Discussion:
Trojan Flush.M
(too old to reply)
Belprice
2008-12-12 13:27:01 UTC
Permalink
HI there,

I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!


Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM

I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.

Thanks in advance.
Ta
Gerry
2008-12-12 14:30:46 UTC
Permalink
Are you just running Norton Anti-Virus? What anti-spyware programme are
you running?

Trojan Flush M from the Norton report sounds to relatively minor but it
could be a symptom of other malware. Some will change passwords.

I would download and run Spybot S & D (freeware version) and see if it
finds anything like a Trojan. If Spybot S & D finds anything significant
( other than cookies) you need to be wary. If it removes something and
it returns or another nasty pops up it can be an indication that there
is another hidden nasty not being detected by Norton or Spybot.
Spybot S & D. There is a freeware version buried in this link:
http://www.safer-networking.org/en/spybotsd/index.html

If you still have problems you might try Malwarebytes. This is currently
making a considerable impact, although I have not tried it myself. I
believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes.
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html--Hope this helps.Gerry~~~~FCAStourport, EnglandEnquire, plan and execute~~~~~~~~~~~~~~~~~~~Belprice wrote:> HI there,>> I am running Norton Anti - Virus and it has reported that i have a> virus called Trojan Flush M and no matter what I try I can not remove> this virus. I tried to follow the instructions for manual removal of> this virus, however it instructed me to restart windows in safe mode> and then a full scan. When I tried to do this I was asked for a> administration password , but I bought this computer second hand and> have no idea what this pasword is!>>> Also my computer is now acting very strange , programs are> disappearing when I re start the computer and when I try to view the> c drive I get an error message which states " WINDOWS CANNOT FIND> RESYDED /BOOT.COM OR RESYCLED/BOOT.COM>> I am desperate not to lose the many important family files on this> computer, such as photos and videos, can someone please help me with> this very annoying problem.>> Thanks in advance.> Ta
Daave
2008-12-12 16:14:24 UTC
Permalink
Post by Belprice
HI there,
I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
Unless the previous owner of the PC set a different password for
Administrator, that password is usually blank.

The bigger issue is the fact that you neglected to perform a clean
install of the operating system when you first started to use this PC,
which is always preferred whenever someone obtains a second-hand
computer. What is the make and model of this PC? What method do you have
to reinstall Windows? Hopefully, if there is a disk, you obtained it
along with the PC! Otherwise, you was robbed.
Gerry
2008-12-12 17:47:27 UTC
Permalink
Daave

That's strong language! It does depend on what was paid for the computer
and whether the lack of a Windows XP CD ( if the new owner does not have
one ) was covered in negotiations before purchase?
--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Daave
Post by Belprice
HI there,
I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
Unless the previous owner of the PC set a different password for
Administrator, that password is usually blank.
The bigger issue is the fact that you neglected to perform a clean
install of the operating system when you first started to use this PC,
which is always preferred whenever someone obtains a second-hand
computer. What is the make and model of this PC? What method do you
have to reinstall Windows? Hopefully, if there is a disk, you
obtained it along with the PC! Otherwise, you was robbed.
Daave
2008-12-12 18:14:07 UTC
Permalink
Good point. Still, it's good practice to include the proper way to
return a PC to its original state. Many people have been burned and I
suspect they didn't factor that inconvenience into the negotiations
because they were simply unaware that they are normally entitled to it.
Post by Gerry
Daave
That's strong language! It does depend on what was paid for the
computer and whether the lack of a Windows XP CD ( if the new owner
does not have one ) was covered in negotiations before purchase?
--
Regards.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Daave
Post by Belprice
HI there,
I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
Unless the previous owner of the PC set a different password for
Administrator, that password is usually blank.
The bigger issue is the fact that you neglected to perform a clean
install of the operating system when you first started to use this PC,
which is always preferred whenever someone obtains a second-hand
computer. What is the make and model of this PC? What method do you
have to reinstall Windows? Hopefully, if there is a disk, you
obtained it along with the PC! Otherwise, you was robbed.
Gerry
2008-12-12 18:41:53 UTC
Permalink
Daave

