SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Noob trying to rid pc of virises

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Cathartic Kate
Elite Baiter


Joined: 03 Dec 2008
Posts: 1542
Location: Spooner Hall


PostPosted: Thu Feb 12, 2009 10:39 pm Reply with quoteBack to top

^^^

Depends on which pron sites are visited!

Wink

Not that I would know anything about that!

Embarassed

Knobwatch is good though. Laughing

_________________
Give the lads some extra pain with your own IT admin from hell - visit toolkits for Grooble Gambit

Proud member of "The Todger Club"

Closed lad accounts < никогда достаточно




Goat
View user's profileSend private message
Dutch
Goat hoarder


Joined: 22 Nov 2007
Posts: 4204
Location: Dislocated


PostPosted: Thu Feb 12, 2009 10:40 pm Reply with quoteBack to top

GomerPyle wrote:

It really spooked me when my System Restore wouldn't function - never a good sign.


Had the same experience on Vista too last week. Restore refused to roll back to older backup points. Really worries me too, it saved me a couple of times when running Win XP. Sucks on Vista.

_________________
SpainNigeriaNetherlandsCanadaSouth AfricaUnited KingdomAustraliaIvory CoastGhanaTogoUkraineIrelandHong KongFranceSenegalGermanyBeninTurks and CaicosIndonesiaPortugalBurkina FasoMalaysiacameroonJapanGambiaSierra LeoneKenya deadified fake websites) x 374
Mortar x11 Closed lad accountsx a couple Cellphone pony Easter Egg Nurse Nastys Audi TT Goat Golden Goat
Yes we can! (with a bit of help)
View user's profileSend private message
callum
Director of Press Relations


Joined: 29 May 2004
Posts: 3631
Location: On the run from the asylum and this seems like a good place to hide. Blend right in...


PostPosted: Fri Feb 13, 2009 1:56 am Reply with quoteBack to top

I recently had to clean up a couple of our XP machines at work which somehow got smothered by trojans.

System restore would not function and the browsers had been hijacked, preventing access to useful sites and also preventing the usual tools from running.

I managed to eventually fix everything by using HiJackThis! to clean up registry and disable the nasty processes (having a clean PC through which the web could be accessed to check out suspect keys etc was invaluable), and then running Malwarebytes' Anti-Malware to remove the infected and dangerous files.

Took a while but having done it the once, I'm confident the next time some pratt goes where they shouldn't and clicks without thinking I'll be able to fix in a jiffy. I now have these two tools on a CD just in case.

_________________
Do you have a concern about ethics? Click here, then here and finally HERE!
Bush goat you will meat like a chicken. It will kill you in your house where you are going to die.
I owe you quite simply one of the definitive experiences of my life.
x 2 teeny part of a large effort Mortar x29 Nurse Nastys Audi TT x5
Trolling is usually symptomatic of bad character, mental problems or ugliness - RIP Jock_2009
View user's profileSend private message
Reaper
Hello I'm New here!


Joined: 06 May 2007
Posts: 0
Location: Travelling in a fried-out combie. On a hippie trail, head full of zombie...


PostPosted: Fri Feb 13, 2009 2:55 am Reply with quoteBack to top

Who edited the colour of my post?

_________________
110+United KingdomNigeriaSpainNetherlandsGhanaChinaIvory CoastUnited StatesSwitzerlandAustraliaFranceDenmarkSierra LeoneEuropean UnionSenegalUnited NationsRussiaBurkina FasoBeninCzech RepublicQuestion
Cellphone x15 Mortar x18 Closed lad accounts 50+

SafariSafariSafari Shola - 4.3k miles Lagos - Abidjan | Lagos - N'Djamena, Chad | Lagos - Sokoto "i have not eaten anything except water"
SafariSafari Mr Floyd - Lagos - N'Djamena, Chad | Lagos -N'Djamena --> Abeche, with RS (7 days in hell Rolling Eyes ) "we are dieing here"

Art Trophies: <a href="http://forum.419eater.com/forum/viewtopic.php?t=129502">Eva Bust</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=135167">Reaper's Art Gallery</a>

- I am the King of Rome, and above grammar
Easter Egg
View user's profileSend private messageSkype Name
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11430
Location: Illuminati HQ


PostPosted: Fri Feb 13, 2009 3:16 am Reply with quoteBack to top

A SKYHOOK wrote:
Usually picks up 5 to ten every 2 or 3 days


That tells me that you are visiting sites on the interweb that are outside of the mainstream. (shame on you).

