Permanently block certain processes anti virus

  • #26
dduardo
Staff Emeritus
1,890
3
Are you sure you using the program correctly? If it knows the virus exists it must be able to remove it.

Why don't you try this antivirus instead:

http://free.grisoft.com/doc/11/lng/us/tpl/v5
 
Last edited by a moderator:
  • #27
259
0
Aiiii. These kind of Windows viruses are a menace, and it looks like you got a cocktail of them, too.

Why NAV can't delete them is as follows. An open process opens a file handle to its executable, so it can't be deleted while it's running. This has been a long-standing Windows policy that makes no sense to me; the program's code is fully loaded into memory before execution and swapped out to the swap file if necessary. But I digress. These viruses are designed so that when they get a TERMINATE signal from Windows, they spawn a new instance of the process; this happens long before Windows forcibly terminates the virus (there is no KILL that will immediately terminate execution AFAIK). This new instance opens its own handle, so you can't kill the file. Someone suggested this was done in the registry; that is NOT the case.

If you're tech savvy, the solution is to get http://www.sysinternals.com/ntw2k/freeware/procexp.shtml [Broken], open up the viral processes, and forcibly close all their handles; then you can delete their executables on disk, and then you can kill them in memory. But they might be smart enough to recreate the file on disk, you never know. You can also try the Microsoft malware removal tool, which supposedly cures the worse infections. I've never needed it, nor has anyone I know of, but I'm sure it's a high quality tool - after all, Microsoft are aces at security issues.


Solution #2: Boot in safemode. Windows will not run any startup tasks in safe mode, so you should be able to clean the viruses while dormant. At the very least you can clean up their registry startup entries.

Note: I no longer recommend NAV for power users because it keeps assuming its users are idiots. But I have found no acceptable substitute.

dduardo: There are ways to install WinXP without yanking the cable out, though it is the easiest way. The best way is to disable your network during setup and manually close the three evil holes: UPnP, DCOM and the Messenger service; then go online and get the myriad of lesser updates. My own firewall stats indicate a viral attack every minute or so; it's gotten to this point because there are a lot of Windows boxes out there whose owners are unaware (or unwilling to act on the knowledge) that their computer is virused and spreading out plague on their subnets. I've had to deal with the latter case once; it was a fun experience in cognitive dissonance and/or apathy. Thankfully his ISP took these complaints seriously...
 
Last edited by a moderator:
  • #28
21
0
Best thing would be do do a clean reinstall of windows from scratch, from disks that you know are clean. Then install antivirus program and firewall, and THEN connect to the internet. Not in any different order. That way you know you're clean.

In SP 2 you will find the XP internal firewall is automatically on, contrary to SP1, which can lead to conflicts with certain program permissions. Check the Microsoft site for more up-to-date info.

IMO, best turn the internal firewall off altogether and install a proper firewall like ZA, as suggested earlier.
 
  • #29
193
0
norton is not even a antivirus i think, it does not detect alot of viruses, and takes most of the ram of you computer. I would do as said above, reinstall windows from a new cd, because sometimes store bought computers have alot of advertisement on them, and if you try to remove it windows start crashing more often, maybe it was just me but this is what happened. So you bran new windows then install sp2, dont use IE, use firefox, and install some antivirus most have like 30 day trial or something, so when one expires just try another. Also firewalls are good, but are not really that important, most of the good antivirus can block attacks.

you can also try linux, there are very very few virus for it, mostly not very effective. I would recommend ubuntu, its free, easy to use, easy to install, and recongnized alot if not most of your things automaticly.
 
Last edited:
  • #30
517
0
Suddenly today I was getting 100% CPU usage whenever I went online--I think because ZoneAlarm had to block so many attempts by the viruses to get online! So what I did was I found the programs at startup on the System Information-Software Environment window and a couple of them looked suspicious. Then I did a search in RegEdit for the most suspicious-looking one of them, and deleted that. Now it works again. Question is though, there's more than one suspicious-looking file on the startup list, but the others don't look so suspicious that I'm certain they're viruses. Can I backup the registry before getting rid of those others too? --I didn't see any options for that on regedit. Is there a better way to remove these programs from the startup list than using regedit?
 
Last edited:
Top