True.
--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Daave
Good point. Still, it's good practice to include the proper way to
return a PC to its original state. Many people have been burned and I
suspect they didn't factor that inconvenience into the negotiations
because they were simply unaware that they are normally entitled to it.
Post by Gerry
Daave
That's strong language! It does depend on what was paid for the
computer and whether the lack of a Windows XP CD ( if the new owner
does not have one ) was covered in negotiations before purchase?
--
Regards.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Daave
Post by Belprice
HI there,
I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
Unless the previous owner of the PC set a different password for
Administrator, that password is usually blank.
The bigger issue is the fact that you neglected to perform a clean
install of the operating system when you first started to use this PC,
which is always preferred whenever someone obtains a second-hand
computer. What is the make and model of this PC? What method do you
have to reinstall Windows? Hopefully, if there is a disk, you
obtained it along with the PC! Otherwise, you was robbed.
Ken Blake, MVP
2008-12-12 18:25:49 UTC
Permalink
On Fri, 12 Dec 2008 05:27:01 -0800, Belprice
Post by Belprice
When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
If I acquired a used computer, the first thing I would do with it
would be to reinstall the operating system cleanly. You have no idea
how the computer has been maintained, what has been installed
incorrectly, what is missing, what viruses and spyware there may be,
etc. I wouldn't want to live with somebody else's mistakes and
problems, possibility of kiddy porn, etc., and I wouldn't recommend
that anyone else do either.
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
Mick Murphy
2008-12-12 20:14:13 UTC
Permalink
Install the 2 programs below, and scan with them in Safe mode, as well as
with your Anti-virus.
When you go to Safe Mode, you don't need to be in the Admin account; just
sign in with your User Account.
If there is no option for that, usually the Admin account password is left
blank.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking, and install, update
and scan from there.
--
Mad Mike
Post by Belprice
HI there,
I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM
I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.
Thanks in advance.
Ta
Touch Base
2008-12-13 00:35:12 UTC
Permalink
"Belprice" <***@discussions.microsoft.com> wrote in message news:E848F567-0C3A-4BA2-A5F4-***@microsoft.com...

"Also my computer is now acting very strange , programs are disappearing
when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM"

[TB] This file is part of the trojan and it is usually located in the root
of the 'C' drive. There is also an autorun file [which is hidden], that is
part of this problem and it interacts with the boot.com file which allows it
to propagate on the next start of windows.

=========================================================

[TB] This site talks about removing the problem with boot.com file. Read
through and see how others handled this problem. Malwarebytes is mentioned
in some of the responses.

http://www.precisesecurity.com/blogs/2008/09/20/resycledbootcom/


==========================================================

"Gerry" <***@nospam.com> wrote in message news:ueh$***@TK2MSFTNGP06.phx.gbl...

"I believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes."

A visit to their website before posting the comment would have been prudent.

Malwarebytes is not an anti-virus product and it is not a purchase after
trial product.

It has a free version and a pay for version.

The pay for version has real-time protection, scheduled scanning, and
scheduled updating.

The free version does not have resident protection, it only allows for after
the fact scanning and you have to download the updates manually.

Apart from that they do exactly the same job, it is not limited in any
regard.

It's still a good idea to turn off Norton during a scan because it will pop
up and attempt to quarantine the trojan while Malwarebytes is doing it's
scan and it can only confuse the user as to which product do I use to try
and remove it. If Nortons hasn't been successful handling the trojan then
let Malwarebytes do it's job unhindered and quarantine and attempt to remove
it.
--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit
Belprice
2008-12-13 13:19:01 UTC
Permalink
Hi there,

Thanks for coming back to me.

Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.

I would be grateful for any suggestions to help me round this problem.

Thanks in advance.
| HI there,
| I am running Norton Anti - Virus and it has reported that i have a virus
| called Trojan Flush M and no matter what I try I can not remove this virus. I
| tried to follow the instructions for manual removal of this virus, however it
| instructed me to restart windows in safe mode and then a full scan. When I
| tried to do this I was asked for a administration password , but I bought
| this computer second hand and have no idea what this pasword is!
| Also my computer is now acting very strange , programs are disappearing when
| I re start the computer and when I try to view the c drive I get an error
| message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
| RESYCLED/BOOT.COM
| I am desperate not to lose the many important family files on this computer,
| such as photos and videos, can someone please help me with this very annoying
| problem.
| Thanks in advance.
HI there,
I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM
I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.
Thanks in advance.
Ta
Gerry
2008-12-13 17:50:14 UTC
Permalink
Belprice