When visiting "those" sites I suggest a Linux "live" CD.

Try this one and you will avoid those problems... http://www.puppylinux.org/

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R

"Shallow men believe in luck. Strong men believe in cause and effect." -Emerson
View user's profileSend private messageSend e-mail
Mondayne
Hello I'm New here!


Joined: 24 Jan 2009
Posts: 19


PostPosted: Fri Feb 13, 2009 5:54 am Reply with quoteBack to top

Malwarebytes is very useful, as stated earlier. (In addition to anti-virus/anti-spyware)

http://malwarebytes.org/mbam.php

The free version is just fine.
View user's profileSend private message
Canadian419
419Eater is my life


Joined: 25 Nov 2008
Posts: 330
Location: Get to the Chopper!


PostPosted: Fri Feb 13, 2009 2:51 pm Reply with quoteBack to top

I've got some great tips as well as a script for more virtual memory. If anyone is interested, PM me. I'll let you know how you can do some simple things to speed up your computer, you will be amazed. here they are:

1) RUN > type - prefetch > delete everything in that folder.
2) RUN > type - msconfig > remove things from your startup ONLY THINGS YOU KNOW YOU CAN ie. MSN MSGR, YIM, SKYPE...NOTHING SYSTEM RELATED (exit without restart)
3) RUN > type - regedit - now go > HKEY_CURRENT_USER > Control Panel > Desktop > look for "MenuShowDelay" Change the value to "0"

This step is strictly for internet speed improved performance.
4) RUN > system.ini > paste EXACTLY THIS below the things that are in the file. (also remove the quotes)

"page buffer=100000kbps load=100000kbps Download=100000kbps save=100000kbps back=100000kb"

Restart your PC after all of this, and you'll notice a difference.
Remember, to Defragment your PC often, and do a disk clean before you do. If anyone wants, I have registry mechanic if they have a VERY slow computer and these steps did not help.

_________________
"Has gone on member a condom ???! You of a bough plant me brains powder with the ???!" - Ekatrina
"IF YOU DONT THEN HELL AWAIT YOU." - Bala Hassan

Closed lad accounts 10+ Mortar x6
View user's profileSend private messageMSN MessengerSkype Name
Roger The Cabin Boy
Master of Master Baiters


Joined: 24 Feb 2008
Posts: 536
Location: Hiding in a lifeboat!


PostPosted: Fri Feb 13, 2009 6:47 pm Reply with quoteBack to top

Hi Canadian, any chance you could explain what steps 3 and 4 do?

also, there seems to be a bit of debate on the net about whether deleting all prefetch data is a good or bad thing. Personally I opt for letting Ccleaner delete only the old stuff, I guess that's a safe bet.

_________________
Bobby Smith: M7CN $ecure- 2,381 boxes clicked! Mortar Then Undetowz broke the record.
Sam's Safari-Safari: oh mum never use again pls they are performg rubbish and all of them are thiefs.
Precious -T.W.A.T I cant get enough because being a [email protected] is boundless.
View user's profileSend private message
Canadian419
419Eater is my life


Joined: 25 Nov 2008
Posts: 330
Location: Get to the Chopper!


