0

i get this little bugger poping up every start up, my microsoft security essentials stops initial attempt and there no threat till next start up. I was wondering, if there any tools to check and remove items that actually initiate execution.

I assume this is may be a registry entry that can be removed, how would i effectively search for it.

Really do not want to reinstall everything.

Any help very much appreciated. Thank you so much.

  • The *de facto* method for dealing with infected clients, from my sysadmin perspective, is to wipe and restore from backup. This question may be better suited for SU. – jscott Nov 08 '10 at 16:02
  • thank you jscott, but that's my last resort, just do not want to waste a lot of time reinstalling all the soft, if i could figure out where execution is initiated form. –  Nov 08 '10 at 16:33
  • plus this is something that stoped right away. and if i can just pin point the sucker that starts the injection. –  Nov 08 '10 at 16:39

2 Answers2

0

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool%3AWin32%2FVBInject.gen!DG

user48838
  • 7,431
  • 2
  • 18
  • 14
  • thank you user48838, but thats the first thing i looked at, and nothing useful there : / code still executed once on start up, it is detected and removed. what exactly executes it on start up i do not know, i just assume that it is some registry value that points to sleeper that is executed. –  Nov 08 '10 at 16:32
  • 1
    In case it has its hooks into the OS pretty tight, you may also consider downloading a bootable Linux "distro" that is "wired" for anti-virus scanning and disinfection (usually through some form of Clam-AV). – user48838 Nov 08 '10 at 17:04
  • 1
    +1 I agree with user48838, if Malwarebytes and ms security essentials can't find anything a bootable linux distro will be your best bet. – Supercereal Nov 08 '10 at 18:51
  • yeah, this suck sits deep. I can find registry keys with Malwarebytes, it will remove them but. Some other sucker write them in.... this thing sit deep, i will try "distro" other wise its weekend of reinstalling everything. –  Nov 12 '10 at 14:03
0

Have you tried Malwarebytes? That's my goto program when I don't have the time to research what registry keys could have been put in by malicious software. Just reboot into safe mode and run a full scan, probably will take a while but should find your problem.

Supercereal
  • 793
  • 1
  • 9
  • 17
  • thank you Kyle, i will see into it tonight. May be it will work : ) –  Nov 08 '10 at 16:37
  • just what i needed, thank you so much. I used to use adawear back in a day. –  Nov 08 '10 at 18:48