You don't need to know a domain name to boot to safe mode. In safe mode
you have no internet connection.
--
Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Belprice
Hi there,
Thanks for coming back to me.
Everytime I try to run Malwarebytes the programs crashes and I get
this message "Malwarebytes' Anti-Malware has encountered a problem
and needs to close " and then some garble about memory. Also I can't
start my computer in safe mode as I don't know the domian name, I do
know the password though and I sign in with this every time I log
unto the computer.
I would be grateful for any suggestions to help me round this problem.
Thanks in advance.
Post by Belprice
Post by Belprice
HI there,
I am running Norton Anti - Virus and it has reported that i have a
virus called Trojan Flush M and no matter what I try I can not
remove this virus. I tried to follow the instructions for manual
removal of this virus, however it instructed me to restart windows
in safe mode and then a full scan. When I tried to do this I was
asked for a administration password , but I bought this computer
second hand and have no idea what this pasword is!
Also my computer is now acting very strange , programs are
disappearing when I re start the computer and when I try to view
the c drive I get an error message which states " WINDOWS CANNOT
FIND RESYDED /BOOT.COM OR RESYCLED/BOOT.COM
I am desperate not to lose the many important family files on this
computer, such as photos and videos, can someone please help me
with this very annoying problem.
Thanks in advance.
HI there,
I am running Norton Anti - Virus and it has reported that i have a
virus called Trojan Flush M and no matter what I try I can not
remove this virus. I tried to follow the instructions for manual
removal of this virus, however it instructed me to restart windows
in safe mode and then a full scan. When I tried to do this I was
asked for a administration password , but I bought this computer
second hand and have no idea what this pasword is!
Also my computer is now acting very strange , programs are
disappearing when I re start the computer and when I try to view the
c drive I get an error message which states " WINDOWS CANNOT FIND
RESYDED /BOOT.COM OR RESYCLED/BOOT.COM
I am desperate not to lose the many important family files on this
computer, such as photos and videos, can someone please help me with
this very annoying problem.
Thanks in advance.
Ta
Touch Base
2008-12-13 18:27:27 UTC
Permalink
"Belprice" <***@discussions.microsoft.com> wrote in message news:FB0B69F3-2C58-495C-9E02-***@microsoft.com...
Hi there,

Thanks for coming back to me.

Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer
in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.

I would be grateful for any suggestions to help me round this problem.

Thanks in advance.

=========================================
Hi "Belprice"

You should be able to start the computer in safe mode. If you can start it
in normal mode and log in with a password then it's exactly the same thing
in safe mode. Click on the same name and use the same password when safe
mode starts up, it should offer you the same log on name.

Failing that I suggest if you have a second computer and you're up to it, or
you have a friend or relative that has a computer running XP or even windows
2000. Take your hard drive out of your computer and connect it up to the
other computer as a slave drive. Start that computer in safe mode with
networking (internet support), and download Malwarebytes or download it
before you connect the drive, update the program then run it on your hard
drive. To do this once the computer has started and Malwarebytes has been
installed and updated, open My Computer and right click on your hard drive
which should be listed and select 'Scan with Malwarebytes Anti-Malware'.
After that drive is scanned and cleaned run the program on the main hard
drive. The reason is, as I mentioned in my previous post, this is an
insidious trojan and it will quite possibly infect any hard drive connected
to it. It happened to me when I was repairing someone else's computer. I
connected my USB drive (which had my copy of Malwarebytes on it) and it was
infected with the same trojan. The USB drive was easy to clean because I
knew what to look for but the likelihood is there. So if you scan both
drives it should be ok.

If the above is too hard for you and don't be embarrassed by that, I suggest
you take it to a computer shop for repair. Of course it would be good if you
had a backup of all your personal files beforehand and you probably haven't
done this so ask the computer shop to back up your files before they start
repairs on your computer. Warn them that the trojan can infect other
connected drives so they are prepared to handle it.
--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit
Belprice
2008-12-14 11:08:01 UTC
Permalink
Hi Everyone,

I had some issues with malware and viruses and ran Norton Anti Virus, Super
Anti Spy and a program called Remove it, which someone suggested I use in
another newsgroup. I now think I have got ride of all my viruses and spyware,
however now when I restart my computer it freezes at the windows screen and
the blue status bar just keeps running and running. I can start the computer
in safe mode; hence this post, but I don’t know how to resolve the problem of
the computer freezing on start up.