PostPosted: Fri Feb 13, 2009 7:13 pm Reply with quoteBack to top

I can totally explain what it does. Firstly deleting the prefetch data is perfectly fine, if you look at it what is deleting it going to do? If you notice a small lag period at first, it's because your PC is building it back up again. after 5 minutes of use your PC will be fine. I personally do it once a week. Debate, hah, people just don't understand, it's like your browser data, it builds and builds until you have so much crap in there it can no longer sort through it. Step 3 will remove that pesky delay from 400 Ms to 0. because of this delay your start menu opens much slower. step 4 is only really if you have a slower connection and want that little extra out of it. It CAN make your internet connection faster. It opens more room for data to flow in and out of your computer per second. these are just some simple tips to help you get your computer running a little smoother again, I run Vista registry Mechanic, a GREAT program for fixing registry errors, on my brand new Sony VAIO I just purchased about 3 months ago...I already had 400 registry errors, my older HP pavillion at home had over 2000. Surprised

_________________
"Has gone on member a condom ???! You of a bough plant me brains powder with the ???!" - Ekatrina
"IF YOU DONT THEN HELL AWAIT YOU." - Bala Hassan

Closed lad accounts 10+ Mortar x6
View user's profileSend private messageMSN MessengerSkype Name
Roger The Cabin Boy
Master of Master Baiters


Joined: 24 Feb 2008
Posts: 536
Location: Hiding in a lifeboat!


PostPosted: Fri Feb 13, 2009 7:23 pm Reply with quoteBack to top

Who knew there was a delay built in? That's nearly half a second of my life they've been wasting every time I reboot Sad was there any reason for it being there in the first place?

On the prefetch issue, that's pretty much the conclusion I came to, by opting to delete only the old stuff, I save myself that 5 mins of sluggishness. My internet link is pretty fast anyway, so shan't bother with the last one, but I'm sure it will be helpful to some.

_________________
Bobby Smith: M7CN $ecure- 2,381 boxes clicked! Mortar Then Undetowz broke the record.
Sam's Safari-Safari: oh mum never use again pls they are performg rubbish and all of them are thiefs.
Precious -T.W.A.T I cant get enough because being a [email protected] is boundless.
View user's profileSend private message
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11430
Location: Illuminati HQ


PostPosted: Fri Feb 13, 2009 7:24 pm Reply with quoteBack to top

Canadian419 wrote:

3) RUN > type - regedit - now go > HKEY_CURRENT_USER > Control Panel > Desktop > look for "MenuShowDelay" Change the value to "0"



Slick. Why would MS put a 400ms delay for that value to begin with?

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R

"Shallow men believe in luck. Strong men believe in cause and effect." -Emerson
View user's profileSend private messageSend e-mail
Canadian419
419Eater is my life


Joined: 25 Nov 2008
Posts: 330
Location: Get to the Chopper!


PostPosted: Fri Feb 13, 2009 7:33 pm Reply with quoteBack to top

no idea, I just know they do, and it just so happens I know how to get rid of it. Just a tip, from your brother from the north. Very Happy

_________________
"Has gone on member a condom ???! You of a bough plant me brains powder with the ???!" - Ekatrina
"IF YOU DONT THEN HELL AWAIT YOU." - Bala Hassan

Closed lad accounts 10+ Mortar x6
View user's profileSend private messageMSN MessengerSkype Name
Roger The Cabin Boy
Master of Master Baiters


Joined: 24 Feb 2008
Posts: 536
Location: Hiding in a lifeboat!


PostPosted: Fri Feb 13, 2009 7:34 pm Reply with quoteBack to top

Yep, nice one, thanks for that Canadian.

_________________
Bobby Smith: M7CN $ecure- 2,381 boxes clicked! Mortar Then Undetowz broke the record.
Sam's Safari-Safari: oh mum never use again pls they are performg rubbish and all of them are thiefs.
Precious -T.W.A.T I cant get enough because being a [email protected] is boundless.
View user's profileSend private message
Dutch
Goat hoarder


Joined: 22 Nov 2007
Posts: 4204
Location: Dislocated


PostPosted: Fri Feb 13, 2009 10:02 pm Reply with quoteBack to top

Roger The Cabin Boy wrote:
Who knew there was a delay built in?


