hello please can someone help. i have the esepor-b virus in my system and can’t get rid of it.
i have done this:
Terminating Internet Explorer
The malware modifies the Windows registry by adding an entry and declaring itself as a component of the Internet Explorer (IE). After the said modification is made, the malware runs every time IE is opened. Therefore, it is necessary to close all instances of IE in order to properly remove or quarantine the Trojan from your system.
Close all IE windows.
Close programs that are Web-related since a lot of them use IE and its components to access or display Web-related content. Examples of this are HTML editors, HTML help, and other Web browsers.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
On the task manager, look for and terminate the processes with the name:
Iexplore.exe
Close all instances of Windows Explorer. These are usually windows of opened folders, the My Computer window, and the Control Panel window.
Close all applications that use Windows Explorer or its components. Examples of which are third-party file managers.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_CLASSES_ROOT
Still in the left panel, locate and delete the entries:
XPlugin.XFilter.1
XPlugin.XFilter
Still in the same panel, double-click the following:
HKEY_CLASSES_ROOT>CLSID
Still in the same panel, locate and delete the entry:
{4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB}
Still in the same panel, double-click the following:
HKEY_CLASSES_ROOT>TypeLib
Still in the same panel, locate and delete the entry:
{EE79D398-AAAF-47B1-8C9E-11F7D4C9111B}
Still in the same panel, double-click the following:
HKEY_CLASSES_ROOT>AppID
Still in the same panel, locate and delete the entries:
{AC3F36D4-F905-4FE9-A926-EB937E66F591}
XPlugin.DLL
Still in the same panel, double-click the following:
HKEY_CLASSES_ROOT>PROTOCOLS>Filter>text>html
In the right panel, locate and delete the entries:
@=“XFilter”
CLSID = “{4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB}”
In the left panel, double-click following:
HKEY_LOCAL_MACHINE>Software
Still in the left panel, locate and delete the following:
TMKSoft
Close Registry Editor.
Right-click the My Computer icon on the Desktop and click Properties.
Click the Performance tab.
Click the File System button.
Click the Troubleshooting tab.
Select Disable System Restore.
Click Apply > Close > Close.
When prompted to restart, click Yes.
Press F8 while the system restarts.
Choose Safe Mode then hit the Enter key.
After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Disable System Restore and restarting your system normally.
For Windows XP
Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore
but it just keeps jumping from place to place normaly though its in: c-documents and settings-user-local settings-temporary internet files
i can delete them if i use avast on a start up even get a feww clear runs, but then pop its back up.
please anyone have any ideas i managed to get rid of this before using this forum and the advice above but I,m wasting hours on this now…
and to make it worse the virus is on the original ghost disc the shop gave me (go figure) so even reintalling doesn,t help.
kind regards