I would be grateful for any help on this matter.

Thanks a million in advance.

TA
JC
Post by Belprice
Hi there,
Thanks for coming back to me.
Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.
I would be grateful for any suggestions to help me round this problem.
Thanks in advance.
=========================================
Hi "Belprice"
You should be able to start the computer in safe mode. If you can start it
in normal mode and log in with a password then it's exactly the same thing
in safe mode. Click on the same name and use the same password when safe
mode starts up, it should offer you the same log on name.
Failing that I suggest if you have a second computer and you're up to it, or
you have a friend or relative that has a computer running XP or even windows
2000. Take your hard drive out of your computer and connect it up to the
other computer as a slave drive. Start that computer in safe mode with
networking (internet support), and download Malwarebytes or download it
before you connect the drive, update the program then run it on your hard
drive. To do this once the computer has started and Malwarebytes has been
installed and updated, open My Computer and right click on your hard drive
which should be listed and select 'Scan with Malwarebytes Anti-Malware'.
After that drive is scanned and cleaned run the program on the main hard
drive. The reason is, as I mentioned in my previous post, this is an
insidious trojan and it will quite possibly infect any hard drive connected
to it. It happened to me when I was repairing someone else's computer. I
connected my USB drive (which had my copy of Malwarebytes on it) and it was
infected with the same trojan. The USB drive was easy to clean because I
knew what to look for but the likelihood is there. So if you scan both
drives it should be ok.
If the above is too hard for you and don't be embarrassed by that, I suggest
you take it to a computer shop for repair. Of course it would be good if you
had a backup of all your personal files beforehand and you probably haven't
done this so ask the computer shop to back up your files before they start
repairs on your computer. Warn them that the trojan can infect other
connected drives so they are prepared to handle it.
--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit
Gerry
2008-12-14 11:38:11 UTC
Permalink
Belprice

My suspicion is that you still have malware.

What errors appear in Event Viewer for the last 24 hours?

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Belprice
Hi Everyone,
I had some issues with malware and viruses and ran Norton Anti Virus,
Super Anti Spy and a program called Remove it, which someone
suggested I use in another newsgroup. I now think I have got ride of
all my viruses and spyware, however now when I restart my computer it
freezes at the windows screen and the blue status bar just keeps
running and running. I can start the computer in safe mode; hence
this post, but I don't know how to resolve the problem of the
computer freezing on start up.
I would be grateful for any help on this matter.
Thanks a million in advance.
TA
JC
Post by Belprice
Hi there,
Thanks for coming back to me.
Everytime I try to run Malwarebytes the programs crashes and I get
this message "Malwarebytes' Anti-Malware has encountered a problem
and needs to close " and then some garble about memory. Also I
can't start my computer in
safe mode as I don't know the domian name, I do know the password
though and I sign in with this every time I log unto the computer.
I would be grateful for any suggestions to help me round this
problem.
Thanks in advance.
=========================================
Hi "Belprice"
You should be able to start the computer in safe mode. If you can
start it in normal mode and log in with a password then it's exactly
the same thing in safe mode. Click on the same name and use the same
password when safe mode starts up, it should offer you the same log
on name.
Failing that I suggest if you have a second computer and you're up
to it, or you have a friend or relative that has a computer running
XP or even windows 2000. Take your hard drive out of your computer
and connect it up to the other computer as a slave drive. Start that
computer in safe mode with networking (internet support), and
download Malwarebytes or download it before you connect the drive,
update the program then run it on your hard drive. To do this once
the computer has started and Malwarebytes has been installed and
updated, open My Computer and right click on your hard drive which
should be listed and select 'Scan with Malwarebytes Anti-Malware'.
After that drive is scanned and cleaned run the program on the main
hard drive. The reason is, as I mentioned in my previous post, this
is an insidious trojan and it will quite possibly infect any hard
drive connected to it. It happened to me when I was repairing
someone else's computer. I connected my USB drive (which had my copy
of Malwarebytes on it) and it was infected with the same trojan. The
USB drive was easy to clean because I knew what to look for but the
likelihood is there. So if you scan both drives it should be ok.
If the above is too hard for you and don't be embarrassed by that, I
suggest you take it to a computer shop for repair. Of course it
would be good if you had a backup of all your personal files
beforehand and you probably haven't done this so ask the computer
shop to back up your files before they start repairs on your
computer. Warn them that the trojan can infect other connected
drives so they are prepared to handle it.
--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit
Ken Blake, MVP
2008-12-14 14:48:06 UTC
Permalink
On Sun, 14 Dec 2008 03:08:01 -0800, Belprice
Post by Belprice
Hi Everyone,
I had some issues with malware and viruses and ran Norton Anti Virus, Super
Anti Spy and a program called Remove it, which someone suggested I use in
another newsgroup. I now think I have got ride of all my viruses and spyware,
My guess is that you didn't, or if you did, you still have remaining
some of the damage that they caused.

