some of the newer crap floating around have gotten smarter than that. Try to find out what exactly it is called because sometimes there is a specific way to uninstall it. I know there are some nasties out there appearing to be virus scans that redflag anything you try to open claiming it is infected.

[chris]

Thanks for all your help. I have had AVG /Norton's zap virus's in the past but have never downloaded a program that turned out to be a trogan and took me by surprise when I was not able to remove it from the ADD/Remove. I did not run the program because as soon as I downloaded it, it wanted me to scan my computer so I knew right then it was not what I wanted. I was looking for the viewer program that lets me view PPS files. I got this trogan off Microsoft help page so didn't think to worry. Nothing is sacred and I learned a lesson....as the famous line goes from one of my favorite programs..........."trust no one"

The program was in the virus vault so I deleted it. Stay away from PC Ultra Speed

[firstamendment]

Another option also is to boot the computer into safe mode. This loads windows with only the minimum of items needed to run the computer. From there running a virus scan may find things you may not normally.

[clarencebunsen]

[Ralph]

Be careful of Safe Mode, it doesn’t always solve everything.

There is a Trojan/Virus capture program called “Think Point”. It pops up like so many pieces of crap out there and looks so much like a Microsoft pop up that a lot of people trust it…..and it gets around a LOT of virus programs
Once you click on it you’re almost sunk, if infects the bootlog and registry immediately, and booting into Safe Mode is either impossible or makes no difference.

It takes a lot of diligence to remove it, and more hunting around to clean up after the damn thing to get all the little “relics” out.

I worked on a customer’s netbook that had it and it almost became an unintelligent silver Frisbee before I was through.

[firstamendment]

Ralph, that sounds a lot like what my wife's lappy just had. My brother had to wipe the hdd and reinstall windows after my attempts to save it destroyed the registry. Fortunately he was able to put the hdd into another machine as a slave and get her documents and stuff off of it before wiping it out.

[Ralph]

Could be, it’s a pretty nasty virus. Can’t quite figure out why people put so much time and effort into shit like that just to make others lives miserable.

Lucky he was able to slave it and get the stuff off, that’s getting harder to do with some of the newer PC’s.

[chris]

CB...you crack me up. Usually they say a picture says a 1000 words but you use ¯¯
;D