Author Topic: Virus help (Read 266 times)

Furball · « **on:** June 22, 2005, 12:16:13 PM »

I keep getting the error message that i have a virus (NAV 2005) that Trojan.Stwoyle has been detected and cannot be deleted. I have followed the instructions on the Symantec website and i cant delete it, help please!

Jackal1 · « **Reply #1 on:** June 22, 2005, 12:18:22 PM »

Did you disable system restore before you did the removal process?

Furball · « **Reply #2 on:** June 22, 2005, 12:21:28 PM »

Quote

Originally posted by Jackal1
Did you disable system restore before you did the removal process?

yes, and started in safe mode, and did a full system scan, and downloaded the little tool that is supposed to help

Chairboy · « **Reply #3 on:** June 22, 2005, 12:21:52 PM »

More info please. When you say you can't delete it, do you mean that you cannot delete winstyle2.dll?

Did you try the manual removal instructions? There's also some reg keys to delete, plus the file.

Roscoroo · « **Reply #4 on:** June 22, 2005, 12:28:22 PM »

write down all the virus's / baddies as they are detected and there locations

AE: C:\program files\stupid bug.exe

and if you dont have a regestry scanner such as ad-aware ect .. then you will have to edit the regestry manually, most anti virus encyclopidia's have detail instuctions what to edit . (I use Trend-micro's viropedia for this)
now that you have all the info restart your pc in safe mode ... run your av program / ad aware ect ... now do a regedit to beshure its all gone .. if not deleate them manually (this works for me most of the time , ive cleaned every virus ive seen so far this way . as long as ive had my paws on the disfunct pc ... )

Safe mode is your best friend .

Furball · « **Reply #5 on:** June 22, 2005, 12:47:49 PM »

Spybot S&D doesnt pick it up
neither does the MS spyware beta removal tool
and NAV finds it but cant quarantine or delete it

this is what i get: -

Flyboy · « **Reply #6 on:** June 22, 2005, 12:54:31 PM »

delete the file manually?

Chairboy · « **Reply #7 on:** June 22, 2005, 12:58:52 PM »

Sounds like some process is holding it open so that NAV can't delete it. End task on everything in memory except Explorer and Systray if you can and try to manually delete it.

Or try deleting it in safe mode?

Roscoroo · « **Reply #8 on:** June 22, 2005, 01:07:28 PM »

http://www.symantec.com/avcenter/venc/data/pf/trojan.stwoyle.html

theres the instuctions for that puppy.... go kill kill kill ...

Furball · « **Reply #9 on:** June 22, 2005, 01:42:15 PM »

Quote

Originally posted by Flyboy
delete the file manually?

cant

Quote

Originally posted by Chairboy
Sounds like some process is holding it open so that NAV can't delete it. End task on everything in memory except Explorer and Systray if you can and try to manually delete it.

Or try deleting it in safe mode?

tried

Quote

Originally posted by Roscoroo
http://www.symantec.com/avcenter/venc/data/pf/trojan.stwoyle.html

theres the instuctions for that puppy.... go kill kill kill ...

tried that too, doesnt work

POS virus'

AKS\/\/ulfe · « **Reply #10 on:** June 22, 2005, 01:44:23 PM »

Navigate to that file, rename it's extension to .rem from .dll.

Reboot, you should be able to manually delete it now.
-SW

rpm · « **Reply #11 on:** June 22, 2005, 01:47:04 PM »

Norton stinks. I use AVG, and it's free. Good luck young Jedi!

Furball · « **Reply #12 on:** June 22, 2005, 02:06:16 PM »

Quote

Originally posted by AKS\/\/ulfe
Navigate to that file, rename it's extension to .rem from .dll.

Reboot, you should be able to manually delete it now.
-SW

you are the man, thanks very much

started in safe mode, renamed, restarted and NAV deleted it.

thank you for your help all, it is much appreciated.

Toad · « **Reply #13 on:** June 22, 2005, 04:52:06 PM »

Just and FYI, this place is great for help with viruses:

http://forums.techguy.org/f54-s.html

I had a nasty one that Symantec's special tool wouldn't remove. These guys worked with me step by step using HijackThis logs and got it cleared.

Very nice folks too.