How many infections did you have? If you had many, it's usually
necessary to do a clean reinstallation of Windows than to try to clean
the computer.

Moreover, it's important to note that viruses can do damage and are
not things that you want to remove after you get infected. Rather, you
want to prevent your getting infected in the first place.

And finally, in my view, Norton Anti-Virus is the *worst* anti-virus
program available. I recommend NOD32, or if you want a free program,
Avast.

I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.
Post by Belprice
however now when I restart my computer it freezes at the windows screen and
the blue status bar just keeps running and running. I can start the computer
in safe mode; hence this post, but I don’t know how to resolve the problem of
the computer freezing on start up.
I would be grateful for any help on this matter.
Thanks a million in advance.
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
Daave
2008-12-14 15:50:54 UTC
Permalink
Post by Ken Blake, MVP
I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.
I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days. My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.

Does anyone know if that app produces any other undesireable effects? To
OP: it's important you delete your Hosts file. The location is:

C:\WINDOWS\system32\drivers\etc

If you wish, you may replace it with a *good* Hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
have had success running one or both of these programs in Safe Mode:

Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php

SUPERAntiSpyware
http://www.superantispyware.com/

The freeware versions are fine.

If you still have malware, you will have to post a HijackThis log to an
appropriate forum (courtesy of David H. Lipman):

NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums!
Ken Blake, MVP
2008-12-14 18:19:18 UTC
Permalink
On Sun, 14 Dec 2008 10:50:54 -0500, "Daave"
Post by Daave
Post by Ken Blake, MVP
I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.
I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days.
Ahh, thanks for that info. Then it's a clearly one to stay far away
from.
Post by Daave
My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.
Ugh!
Post by Daave
Does anyone know if that app produces any other undesireable effects? To
C:\WINDOWS\system32\drivers\etc
http://www.mvps.org/winhelp2002/hosts.htm
But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware
http://www.superantispyware.com/
The freeware versions are fine.
If you still have malware, you will have to post a HijackThis log to an
NOTE: Registration is REQUIRED in any of the below before posting a log
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums!
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
Daave
2008-12-14 18:27:19 UTC
Permalink
Post by Ken Blake, MVP
On Sun, 14 Dec 2008 10:50:54 -0500, "Daave"
Post by Daave
Post by Ken Blake, MVP
I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.
I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days.
Ahh, thanks for that info. Then it's a clearly one to stay far away
from.
YW, Ken.
samantha fox
2010-10-18 12:46:02 UTC
Permalink
How to remove resycled/boot.com

