Laptop Virus Removal Help:

  23790954 12:19 24 Jan 2010

Hello to all you good forum members again.
My neighbour, who has serious health problems, has asked me to try and repair his laptop computer, as I build, service and repair desktop computers as a hobby. The laptop will NOT let you carry out any tasks on it. Within about 20 seconds of booting up, and showing the homepage, the blue screen showing the warning message and that it is dumping the physical memory shows, and the system switches off.
For some unknown reason to my neighbour, the Symantec anti-virus has been turned off, and you cannot do anything with the software.
When attempting to rectify the situation, this morning, I found that the system actually has a Trojan virus on the system, and when this was detected, a message came onscreen stating that the Trojan must be removed before the system will function correctly again.
I did try to scan the complete system, via the Symantec software, but this also proved negative as the scan failed to operate at all.
All help in this matter would be very much appreciated.
Many thanks to all who offer help.

  bobbybluenose 12:33 24 Jan 2010

try this click here

  Jollyjohn 13:05 24 Jan 2010

Do a repair of the Windows OS - this will preserve personal data - then copy all personal data to cd/dvd.
Then re format the hdd and reinstall Windows etc.
If you can partition the Hdd at this stage do so and create a separate partition for the personal data.
Once up and running copy the data back from cd/dvd, scanning it with something like Malewarebytes as you go.
A lot of work but the trojans can be buried deep in the system. Norton being switched off is one of the things the trojan does as part of its infection.
Norton are very helpful at reinstalling the program, they connected remotely to the last computer I treated and re installed, updated and configured thier software very efficiently.

  birdface 13:09 24 Jan 2010

See if it will start in safe mode.If so try running your Security programs on there.

  birdface 13:17 24 Jan 2010

Malwarebytes free is one of the best programs for removing problems. But this is a newish scanner from Superantispyware worth a read before you use it.
It tells you that any Malware on the computer cannot detect it and stop it from running.

click here

  Les28 13:18 24 Jan 2010

Can you get into safe mode with networking and download the free MBAM and do a scan?

click here

or try a boot time scan with something like this

click here

  23790954 14:08 24 Jan 2010

Many thanks for all your help. I have started going through the system using bobbybluenoses suggestion, and will try others if not successful.
Using Bobbybluenoses way, I typed regedit, and went into the files on HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run: and of all the files showing, there are ONLY 2 files of which I am not aware of.
If anyone could enlighten me of the contents and needs for these files it would be appreciated.
Also how to disable the said file in the system.
The TWO files are:
PERSISTENCE REG_Z c:\windows\system32\igfpers.exe. (Which I suspect may be the file).

BROADCOM WIRE REG_Z c:\windows\sytem32\wltray.exe

If anyone can give me information on these files I would very much appreciate it, as obviously I DO NOT want to delete any file which will make the laptop malfunction.
Also how to get rid of said file, if Trojan.
Do you have a laptop, and are these files on your laptop, as I only use desktops.
Many thanks for all help given.

  Strawballs 14:39 24 Jan 2010

Broadcom is the inbuilt wireless card software as for the other I am not familiar but it does sound suspect

  Les28 14:40 24 Jan 2010

They both seem OK and installed in the correct location system32,

click here

click here

How can you open regedit if the laptop keeps closing down within 20 seconds and how did you try the Symantec scan?

  Strawballs 14:41 24 Jan 2010

As suggested before malware bytes click here

  23790954 17:14 24 Jan 2010

Many, many thanks to all you good forum members.
Downloaded the malware programme to my own desktop, burned to cd, then installed it in my neighbours laptop. Had to install it in safety mode, then set it to run on completion of installation. Programme started scan automatically, and it resulted in 15 infected files being traced. Deleted ALL infected files and laptop now running fully functional.
Many thanks again to all who offered their help.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Samsung Galaxy S9 review

Wacom Cintiq Pro 24 and 32 review – hands-on

When is the next Apple event?

Gmail : comment annuler l’envoi d’un e-mail ?