Vista and XP have it, and even Win98 had it iirc, it's the first tweak I did after a fresh install for years. It speeds up opening your folders after hitting the start/ windows button considerably. Cleaning out your startup items with msconfig (or using a proggie called autoruns, that shows even more) is to be advised too.

The system.ini tweak I didn't know about, I just tried that, and indeed seems to speed up the loading of web pages. Good advise, Canadian Very Happy

_________________
SpainNigeriaNetherlandsCanadaSouth AfricaUnited KingdomAustraliaIvory CoastGhanaTogoUkraineIrelandHong KongFranceSenegalGermanyBeninTurks and CaicosIndonesiaPortugalBurkina FasoMalaysiacameroonJapanGambiaSierra LeoneKenya deadified fake websites) x 374
Mortar x11 Closed lad accountsx a couple Cellphone pony Easter Egg Nurse Nastys Audi TT Goat Golden Goat
Yes we can! (with a bit of help)
View user's profileSend private message
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11430
Location: Illuminati HQ


PostPosted: Fri Feb 13, 2009 10:08 pm Reply with quoteBack to top

Dutch wrote:
The system.ini tweak


I tried it and did not notice any difference, I also found some mixed reviews about this tweak via Google. I ended up reversing the change.

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R

"Shallow men believe in luck. Strong men believe in cause and effect." -Emerson
View user's profileSend private messageSend e-mail
Roger The Cabin Boy
Master of Master Baiters


Joined: 24 Feb 2008
Posts: 536
Location: Hiding in a lifeboat!


PostPosted: Fri Feb 13, 2009 10:34 pm Reply with quoteBack to top

I've been keeping an eye on what starts up at boot for a while. My favourite gadget for this is Mike Lin's StartUp Control panel.

http://www.mlin.net/StartupCPL.shtml

I've knocked out a few unnecessary services too, but that kind of thing would differ from system to system, user to user so I won't recommend any to turn off. If anyone's feeling brave they can google "unnecessary services." It gets pretty technical, so give it a miss unless you're willing to invest a bit of time learning.

_________________
Bobby Smith: M7CN $ecure- 2,381 boxes clicked! Mortar Then Undetowz broke the record.
Sam's Safari-Safari: oh mum never use again pls they are performg rubbish and all of them are thiefs.
Precious -T.W.A.T I cant get enough because being a [email protected] is boundless.
View user's profileSend private message
Canadian419
419Eater is my life


Joined: 25 Nov 2008
Posts: 330
Location: Get to the Chopper!


PostPosted: Fri Feb 13, 2009 11:13 pm Reply with quoteBack to top

As I said, their just little tricks. There are always going to be people out there doing something wrong, thats where the mixed reviews come from. It really makes a difference on older computers. I redid an old HP pavilion from 1998 about 2 weeks ago for a woman, made the thing run pretty good for an old bomb. Yeah, I've been keeping an eye on mine too, if you click on all processes or something it gives you EVERYTHING going on, I Google'd every single process and everything was completely legit, I even found out that if your running a lot of things like "svchost.exe" (on mine I have 9 running right now...) it's some kind of Win32 service used for "administering 16-bit-based DLL files". At one time I had 15 of them running it freaked me out untill i read what what it was. Then again I had photoshop CS4 and Premier CS3 running, plus internet and office 2007....but now, my computer is basically just Chrome running still 9 of them.

_________________
"Has gone on member a condom ???! You of a bough plant me brains powder with the ???!" - Ekatrina
"IF YOU DONT THEN HELL AWAIT YOU." - Bala Hassan

Closed lad accounts 10+ Mortar x6
View user's profileSend private messageMSN MessengerSkype Name
Dutch
Goat hoarder


Joined: 22 Nov 2007
Posts: 4204
Location: Dislocated


PostPosted: Sat Feb 14, 2009 1:36 am Reply with quoteBack to top

Pastor Frank wrote:
Dutch wrote:
The system.ini tweak


I tried it and did not notice any difference, I also found some mixed reviews about this tweak via Google. I ended up reversing the change.