http://www.tips29.com/2009/01/how-to-remove-resycledbootcom.html
Post by Belprice
HI there,
I am running Norton Anti - Virus and it has reported that i have a virus
called Trojan Flush M and no matter what I try I can not remove this virus. I
tried to follow the instructions for manual removal of this virus, however it
instructed me to restart windows in safe mode and then a full scan. When I
tried to do this I was asked for a administration password , but I bought
this computer second hand and have no idea what this pasword is!
Also my computer is now acting very strange , programs are disappearing when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM
I am desperate not to lose the many important family files on this computer,
such as photos and videos, can someone please help me with this very annoying
problem.
Thanks in advance.
Ta
Post by Gerry
Are you just running Norton Anti-Virus? What anti-spyware programme are
you running?
Trojan Flush M from the Norton report sounds to relatively minor but it
could be a symptom of other malware. Some will change passwords.
I would download and run Spybot S & D (freeware version) and see if it
finds anything like a Trojan. If Spybot S & D finds anything significant
( other than cookies) you need to be wary. If it removes something and
it returns or another nasty pops up it can be an indication that there
is another hidden nasty not being detected by Norton or Spybot.
http://www.safer-networking.org/en/spybotsd/index.html
If you still have problems you might try Malwarebytes. This is currently
making a considerable impact, although I have not tried it myself. I
believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes.
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html--Hope this helps.Gerry~~~~FCAStourport, EnglandEnquire, plan and execute~~~~~~~~~~~~~~~~~~~Belprice wrote:> HI there,>> I am running Norton Anti - Virus and it has reported that i have a> virus called Trojan Flush M and no matter what I try I can not remove> this virus. I tried to follow the instructions for manual removal of> this virus, however it instructed me to restart windows in safe mode> and then a full scan. When I tried to do this I was asked for a> administration password , but I bought this computer second hand and> have no idea what this pasword is!>>> Also my computer is now acting very strange , programs are> disappearing when I re start the computer and when I try to view the> c drive I get an error message which states " WINDOWS CANNOT FIND> RESYDED /BOOT.COM OR RESYCLED/BOOT.COM>> I am desperate not to lose the many important family files on this> computer, such as photos and videos, can someone please help me with> this very annoying problem.>> Thanks in advance.> Ta
Post by Daave
Unless the previous owner of the PC set a different password for
Administrator, that password is usually blank.
The bigger issue is the fact that you neglected to perform a clean
install of the operating system when you first started to use this PC,
which is always preferred whenever someone obtains a second-hand
computer. What is the make and model of this PC? What method do you have
to reinstall Windows? Hopefully, if there is a disk, you obtained it
along with the PC! Otherwise, you was robbed.
Post by Gerry
Daave
That's strong language! It does depend on what was paid for the computer
and whether the lack of a Windows XP CD ( if the new owner does not have
one ) was covered in negotiations before purchase?
--
Regards.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Daave
Good point. Still, it's good practice to include the proper way to
return a PC to its original state. Many people have been burned and I
suspect they didn't factor that inconvenience into the negotiations
because they were simply unaware that they are normally entitled to it.
Post by Gerry
Daave
True.
--
Regards.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Mick Murphy
Install the 2 programs below, and scan with them in Safe mode, as well as
with your Anti-virus.
When you go to Safe Mode, you don't need to be in the Admin account; just
sign in with your User Account.
If there is no option for that, usually the Admin account password is left
blank.
http://www.spybot.info/en/index.html
Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.
http://www.malwarebytes.org/mbam.php
Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com
Download, install, and update.
Important re: Safe Mode
If you happen to find a problem that you can???t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking, and install, update
and scan from there.
--
Mad Mike
Post by Touch Base
"Also my computer is now acting very strange , programs are disappearing
when
I re start the computer and when I try to view the c drive I get an error
message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
RESYCLED/BOOT.COM"
[TB] This file is part of the trojan and it is usually located in the root
of the 'C' drive. There is also an autorun file [which is hidden], that is
part of this problem and it interacts with the boot.com file which allows it
to propagate on the next start of windows.
=========================================================
[TB] This site talks about removing the problem with boot.com file. Read
through and see how others handled this problem. Malwarebytes is mentioned
in some of the responses.
http://www.precisesecurity.com/blogs/2008/09/20/resycledbootcom/
==========================================================
"I believe it is shareware ( purchase after trial ). You should not run
two anti-virus programmes at the same time so you will need to turn off
Norton before running Malwarebytes."
A visit to their website before posting the comment would have been prudent.
Malwarebytes is not an anti-virus product and it is not a purchase after
trial product.
