5 replies to this topic

[fredvries]

Winstall.exe is related to the SpySheriff infection.

Lucky for you Malwarebytes has recently published a program, called RogueRemover, that is specifically designed to remove rogue anti-spyware programs like SpySheriff.

Download it here, run it and tell us if it worked.

[SwampDiner]

alisaselez did you have any luck?

[Gimpguy2000]

alisaselez, on Dec 16 2006, 07:08 AM, said:

Hi everebody
My computer was infected with a trojan virus today, from a link from someone on msn messenger. I ran AVG Free and the virus went to the vault, which i have deleted and all seems to be running fine now. however, i've had to vault it three times. when I restart, the virus seems to reappear. but my computer is running fine.

but...

there is an icon on my desktop titled winstall.exe which when scanned doesn't contain a virus, but I have just had a quick scan thru some stuff on the internet and get the idea that its a nasty little program that lets other nasty stuff infect my computer I can't delete it, and in fact, am not sure if this is accurate and am a little worried its an important windows file i shouldnt be deleting at all.

I've now installed Avira Antivir as well, as a double up safety precaution, but no spyware detection programs as yet (I'm not even sure if I'm wording that correctly..)

help??
Thanks a lot

Per instruction of RR, If you find getting rid of it hard and it keeps apprearing, I suggest shutting off your System Restore, many infections hit there first and can't be removed from the restore. Set it to 0% or as some have 1-2% lowest and then shut it off. Rescan and then try to delete the file, sometimes a restart after shutting of Sys Restore is necessary for Anti v apps to do away with it. Even try SAFE MODE which will only load needed OS applications and do it that way if the above doesn't work.

Paul

EDIT: some will argue that then you won't have a restore point if you lost files, however, if the virus\infection is in the restore, it won't matter anyway, you'll simply keep going in a vicious circle.

[JeanInMontana]

comicfan2000, on Mar 27 2007, 02:39 PM, said:

Per instruction of RR, If you find getting rid of it hard and it keeps apprearing, I suggest shutting off your System Restore, many infections hit there first and can't be removed from the restore. Set it to 0% or as some have 1-2% lowest and then shut it off. Rescan and then try to delete the file, sometimes a restart after shutting of Sys Restore is necessary for Anti v apps to do away with it. Even try SAFE MODE which will only load needed OS applications and do it that way if the above doesn't work.

Paul

EDIT: some will argue that then you won't have a restore point if you lost files, however, if the virus\infection is in the restore, it won't matter anyway, you'll simply keep going in a vicious circle.

You should never turn off System Restore until you know you are rid of the infection completely. The only way you will be reinfected via SR is by using an infected restore point.

[Gimpguy2000]

JeanInMontana, on Mar 27 2007, 08:46 PM, said:

You should never turn off System Restore until you know you are rid of the infection completely. The only way you will be reinfected via SR is by using an infected restore point.

http://www.microsoft.com/technet/community...s/faqsrwxp.mspx


http://www.cmu.edu/computing/documentation...em_restore.html


You will also find this on MANY anti-virus sites.



Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled as previously directed, because Windows prevents outside programs from modifying System Restore.


I mean no offense or intrusion on this question that was asked, however, I do this for a living, and I am going off the fact that the anti-virus is still detecting the virus.

If it keeps detecting it from system restore, you won't know if you have it gone unless someone can read the path\location it's in. My guess, in the system restore.

Paul