Works for me, web pages are loading quicker. Maybe different on various PC's but there's no harm in giving it a shot. On Vista the described procedure doesn't work, you have to go to your \windows\ folder and change the system.ini file security properties for all users to edit and save it (and change it back afterwards of course)

_________________
SpainNigeriaNetherlandsCanadaSouth AfricaUnited KingdomAustraliaIvory CoastGhanaTogoUkraineIrelandHong KongFranceSenegalGermanyBeninTurks and CaicosIndonesiaPortugalBurkina FasoMalaysiacameroonJapanGambiaSierra LeoneKenya deadified fake websites) x 374
Mortar x11 Closed lad accountsx a couple Cellphone pony Easter Egg Nurse Nastys Audi TT Goat Golden Goat
Yes we can! (with a bit of help)
View user's profileSend private message
Scam Patroller
Baiting Guru


Joined: 08 Jul 2004
Posts: 11852
Location: UK


PostPosted: Sat Feb 14, 2009 1:39 am Reply with quoteBack to top

Quote:
Noob trying to rid pc of virises


I think you'll find it's your computer and the virus trying to get rid of you Laughing

_________________
Pith Helmet 10 Safari Safari Safari Safari Safari Safari Safari Safari Suitcase
40x Nigeria 4x South Africa 2x Ghana 2x Benin 10x Ivory Coast 34x United Kingdom 17x United States 9x Spain 1x Belgium 1x 6x European Union 4x Canada 1x New Zealand 6x Netherlands 1x pyramid 23x Cellphone Jolly Roger
Vcamera YMCA Vcamera Summer Holdiay + Bus Hijack

www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery
View user's profileSend private message
Canadian419
419Eater is my life


Joined: 25 Nov 2008
Posts: 330
Location: Get to the Chopper!


PostPosted: Sat Feb 14, 2009 1:44 am Reply with quoteBack to top

OH good point! Thanks Dutch. ALSO If anyone needs help disabling User Account Control just PM me, I'll show you not only how to disable it but also to disable the constant prompts to re-enable it.

_________________
"Has gone on member a condom ???! You of a bough plant me brains powder with the ???!" - Ekatrina
"IF YOU DONT THEN HELL AWAIT YOU." - Bala Hassan

Closed lad accounts 10+ Mortar x6
View user's profileSend private messageMSN MessengerSkype Name
Roger The Cabin Boy
Master of Master Baiters


Joined: 24 Feb 2008
Posts: 536
Location: Hiding in a lifeboat!


PostPosted: Sat Feb 14, 2009 1:45 am Reply with quoteBack to top

from what I understand (not a great deal.) svchost.exe is short for service host. It allows services (windows and third party) to run without each having to be a stand alone .exe , apparently it saves space by not having to duplicate the same bit of code for each service. I presume dllhost does a similar thing for .dll files

The downside of course is that you cant see what is causing each one to run in task manager. Which would be nice if you're trying to track down a rogue process.

Even Process explorer (an advanced version of task manager.)

http://filehippo.com/download_process_explorer/

Will only point you to the location of svchost.exe in the System 32 folder. I'd love to know how you track down what's actually running each one. Confused

_________________
Bobby Smith: M7CN $ecure- 2,381 boxes clicked! Mortar Then Undetowz broke the record.
Sam's Safari-Safari: oh mum never use again pls they are performg rubbish and all of them are thiefs.
Precious -T.W.A.T I cant get enough because being a [email protected] is boundless.

Last edited by Roger The Cabin Boy on Sat Feb 14, 2009 2:03 am; edited 2 times in total
View user's profileSend private message
Canadian419
419Eater is my life


Joined: 25 Nov 2008
Posts: 330
Location: Get to the Chopper!


