I did a full scan with spyware doctor, and found 2 infections of Spyware.Possible_Website_Hijack and 1 infection of Downloader.Generic, since I only have the trial version of spyware doctor and pctools is too greedy to let you actually remove the viruses without the paid version, how would I remove these viruses with a free anti virus program? I’ve used avast, avira, avg, spybot, malwarebytes, superanti spyware, as well as a-squared, all have failed.
Did you try a boot-time scan with Avast!?
Also, did you try booting into Safe Mode and running Avast or MalwareBytes Anti-Malware?
I have, I’ve scanned in normal and safe mode with avast as well as all my other anti virus programs
Are you certain the files are infected? In other words, when you say the other antivirus apps “failed”, do you mean they didn’t detect anything or they found the infections but couldn’t remove them?
If only Spyware Doctor found the infections, it’s possible they’re false positives.
what is detected, do you have a exact name?
where is the detection found ?
are you running more then one security program at the same time?
if so what?
Not entirely sure where they’re located, but since the Downloader.Generic downloads trojan horses, and I just recently removed 2 trojan horses with a-squared, and since I didn’t visit any potentially dangerous websites, I’m pretty sure they’re real infections. I was only running one anti virus at a time.
Did anything other than Spyware Doctor detect the infections?
Also, what filenames did Spyware Doctor give you?
Please upload the infected files to VirusTotal and post the results here; it’s still possible you’ve got a couple of false positives, especially based on the “generic” and “possible”. SD doesn’t seem to have a specific signature for whatever it’s seeing, and is just finding generic things. That could cause some false positives; for example, AutoHotKey and AutoIt apps are notorious for being flagged as viruses, even though many aren’t. Virus scanners have just caught too many AHK/AI viruses, and now lock onto all AHK/AI apps.
I’m not saying that’s necessarily what’s going on here, but it is a possibility.
Cheers!
computerfreaker
I removed the downloader.generic, was located in C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\11, scanned the file on virustotal, over half of the anti viruses on it detected an infection. Did a full scan with spyware doctor, I didn’t find the downloader.generic in the results, though I still have the 2 infections of Spyware.Possible_Website_Hijack Downloader, says the host entry is spywareinfo, a dangerous website that I never visited, doesn’t say where it is located though. Pretty sure this is not a false positive. Still don’t know how to remove this, spyware doctor won’t because it’s the trial version, and the other anti viruses I have can’t even detect it, let alone get rid of it.
Just as well you got rid of it, then.
OK, let’s try OTL. I seriously doubt anything can hide from it, at least in today’s world.
1 Download OTL to your Desktop
2 Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
3 Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32*.dll /lockedfiles
c:\windows\system32\drivers*.sys /lockedfiles
%systemroot%*. /mp /s
CREATERESTOREPOINT
4 Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply as an attachment.
You can also try downloading MalwareBytes Anti-Malware on a clean PC, renaming it (just pick a random filename) and putting it on a read-only device (USB drive with a hardware read-only switch - don’t trust a software read-only switch! or a CD-R). Then, run it from the read-only device on the infected PC. That will hopefully let MBAM get around the virus.
Here is information concerning Host file Hijacking which is what spyware.possible_website_hijack is. http://www.dslreports.com/faq/10131
This is info pertaining to what and how Host files work, http://www.mvps.org/winhelp2002/hosts.htm
Please note use this with extreme caution editing Host files is serious business
Try to download HostsXpert.zip on your system. then follow the below steps mention to remove the spyware from your system. http://www.funkytoad.com/index.php?option=com_content&view=article&id=13&Itemid=31
- Unzip HostsXpert.zip on you pc.
- Then double click on HostsXpert.exe, where you have save the .exe file on your system.
- Then try to click on “Restore Original Hosts” to restore your Hosts file to its default condidtion on your system.
- Then click on Make Hosts Read Only, in order to secure it, in order to avoid any further infection on your system.
- Then, finally close the program when it get completed.
I cleaned my computer out, then scanned with spyware doctor again. No viruses showed up in the scan results, same goes for my other anti viruses. Though just recently when I was browsing a safe, virus-free website, an unknown downloaded started without my consent, and often when I visit any page on the internet, it won’t even bother to load, no matter how long I wait, forcing me to refresh the page. Not sure if this is the cause of a virus or not though. Failed to catch the name of the download, mostly random numbers and letters. My computer clearly still has a virus, yet my anti viruses can’t detect it. What type of virus would this be?