system
1
I run boot scans all day and they delete the viruses but they keep coming back. I use AdAware and ASquared but nothing helps.
I’m running XP Home with SP2
Can you post the name of the virus and the location (path)?
I assume you have Windows XP… any other information to guide us?
You can see ‘Cleaning’ on my signature to follow fully instructions to virus removal.
system
3
cnw,
No to worry. Remember that Adaware is NOT for virus detection. It is used to detect and clean spyware/malware.
In addition, A-2 is a trojan scanner and cleaner, but again will not detect virus infections (although some consider a trojan a virus)
As Technical pointed out, it would be very helpful if you would give us the names of some of the viri. If you know how, a screenshot would help a bunch. If not, the names will do.
system
4
If you already haven’t you might want to make sure you have your system restore function turned off.
This is also mentioned in Technicals “cleaning” instructions. ;D
Eddy
5
Have a look at the page in my signature and follow the instructions there.
system
6
As I have similar problems, Ill join in! After a complete format of my system partition, and clean install of WinXP (SP1), I upgraded all, installed Kerio firewall and Avast (both latest update), and bang I had worms. Avast did a boot-search and found 7 infected files. Then proceeded to windows, and yet again it fint worms. In the mean time I had not been on the network!
Worms: Win32:Raleka
Win32:Gaobot-79
I did another boot search, and this time it found 2 worms, both in a file named _restore… Also a file MSlti64.exe located in system32\ directory keep popping up, and it is infected. So I went here to find solution. Ill have a check at the technical stuff as mentioned here. But please help!
JT
Eddy
7
JellaTryne,
looks like you have another problem. Disable system restore, reboot and see if the problem with the _restore is solved.
MSlti64.exe is indeed a virus. Have you used burned cd’s?
Or did you have a network connection when you where installing?
system
8
Yes, I was on the net while installing. It is a home network with 2 PC’s, that is connected to the Internet. The other PC did/do have the same problem. Ill disable restore, and make a reboot with AVAST search, and see what happens. But are you saying that by simply logging on the net (inserting the cable) is enough to get the worm if my friend has it?!
JT
Eddy
9
But are you saying that by simply logging on the net (inserting the cable) is enough to get the worm if my friend has it?!
Yes that sure is enough to get infected. When you want to do a clean install, unplug the system from the net. Install Windows, Firewall and av software. Than connect and inmediatly get/install ALL security patches updates for the OS, latest vps database before doing anything else. Better is even get those patches and updates on a properly working and protected system, put them on a cd and install them on the newly setup system before connecting.
I suggest you follow all steps as explained on the page in my signature.
system
10
Yes, Ill follow your instructions. However, i have 2 questions:
-
If I manage to remove the worms, can I turn restore on again? (until next time i have to do this)
-
Regarding my home net. If my friend is not on the net, I can safely log onto the net without getting worms etc (assuming I am clean). I just know too little about worms and networks…
Thank you very much for your help!
JT
PS: After disabeling restore and an Avast boot scan, I cant seem to find any more worms. Thanks!
Eddy
11
If I manage to remove the worms, can I turn restore on again?
Yes, no problem.
Regarding my home net. If my friend...
Only if your system is clean and protected. Worms and other malware spreads (along with some other methods) over networks. The Internet IS a network also.
And don’t worry about your knowledge. Nobody knows it all, and learning takes time. After working with comps for over 24 1/2 years, I am still learning 
system
12
Thanks for all the tips.
I have had “system restore” turned off for a while now and have deleted temporary internet files many times. I’ve also runCCleaner.
I’m not at home now but as i recall the virus is JR:Istbar or something close to that. Thanks again.
system
13
Eddy,24 1/2 yrs.! I thought I was an ole timer. I bet you owned a Commodore 64. ;D
cnw,
Simply put, you need to disconnect your computer from the net until it is completely clean AND you have your anti-this and that programs ready.
Your computer will be vulnerable to future infection UNLESS your computer has its’ own firewall and antivirus.
You did not say whether you were using a LAN type system or Router which would have a main firewall.
The System Restore should be turned back on once you have finished cleaning the putter. Restore points are vital should you wish to return to a previously working date where the computer was trouble free. The SR makes “dated” copies of the vital system files so you can “restore” them when needed. The SR will “protect” these files when enabled, and thus you will not be able to scan or get near them with Avast.
Once you have the bugs out, let us know and we can guide you in the best way to protect your system.
Eddy and I have a half century of experience to share.
Boy…am I old. haha 
Eddy
14
C64?
I started with a ZX-80 and later had:
ZX-81, ZX-Spectrum, ZX-QL, C16, C32, C64, Philips-P2000, MSX1, MSX2, Acorn, 286’s, 386’s, 486’s, P1, P2, P3, P4, AMD-k3, AMD-k4 and so on. 
system
15
Hi again
I have done the steps as suggested on your homepage. I was nervouse for the hijacker program, but deleted one entry I knew was containing a virus. However, before I formatted my harddrive, I had a link to a site with thousands of win-processes, all with info. It was a great place to check if your process was a safe one or not. Do you or anyone else here remember the link?
JT
Eddy
16