It has a free version and a pay for version.
The pay for version has real-time protection, scheduled scanning, and
scheduled updating.
The free version does not have resident protection, it only allows for after
the fact scanning and you have to download the updates manually.
Apart from that they do exactly the same job, it is not limited in any
regard.
It's still a good idea to turn off Norton during a scan because it will pop
up and attempt to quarantine the trojan while Malwarebytes is doing it's
scan and it can only confuse the user as to which product do I use to try
and remove it. If Nortons hasn't been successful handling the trojan then
let Malwarebytes do it's job unhindered and quarantine and attempt to remove
it.
--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit
Post by Belprice
Hi there,
Thanks for coming back to me.
Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.
I would be grateful for any suggestions to help me round this problem.
Thanks in advance.
Post by Gerry
Belprice
You don't need to know a domain name to boot to safe mode. In safe mode
you have no internet connection.
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Belprice
Hi there,
Thanks for coming back to me.
Everytime I try to run Malwarebytes the programs crashes and I get this
message "Malwarebytes' Anti-Malware has encountered a problem and needs to
close " and then some garble about memory. Also I can't start my computer
in
safe mode as I don't know the domian name, I do know the password though and
I sign in with this every time I log unto the computer.
I would be grateful for any suggestions to help me round this problem.
Thanks in advance.
=========================================
Hi "Belprice"
You should be able to start the computer in safe mode. If you can start it
in normal mode and log in with a password then it's exactly the same thing
in safe mode. Click on the same name and use the same password when safe
mode starts up, it should offer you the same log on name.
Failing that I suggest if you have a second computer and you're up to it, or
you have a friend or relative that has a computer running XP or even windows
2000. Take your hard drive out of your computer and connect it up to the
other computer as a slave drive. Start that computer in safe mode with
networking (internet support), and download Malwarebytes or download it
before you connect the drive, update the program then run it on your hard
drive. To do this once the computer has started and Malwarebytes has been
installed and updated, open My Computer and right click on your hard drive
which should be listed and select 'Scan with Malwarebytes Anti-Malware'.
After that drive is scanned and cleaned run the program on the main hard
drive. The reason is, as I mentioned in my previous post, this is an
insidious trojan and it will quite possibly infect any hard drive connected
to it. It happened to me when I was repairing someone else's computer. I
connected my USB drive (which had my copy of Malwarebytes on it) and it was
infected with the same trojan. The USB drive was easy to clean because I
knew what to look for but the likelihood is there. So if you scan both
drives it should be ok.
If the above is too hard for you and don't be embarrassed by that, I suggest
you take it to a computer shop for repair. Of course it would be good if you
had a backup of all your personal files beforehand and you probably haven't
done this so ask the computer shop to back up your files before they start
repairs on your computer. Warn them that the trojan can infect other
connected drives so they are prepared to handle it.
--
Regards,
Touch Base
Report back on the results, good or bad so others may benefit
Post by Gerry
Belprice
My suspicion is that you still have malware.
What errors appear in Event Viewer for the last 24 hours?
You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us
A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Post by Ken Blake, MVP
On Sun, 14 Dec 2008 03:08:01 -0800, Belprice
My guess is that you didn't, or if you did, you still have remaining
some of the damage that they caused.
How many infections did you have? If you had many, it's usually
necessary to do a clean reinstallation of Windows than to try to clean
the computer.
Moreover, it's important to note that viruses can do damage and are
not things that you want to remove after you get infected. Rather, you
want to prevent your getting infected in the first place.
And finally, in my view, Norton Anti-Virus is the *worst* anti-virus
program available. I recommend NOD32, or if you want a free program,
Avast.
I don't know RemoveIt, and can't comment on how good it is, but it's
not on my list of good anti-virus programs.
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
Post by Daave
I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days. My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.
Does anyone know if that app produces any other undesireable effects? To
C:\WINDOWS\system32\drivers\etc
http://www.mvps.org/winhelp2002/hosts.htm
But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware
http://www.superantispyware.com/
The freeware versions are fine.
If you still have malware, you will have to post a HijackThis log to an
NOTE: Registration is REQUIRED in any of the below before posting a log
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums!
Ahh, thanks for that info. Then it is a clearly one to stay far away
from.
Ugh!
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
Post by Daave
YW, Ken.
Submitted via EggHeadCafe - Software Developer Portal of Choice
SharePoint Create List Add/Edit Form Web Part With Custom Toolbar and Attachments Option
http://www.eggheadcafe.com/tutorials/aspnet/bdae9c53-4661-4144-90f9-5d4a5dfa737c/sharepoint-create-list-addedit-form-web-part-with-custom-toolbar-and-attachments-option.aspx
Loading...