Virus Need help. urgently!

[LordCutlerBeckett]

Personally, I'd use Spybot Search and Destroy. It works amazingly.

This.

[Ad Bot]

[uno_da_cat]

Try running a scan with super anti spyware.

Here http://www.superantispyware.com/

Cant risk you going to a dupe site and downloading a virus.

Also found something that might help with trying to install avg in safemode.

http://www.avg.com/us-en/faq.num-3618

I have avg internet security 2012 and I have not gotten infected yet.
It even protects against spyware unlike norton sometimes lets it slip in.
FYI Turn on resident shield if you get it it will scan a file that enters and exits the computer, it also monitors suspicious activity.

I actually have Superantispyware lol, The purchased edition too. It saved me a couple times so I bought it.
I'm currently using AVG in safemode.

This.

Spybot doesn't work for much other than spyware.

[asablief]

If it starts up immediately after deletion it probably has a buddy that keeps putting it back.

[uno_da_cat]

If it starts up immediately after deletion it probably has a buddy that keeps putting it back.

It does. I'm having trouble finding said buddy, but I'm going all out virus warfare now. Using every tool in my arsenal.

[Böltster]

have you checked the startup tab in msconfig to see what's launching on boot?

[ShadowZero]

Check in TEMP and in C:\Windows usually they don't belong in there,its also strange that their in there if any.

Edit:Scan your svchost.tmp files and check system32 as well.

[asablief]

goto Run
type in Regedit

then go to HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
and           HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run

and look for suspicious files there

[Ethan]

I'm going to agree with Shadow to check for any .exe's in the temp folders.

Seems an incredibly easy place to hide, but there are many virii that hide there.

Also, run a hijackthis scan.

[uno_da_cat]

have you checked the startup tab in msconfig to see what's launching on boot?

Nothing out of the ordinary. Seem like my normal programs, I didn't see anything that would be suspicious.

Except for Ask.
Is Ask a virus? I mean seriously.. I've had Ask attack my Mozilla and try to be my default search before. They've really changed over the years.

goto Run
type in Regedit

then go to HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
and           HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run

and look for suspicious files there

I don't have a run for some reason, but I know how to get to Regedit. I'll go check.

Ahh, so much help :o.
I'll do that next Ethan.

[Littledude]

When I get viruses that become a bitch to deal with I just bid my files a sweet fair-well and reinstall windows.

[ShadowZero]

When I get viruses that become a bitch to deal with I just bid my files a sweet fair-well and reinstall windows.

I hate reinstalling windows as I have a Windows Xp Dev Edition and its really hard re-modding the boot screen and start menu let alone installing custom files into the main folders they belong in.

Its Hard to restore these things yet I managed to make a computer look exactly like my old one :D

[Ethan]

Run is a start menu option. You can enable it in the start menu control panel thingy.
Or you can use the search bar or Windows Key + R.

[uno_da_cat]

Alright, I've went over Reg edit, nothing suspicious in those specific folders. Went through temp, found some .exes with random names. gonna clear em just to be safe. Gonna go through some more stuff.

Run is a start menu option. You can enable it in the start menu control panel thingy.
Or you can use the search bar or Windows Key + R.

I had forgotten how to enable it, and didn't know about that hotkey, thanks.

[uno_da_cat]

Alright.
I've done TDSS killer scans, and they keep finding the same thing, so its coming back after it is removed.
I also know where the Svchost is being replaced at.

[fred da kiko]

burn your computer, it is the only way.