Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Meskisift Visaal Studie Virus? 6

Status
Not open for further replies.
Sep 22, 2010
9
US
Good morning, anyone here know how to remove this? I tried rkill to stop processes so I could remove it with Symantec but it crashes during scan. It runs a orrezoluew.exe. It seems to crash Windows installer among other things to cause havoc. I haven't been able to install anything to get rid of it. Any advice is appreciated.
Thanks

Kathy

[bigears]
 
You may have to create a bootable CD or USB drive that has an anti-virus installed. Several companies like Sophos and Avast have them for free. Make sure you download and create the CD or USB on a clean machine.


James P. Cottingham
I'm number 1,229!
I'm number 1,229!
 
Just get the Ultimate Boot CD for Windows and boot to that. Then you can remotely edit the registry and remove where it's starting from AND/OR directly delete the file out of the file system.

In these cases, I actually copy NOTEPAD.exe to the same folder as the malware, rename the malware file and name NOTEPAD the name of the malware file. Then you KNOW when windows boots whether the malware is still being called somewhere in the startup areas IF notepad launches.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
goombawahoo,

Thanks for that thought/idea on using a separate program (notepad in this instance) to know if the malware application is being triggered. That's definitely an interesting way to test things.

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57
 
Thanks kjv1611. Yes, it came to me in a brainstorm one time OR I found it online as a suggestion, but I honestly can't remember. Does a good job of visually showing you whether you have snuffed out the trigger mechanism in the registry. Plus the malware thinks it's starting up normally in case it's one of those that tries to heal itself if it cannot start.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
Sorry for the delay, PC user was on vacation, Goombawaho, that worked. I appreciate you both for your time. Have a good weekend.
 
Cool. Glad you snuffed it.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top