Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old January 9, 2011, 08:50 AM
gingerbee's Avatar
Hall Of Fame
F@H
 
Join Date: Jan 2009
Location: Orillia, Ontario
Posts: 6,828

My System Specs

Default

do a physical mirror go through the drive and copy all the data on two the mirrored drive ( what i mean by mirror is do a fresh install on another drive with the same setting and os then copy over all important data have done this a few times for shop i do work for and it worked for me )
__________________
Fav quote "One should strive to achieve; not sit in bitter regret." Ronin Harris
Reply With Quote
  #12 (permalink)  
Old January 9, 2011, 10:36 AM
grinder's Avatar
Allstar
F@H
 
Join Date: Mar 2007
Posts: 822

My System Specs

Default

before you proceed, try creating a different NEW user/profile on the XP machine. Reboot and login as that user. Some infections are profile limited... if this infection IS profile limited, you will have a greater chance of cleaning it with Malware bytes logged in as a different user. (make sure the new user you create is a local administrator of course).
__________________
Phenom II 945 :: ASUS M4A78-E (780G) :: BFG 285GTX :: 4GB Mushkin DDR2 (5-4-4-12) :: Creative Xi-Fi :: Seagate 500 gig 7200.12 (better than WD BLACK!!!!!) :: Samsung 2493HM
Reply With Quote
  #13 (permalink)  
Old January 9, 2011, 10:45 AM
Perineum's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: Surrey, B.C.
Posts: 4,048

My System Specs

Default

Just pull the drive out and slave it into a different system. Then virus scan it. The virus scanner will delete parts of the virus. Put a virus scanner in the root of the infected drive and then reinstall it in the main machine. Boot up and then rescan with the virus checker that is in the root of the drive. This time the virus scanner will delete it out of the registry etc.

Might be all you need to do...
Reply With Quote
  #14 (permalink)  
Old January 9, 2011, 05:59 PM
Rookie
 
Join Date: Dec 2010
Posts: 18

My System Specs

Default

Martin:

Go here: Virus & Other Malware Removal - Tech Support Guy Forums

they helped me get rid a vundo variant virus. I had tried everything suggested here but the damned thing was well and truly hidden.
you will need HijackThis - Trend Micro USA and post the results file in the forums.

Just don't be impatient and demand answers 3 minutes after you post.
Reply With Quote
  #15 (permalink)  
Old January 9, 2011, 07:13 PM
martin_metal_88's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2009
Location: Quebec City
Posts: 4,175

My System Specs

Default

For now I am on my week end and I don't work until next friday so I might give it another shot next week. Thx for reply!
__________________
Ask for more

Martin_metal_88
Colenzo : See system spec!

Odysseus : I7 860 @ 3.6Ghz || GA P55-UD5 || G.skill Ripjaws F3-16000 2000Mhz 2X2GB || Coolermaster ATCS 840 || Silverstone Strider plus 850W || WD 640 black - WD 1TB green - Samsung F3 2TB || MSI 5670 1GB Cyclone ||Coolermaster Hyper 212 + ||

Reply With Quote
  #16 (permalink)  
Old January 9, 2011, 08:50 PM
Alpine's Avatar
Allstar
 
Join Date: Dec 2008
Location: Boucherville / South shore of MTL
Posts: 867

My System Specs

Default

if you reboot in safe mode, are you able to stop the process and delete the file ??
__________________
Main system
|I7 3930K|Asus P9X79 WS|Evga GTX 690 Signature|Samsung 256G Pro|Corsair H100|Dominator Platinium 16GB 2133Mhz|
Corsair AX1200|Corsair 540 AIR|Corsair SP2500|Corsair Vengeance 2000|
Server system
|I7 3820|Asus P9X79|12G G.Skill 1600Mhz|Noctua NH-D14|Corsair Force 3 120GB|LSI megaRAID 9261 8|RAID5 5X 3TB|Corsair AX650|Fractal Design Arc Midi|

Twitch
Reply With Quote
  #17 (permalink)  
Old January 9, 2011, 10:43 PM
Top Prospect
 
Join Date: Apr 2010
Location: Vancouver
Posts: 242
Default

Quote:
Originally Posted by martin_metal_88 View Post
Unfortunatly nothing seems to work.
There are a number of specialized cleaning tools available but I have to have more information about what we're dealing with first. Can you do a MD5 hash of "C:\WINDOWS\eniriyonidop.dll" and post it?
__________________
iK
Reply With Quote
  #18 (permalink)  
Old January 10, 2011, 09:10 PM
Rookie
 
Join Date: Jan 2011
Posts: 13
Default

have you tried going into the registry and modifying all instances of that file... (make sure you back up before you try it)
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sappire 4870X2 Baking Process AmuseMe Case Mods, Worklog & Gallery 46 July 17, 2010 05:04 PM
Words of Praise for Kingston RMA Process M1K3Z0R Off Topic 2 March 7, 2010 12:57 PM
something wierd going on with my hdd kyle_L Troubleshooting 8 July 13, 2009 06:00 PM
VERY wierd behavior Toronto122 New Builds 25 April 3, 2009 04:50 PM
Shader Process OC Alwaysrun HardwareCanucks F@H Team 6 January 16, 2009 10:48 PM