Tina Norris Fields
tinanfields at torchlake.com
Fri Sep 10 08:23:41 CDT 2010
Hi John, I'm going to go have a look, probably tomorrow. He says he has told Vipre to clean the trojan, but nothing happens. The log showed cleaning action canceled. I can't really rely on Dad's report, because he may overlook something necessary, like selecting the item to be cleaned, or, having decided that cleaning was a good idea and Vipre is recommending it, just closing the Vipre window believing somehow that the program has already done the cleaning. As you say, a partially cleaned infection that needed one more step to be complete is a real likelihood. T John Bartow wrote: > It could one of three things, > -A false positive and windows restores the file automatically every time he > reboots - improbable > -An infection that is partially cleaned and restores itself to some degree - > if his system and browser still works this is probably the case. Either use > Malwarebytes free version to try and remove all of it, call Sunbelt support > and work through it with them or wait until their definition updates take > care of it all the way. > -An infection that is partially cleaned and requires a reboot or full scan > to remedy but he isn't doing that - (given my experience with elderly > parents: quite probable ;o) > > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Tina Norris > Fields > Sent: Wednesday, September 08, 2010 1:30 PM > To: Discussion of Hardware and Software issues > Subject: [dba-Tech] trojan.win32.generic!bt - how to remove > > Hi again, > > My dad is having trouble with this trojan. Vipre reports > trojan.win32.generic!bt, and Dad thinks he has instructed Vipre to clean the > bugger - three days in a row, now. But, every time the scan is run, it > keeps reporting the trojan. > > Dad originally called me because his Office shortcut toolbar was misbehaving > - when he clicked on the icon for Word, he got the message that the program > could not be started. We did a couple of system restores and got to a place > where the shortcut toolbar worked. > > In the meantime, he reported repeated instances of the message that Windows > had recently recovered from a serious error, and did he want to send the > report. I think he clicked Send one time, and something strange happened, > but I don't know what - all of this is going on over the phone, I can't see > his screen, and he generally says things like "Oh, there's that little > thingy again, shall I get rid of it?" and sometimes before I've been able to > say "Tell me what little thingy you're talking about, Dad," he's already > clicked some choice, so it's difficult to be sure about what's been going on > on his screen. Now the Windows has recovered message pops up a bunch and it > takes many clicks to tell it to go away. > > It was during that part of the process that he told me Vipre had reported > this trojan three days in a row. We did go read a report that indicated > that the clean command had been canceled. It is not clear to me whether Dad > did or did not instruct Vipre to clean this little bugger. Right now, he is > running a Vipre scan and I am supposedly returning to my work of grading my > students' papers - we'll be in touch again after the scan. But I thought > I'd send out a call for help. Hey, John Bartow, are you there? > > Tina > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > >