Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old January 9, 2011, 08:50 AM
gingerbee's Avatar
Hall Of Fame
F@H
 
Join Date: Jan 2009
Location: Orillia, Ontario
Posts: 6,824

My System Specs

Default

do a physical mirror go through the drive and copy all the data on two the mirrored drive ( what i mean by mirror is do a fresh install on another drive with the same setting and os then copy over all important data have done this a few times for shop i do work for and it worked for me )
__________________
Fav quote "One should strive to achieve; not sit in bitter regret." Ronin Harris
Reply With Quote
  #12 (permalink)  
Old January 9, 2011, 10:36 AM
grinder's Avatar
Allstar
F@H
 
Join Date: Mar 2007
Posts: 826

My System Specs

Default

before you proceed, try creating a different NEW user/profile on the XP machine. Reboot and login as that user. Some infections are profile limited... if this infection IS profile limited, you will have a greater chance of cleaning it with Malware bytes logged in as a different user. (make sure the new user you create is a local administrator of course).
__________________
Phenom II 945 :: ASUS M4A78-E (780G) :: BFG 285GTX :: 4GB Mushkin DDR2 (5-4-4-12) :: Creative Xi-Fi :: Seagate 500 gig 7200.12 (better than WD BLACK!!!!!) :: Samsung 2493HM
Reply With Quote
  #13 (permalink)  
Old January 9, 2011, 10:45 AM
Perineum's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: Surrey, B.C.
Posts: 4,074

My System Specs

Default

Just pull the drive out and slave it into a different system. Then virus scan it. The virus scanner will delete parts of the virus. Put a virus scanner in the root of the infected drive and then reinstall it in the main machine. Boot up and then rescan with the virus checker that is in the root of the drive. This time the virus scanner will delete it out of the registry etc.

Might be all you need to do...
Reply With Quote
  #14 (permalink)  
Old January 9, 2011, 05:59 PM
Rookie
 
Join Date: Dec 2010
Posts: 18

My System Specs

Default

Martin:

Go here: Virus & Other Malware Removal - Tech Support Guy Forums

they helped me get rid a vundo variant virus. I had tried everything suggested here but the damned thing was well and truly hidden.
you will need HijackThis - Trend Micro USA and post the results file in the forums.

Just don't be impatient and demand answers 3 minutes after you post.
Reply With Quote
  #15 (permalink)  
Old January 9, 2011, 07:13 PM
martin_metal_88's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2009
Location: Quebec City
Posts: 4,176

My System Specs

Default

For now I am on my week end and I don't work until next friday so I might give it another shot next week. Thx for reply!
__________________
[COLOR=black][SIZE=4][B]Ask for more
Reply With Quote
  #16 (permalink)  
Old January 9, 2011, 08:50 PM
Alpine's Avatar
Allstar
 
Join Date: Dec 2008
Location: Boucherville / South shore of MTL
Posts: 903

My System Specs

Default

if you reboot in safe mode, are you able to stop the process and delete the file ??
__________________
Main system
|I7 3930K|Asus P9X79 WS|Evga GTX 690|Samsung 256G Pro|H100|Dominator Platinium 16GB 2133Mhz|AX1200|540 AIR|SP2500|Vengeance 2000|IBM PRO/1000 PT Quad Port|

Server system
|I7 3820|Asus P9X79|12G G.Skill 1600Mhz|Noctua NH-D14|Force 3 120GB|LSI megaRAID 9261 8|RAID5 5X 3TB|AX650|Fractal Design Arc Midi|IBM PRO/1000 PT Quad Port|
Reply With Quote
  #17 (permalink)  
Old January 9, 2011, 10:43 PM
Top Prospect
 
Join Date: Apr 2010
Location: Vancouver
Posts: 242
Default

Quote:
Originally Posted by martin_metal_88 View Post
Unfortunatly nothing seems to work.
There are a number of specialized cleaning tools available but I have to have more information about what we're dealing with first. Can you do a MD5 hash of "C:\WINDOWS\eniriyonidop.dll" and post it?
__________________
iK
Reply With Quote
  #18 (permalink)  
Old January 10, 2011, 09:10 PM
Rookie
 
Join Date: Jan 2011
Posts: 13
Default

have you tried going into the registry and modifying all instances of that file... (make sure you back up before you try it)
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sappire 4870X2 Baking Process AmuseMe Case Mods, Worklog & Gallery 46 July 17, 2010 04:04 PM
Words of Praise for Kingston RMA Process M1K3Z0R Off Topic 2 March 7, 2010 12:57 PM
something wierd going on with my hdd kyle_L Troubleshooting 8 July 13, 2009 05:00 PM
VERY wierd behavior Toronto122 New Builds 25 April 3, 2009 03:50 PM
Shader Process OC Alwaysrun HardwareCanucks F@H Team 6 January 16, 2009 10:48 PM