Virus returns on restart, can't delete registry key, please can you help?

  castiel333 22:31 12 May 2011

I have just ran a scan using Malwarebytes on my sons laptop which found four items, two are viruses two are malware.

Malwarebytes will only remove three of them on first run (the fourth says something like cannot unload memory process) but will remove the last one when I scan again.

As soon as the laptop is restarted all four of them return.

I Clicked show location on all four entries to try and delete them myself but the one that shows up in regedit will not allow me to delete it.

I have tried system restore but get a message saying that it didn't complete your settings have not been changed.

The laptop is a Packard Bell easynote, windows 7 and is nine months old.

The detection name of one of the viruses was something like steal data which sounds quite bad and I really would like to be able to get rid of it.

Could someone please advise me on how to fix this?

  wee eddie 23:27 12 May 2011

Firstly, Malwarebytes is not normally an Anti Virus, just Anti Malware and as such is not equipped to deal with a Virus.

Then download this onto your own PC McAfee Stinger put it on to one of those little USB Drives and plug that into the Laptop. I have never had to use it.

Was he running an Anti Virus? If he was it will need updating or replacing, this is Free and as good as any AVG but do make sure that you download the Free one as they will try to up-sell if they can.

Make sure that there are not 2 Anti Viruses on the Lappy as that can cause horrendous problems, the least of which is that neither will work properly.

If that has done the trick, then a good tidy up with CCleaner, again Free, will not go astray.

  castiel333 23:36 12 May 2011

He is running Avg (only one virus detection programme) malwarebytes and zone alarm.

I tried a scan with Avg but it didn't find anything.

Thank you so much for your help and link I will try that and then post back with the result.

  wee eddie 03:35 13 May 2011

He has it set up quite reasonably. I assume that Malwarebytes has quarantined the nasties, so that there is nothing to worry about.

So just a couple of things to do.

Open AVG's Home page and check the date of the latest Update and if it's in the last 24 hours (Assuming it's been connected too the Internet in that time) relax.

Download CCleaner and run it's main function by Clicking, bottom right, of the main screen, be prepared for a 10 to 15 minute wait while it does it's stuff. When he gets back you can "cool-ly" drop into the conversation that he might like to run the Registry Check and reduce the number of programs opening at start-up! Both jobs that CCleaner is a very safe pair of hands.

If you've got the bit between the teeth, at this stage, a "Defrag" would not go amiss and earn Brownie Points at the same time.

  wee eddie 03:38 13 May 2011

a Defrag can take a long time (hours) if the Hard Drive is quite full and it has not been done for a while.

  rdave13 11:57 13 May 2011

Another thing to try is to stop system restore and run an updated malwarebytes full scans again and remove what it finds. Reboot to safe mode and run another scan. Reboot and if clear then restart system restore.

  johndrew 14:00 14 May 2011

As rdave13 says, a lot of malware will reinfect from 'System Restore'. It is important to turn this off (right click 'My Computer' select 'Properties/System Restore' and tick the box then select 'Apply' and 'OK') before doing the scan.

Having rid yourself of the problems turn it back on by unticking the box (and 'Apply' and 'OK') and immediately create another restore point manually.

  castiel333 16:27 15 May 2011

Stinger found three trojans and removed them but, just as with Malwarebytes, as soon as I rebooted they all returned.

I have done everything else told to me that I had not already done and still these trojans just return on restart.

Although the laptop did not come with a restore disc it has an inbuilt function to return to factory settings and my son wants me to do this but I'm scared to try this in case I mess it up.

Can someone please tell me if this is easy to do or do you need to be an advanced user?

  rdave13 17:11 15 May 2011

astrid4, if stopping system restore and scanning did not work then restore to factory setting will get rid of it. Bear in mind you'll lose all your docs., photos etc unless you can back them up. If I remember correctly Packard Bell has a backup manager that allows you to burn 'return to factory settings' discs. If you can open "all programs" and see if you have something called backup manager (or similar) then you should have a chance to burn a couple of backup discs. These will have to be either -R or +R discs. DVD-RW discs won't work. I'd try to burn these discs first. These will also reset to factory settings. As for the virus/trojan it would be worth joining one expert malware removal forum first. Might take some time but these experts will remove it and all your docs etc will be intact. Two I'd recommend,

Bleeping Computers

Malware Removal.

  wee eddie 22:58 15 May 2011

If they are returning.

You will need to turn off System Restore, before you run the Stinger, as that is where they are probably residing. I would also run CCleaner, after the Stinger, but before turning the Lappy off.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Visual Trends 2018: This year’s must-know colour, design, branding & photography trends

iMac Pro review

Apple Music : comment obtenir 3 mois gratuits ?