PostPosted: Sat Feb 14, 2009 1:52 am Reply with quoteBack to top

You've misunderstood me, or I typed it wrong. I don't think there is a way to pinpoint the exact program of each different .dll (I think if you right click and click open file location it will bring you to the system32 folder) but I was intending to mean that I went through each process .exe and Google'd it to make sure it was supposed to be there and running with my known programs currently on my computer, I was confused when I noticed so many of "svchost.exe" at first I was FREAKED out because i Googled it and spelt it wrong "scvhost.exe" which is a virus, aparantly a bad one. Laughing

_________________
"Has gone on member a condom ???! You of a bough plant me brains powder with the ???!" - Ekatrina
"IF YOU DONT THEN HELL AWAIT YOU." - Bala Hassan

Closed lad accounts 10+ Mortar x6
View user's profileSend private messageMSN MessengerSkype Name
A SKYHOOK
419Eater is my life


Joined: 20 Sep 2008
Posts: 405
Location: the land of oz


PostPosted: Sat Feb 14, 2009 1:54 am Reply with quoteBack to top

Scam Patroller wrote:
Quote:
Noob trying to rid pc of virises


I think you'll find it's your computer and the virus trying to get rid of you Laughing
Wink Wink right back at you

And yes i should have just put ^^^^ but i could not have fixed your grammer if i had , ow yes i could have sorry. Ha im learning ok back off Wink
I think you'll find it's your computer and the virus is trying to get rid of you Laughing[/quote] Wink Wink right back at you

_________________
before i can walk i must crawl and a skyhook will help lift me up were i want to be . i no iv got one in the shed some were hang on ill be back as soon as i find it
We are expecting you to feed us with the necessary payment details This is prof.Sloudo the excutive Governor Of Central Bank Of Nigeria.



Twisted Evil Last edited SUN/8/2010 by one of the skyhooks The pointed eared fairy, aka "Yasterb" is much nicer looking now since the operation thats her in her new avatar the one on the left with the wax "dummy" of the old elfie Twisted Evil
View user's profileSend private message
Roger The Cabin Boy
Master of Master Baiters


Joined: 24 Feb 2008
Posts: 536
Location: Hiding in a lifeboat!


PostPosted: Sat Feb 14, 2009 2:02 am Reply with quoteBack to top

Yep, I agree, it is very confusing. Viruses will often take advantage of the situation by calling themselves scvhost or something similar. The real problems start when they actually attempt to use the legitimate file to do their dirty work. In these situations, I've found that often it means they've installed as a service, and can be stopped from running in the same way as you would a real service. Then you can track the file from the service name. (usually some random number.)

The only clue I can find is the Process ID number (PID.) maybe there's a way to cross check.... but I've never found the solution.

but yeah, less services running means less svchosts in task manager, less RAM being used..etc.

_________________
Bobby Smith: M7CN $ecure- 2,381 boxes clicked! Mortar Then Undetowz broke the record.
Sam's Safari-Safari: oh mum never use again pls they are performg rubbish and all of them are thiefs.
Precious -T.W.A.T I cant get enough because being a [email protected] is boundless.
View user's profileSend private message
Canadian419
419Eater is my life


Joined: 25 Nov 2008
Posts: 330
Location: Get to the Chopper!


PostPosted: Sat Feb 14, 2009 2:13 am Reply with quoteBack to top

Hum, you might be on to something there, I think I'll do some research and come back after the weekend with my results. I never thought of the PID...anyway, my time is up for tonight all, goodnight everyone! Gotta go spend the night with my better half. Very Happy

_________________
"Has gone on member a condom ???! You of a bough plant me brains powder with the ???!" - Ekatrina
"IF YOU DONT THEN HELL AWAIT YOU." - Bala Hassan

Closed lad accounts 10+ Mortar x6
View user's profileSend private messageMSN MessengerSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT