Ross

A couple of days ago my laptop shut down while submitting a gallery and when it started back up I had a pretty nasty virus called Winreanimator. No matter what I do nothing works, It stops me from using virus tools by disabling them.

Now today my girlfriend was submitting and her computer just shut down by itself and now its restarted she has the same one again it happened when she was submitting. I can only think its definately coming from a site in the submission list but I searched every site and they looked clean, so maybe its only doing it at certain times or something...

Anyway, I went to a couple of computer shops and they told me they don't know how to remove it and their Health Checks won't get rid of it.

If anyone else has got this post in here and if you know what site it came from post that also!

Dirty F

Ross.

Ross

Thanks for the bump

minddust

Internet Exploited

Dirty F

I'm like that.

Pornopat

Sometimes the only way to reach an orgasm is to do it manually...

http://www.symantec.com/security_res...353-99&tabid=3

__________________
https://stripcash.com/sign-up/?userI...fff832eb95ab6a

Ross

I tried this two days ago Pat and the registry key it tells me to remove isn't in there.

Scott McD

Sucks dude.

I better not get it !!

__________________

Babaganoosh

lol @ windows

__________________
I like pie.

Pornopat

Do you have several users on the pc? If so check the registry of the local machine and not a user.
I notice symantec also does not say you need to repair in safe modus. You should...

__________________
https://stripcash.com/sign-up/?userI...fff832eb95ab6a

Ross

Ok so far it looks like I don't have the full virus, on my girlfriends computer I downloaded killbox and it got rid of the file causing the pop up to start trying to install the Virus. So far so good, gonna try it on my laptop next.

I suspect these people with the registry key changes are people who let the virus install. I haven't done that so I just need to get a file called Braviax.exe removed and hopefully I'm ok.

I really wanna find the site thats causing this tho!

Diligent

Hmm.. it's that bad 'eh?

If You're still having problems, here's what should work in ANY case:


Download setup files for say.. the free AVG + free Ad-Aware on a computer that's not infected, burn them to CD or put on floppies if possible (in that case You write-protect them afterwards with the corner notch).

Have Your internet disconnected from the computer during this process, then:

Do a "repair" from Your Windows install CD (You may need the password for "Administrator" if one was set at first install).

After that's done, install the scanners from the CD or the floppies, and reboot.

Hit <F8> (or <F6>? I think it's F8) just when Windows starts booting, to enter "fail safe mode" (will NOT enable any LAN in this case)...
and run the newly installed scanners. Update the definitions first, then let them do full scans.

The point of this tedidous process, is it'll restore all of Windows' own system files, which is important because; if those are "hijacked"/hacked by the virus,
they can control *everything*, and easily disable/disallow all kinds of scanners.

__________________

Diligent

Oh, one more tip:

If You're running a submitter app; try running it under an earlier setup "limitied user" ("user accounts" in "control panel")... "Run As..." if You right-click the app's shortcut.
Have a password set for that user account, or it may not work.

That way it will run in a more protected environment, which could be much safer... since many tools actually invoke the piece of shit Internet Explorer for it's own internet connectivity.

If You're NOT running a special app for submitting, stay the fuck away fron using IE ffs!! lol
Try using FireFox/Mozilla (any kit) with the NoScript plugin (which You set to forbid scripts (JS particularly) and Flash by default.. You can whitelist sites You trust with it)
http://www.noscript.net/

__________________

Dirty F

Kinda sad how computer shops arent able to get rid of it.

Ross

Yep, it wasn't shitty shops I took it to, it was the biggest Computer Store in the UK. Idiots.

So far I think I've narrowed down where the site is that is causing the virus. I need to speak to the owner to see if he has any idea about this.

kapopoy

everytime i do a submission with chameleon, my av always caught a virus that reside in log directory. i won't able to track it down coz my av move to her vault.

Oracle Porn

lol what exactly can they do at a shop that you cant do on your own?

__________________

Ross

Well yes I can eventually remove it on my own but this takes time to find the proper fixes for it. I thought a shop would know how to remove it immediately and get it back to me later that day.

bu((aneer

start - programs - accessories - system tools - system restore


restore to a point before you noticed the virus infecion