We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Beginners' Tech Help


It's free to register, to post a question or to start / join a discussion


 

Virus returns on restart, can't delete registry key, please can you help?


astrid4

Likes # 0

I have just ran a scan using Malwarebytes on my sons laptop which found four items, two are viruses two are malware.

Malwarebytes will only remove three of them on first run (the fourth says something like cannot unload memory process) but will remove the last one when I scan again.

As soon as the laptop is restarted all four of them return.

I Clicked show location on all four entries to try and delete them myself but the one that shows up in regedit will not allow me to delete it.

I have tried system restore but get a message saying that it didn't complete your settings have not been changed.

The laptop is a Packard Bell easynote, windows 7 and is nine months old.

The detection name of one of the viruses was something like steal data which sounds quite bad and I really would like to be able to get rid of it.

Could someone please advise me on how to fix this?

Like this post
wee eddie

Likes # 0

Firstly, Malwarebytes is not normally an Anti Virus, just Anti Malware and as such is not equipped to deal with a Virus.

Then download this onto your own PC McAfee Stinger put it on to one of those little USB Drives and plug that into the Laptop. I have never had to use it.

Was he running an Anti Virus? If he was it will need updating or replacing, this is Free and as good as any AVG but do make sure that you download the Free one as they will try to up-sell if they can.

Make sure that there are not 2 Anti Viruses on the Lappy as that can cause horrendous problems, the least of which is that neither will work properly.

If that has done the trick, then a good tidy up with CCleaner, again Free, will not go astray.

Like this post
astrid4

Likes # 0

He is running Avg (only one virus detection programme) malwarebytes and zone alarm.

I tried a scan with Avg but it didn't find anything.

Thank you so much for your help and link I will try that and then post back with the result.

Like this post
wee eddie

Likes # 0

He has it set up quite reasonably. I assume that Malwarebytes has quarantined the nasties, so that there is nothing to worry about.

So just a couple of things to do.

Open AVG's Home page and check the date of the latest Update and if it's in the last 24 hours (Assuming it's been connected too the Internet in that time) relax.

Download CCleaner and run it's main function by Clicking, bottom right, of the main screen, be prepared for a 10 to 15 minute wait while it does it's stuff. When he gets back you can "cool-ly" drop into the conversation that he might like to run the Registry Check and reduce the number of programs opening at start-up! Both jobs that CCleaner is a very safe pair of hands.

If you've got the bit between the teeth, at this stage, a "Defrag" would not go amiss and earn Brownie Points at the same time.

Like this post
wee eddie

Likes # 0

a Defrag can take a long time (hours) if the Hard Drive is quite full and it has not been done for a while.

Like this post
rdave13

Likes # 0

Another thing to try is to stop system restore and run an updated malwarebytes full scans again and remove what it finds. Reboot to safe mode and run another scan. Reboot and if clear then restart system restore.

Like this post
johndrew

Likes # 0

As rdave13 says, a lot of malware will reinfect from 'System Restore'. It is important to turn this off (right click 'My Computer' select 'Properties/System Restore' and tick the box then select 'Apply' and 'OK') before doing the scan.

Having rid yourself of the problems turn it back on by unticking the box (and 'Apply' and 'OK') and immediately create another restore point manually.

Like this post
astrid4

Likes # 0

Stinger found three trojans and removed them but, just as with Malwarebytes, as soon as I rebooted they all returned.

I have done everything else told to me that I had not already done and still these trojans just return on restart.

Although the laptop did not come with a restore disc it has an inbuilt function to return to factory settings and my son wants me to do this but I'm scared to try this in case I mess it up.

Can someone please tell me if this is easy to do or do you need to be an advanced user?

Like this post
rdave13

Likes # 0

astrid4, if stopping system restore and scanning did not work then restore to factory setting will get rid of it. Bear in mind you'll lose all your docs., photos etc unless you can back them up. If I remember correctly Packard Bell has a backup manager that allows you to burn 'return to factory settings' discs. If you can open "all programs" and see if you have something called backup manager (or similar) then you should have a chance to burn a couple of backup discs. These will have to be either -R or +R discs. DVD-RW discs won't work. I'd try to burn these discs first. These will also reset to factory settings. As for the virus/trojan it would be worth joining one expert malware removal forum first. Might take some time but these experts will remove it and all your docs etc will be intact. Two I'd recommend,

Bleeping Computers

Malware Removal.

Like this post
wee eddie

Likes # 0

If they are returning.

You will need to turn off System Restore, before you run the Stinger, as that is where they are probably residing. I would also run CCleaner, after the Stinger, but before turning the Lappy off.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

What's the best smartwatch? 11 iWatch rivals compared in our wearables round-up

IDG UK Sites

App cloning: the mobile software industry’s hidden shame

IDG UK Sites

Developers get access to more Sony camera features