Any computer gurus out there?

[UffDa]

My computer was attacked about an hour ago. WIN REANIMATOR is trying to install itself, but I keep stopping it. Is there anyway to get rid of it without installing it?

I have searched for removal tools, but all I found so far is instructions for removing it after it's installed or software sellers trying to sell me their program.

TIA

 

[Bob W]

I haven't dealt with that specific virus, but it seems the installer is on your computer and running in the background (perhaps from the registry).

Here's what I would try:
- Reboot Windows in Safe Mode.
- try to locate the installation files and delete them.
- run updated anti-virus program to remove the registry entries and other associated files.

 

[UffDa]

Damn! The thing installed itself when I left the room for awhile. It seems to protect itself from removal. It shows up under programs, but not in Add or Remove programs.

This thing seems to be fairly new. It hijacks your home page and won't let go.

 

[bammann45]

Try doing the suggested starting in safe mode, removal procedure but also disable windows system restore before starting. Remove it. Restart in normal mode. Assure that it is gone, then re-enable system auto restore. Some viruses will take over system restore and resurrect themselves with it...

 

[Ken C.]

Off to G&G.

 

[Morrow]

try here...

http://www.xp-vista.com/spyware-removal/win-reanimator-removal-instructions

 

[rebeltf]

If you have no luck , try Spybot Search and Destroy , wonderful and FREE program , no spyware blah blah blah... Install , fully update , immunize , scan.
http://www.safer-networking.org/en/index.html
Give Ewido online scanner a try , got rid of a few trojans with Ewido.
http://www.ewido.net/en/

 

[Ken C.]

You need to access the registry. You can try these two programs.

HijackThis

Run the program, save a log file and then send it to me. I will look it over and let you know what needs to be removed.

CWShredder

Just run it and let it do it's thing.

Here is some info on the removal of WIN REANIMATOR.

 

[UffDa]

Thanks for all the replies. After messing with it for about 3 hours, I found a site that actually helped. http://www.bleepingcomputer.com

I downloaded a free program called MALWAREBYTES'. It not only cleaned off WinAnimator, but got rid of a bunch of other malware that was hiding in my registry.

I also found out that a lot of the anti-spyware programs for sale are themselves malware. The only thing they clean is your wallet.

WinAnimator is fairly new. It rides in on a trojan that you may not know that you have. I learned a new term. Rouge Anti-Spyware. They are very sophisticated and hide bits and pieces all over your registry. When you think you have deleted all of it, it pops up again when you reboot.

 

[Bob W]

Rouge Anti-Spyware. They are very sophisticated and hide bits and pieces all over your registry. When you think you have deleted all of it, it pops up again when you reboot.

Yep, I cleaned some of that crap of a friends' computer last week. It had frozen access to the Control Panel, Task Manager, and other user setting; repeatedly and constantly trying to access the internet, bringing the computer to a dead stop; disabled the real anti-virus programs; changed his home page and other user settings; and scattered files all over the computer including the System32 folder, Program Files, Temp, and the registry.

I was able to delete some of the files while booted into Safe Mode, enough for the computer to run at least. Then I used ComboFix and AVG to clean out the rest.