1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus found, how to remove???

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by em05, Feb 20, 2010.

  1. em05

    em05 Techie7 New Member

    Just running Disc Cleanup and F-sucure has just found Exploir.Win32.IMG-WMF, it reccomended to disinfect which I tried to do but it said that it can't? I then clicked on remove and it wouldn't let me dio that!!

    Is this dangerous? and how do I get rid of it?

    Thanks in advance.
  2. Neal

    Neal Dedicated Member

    Download the new version of hijackthis here: Install Hijackthis to the correct folder: C:\Program Files\HijackThis


    Click scan and save a log file and notepad will open up with HJT inside.

    Copy/Paste into your reply.


    Download Dr.Web CureIt to the desktop:

    * Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    * This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    * Once the short scan has finished, mark the drives that you want to scan.
    * Select all drives. A red dot shows which drives have been chosen.
    * Click the green arrow at the right, and the scan will start.
    * Click 'Yes to all' if it asks if you want to cure/move the file.
    * When the scan has finished, look if you can click next icon next to the files found: [​IMG]

    * If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    * After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    * Save the report to your desktop. The report will be called DrWeb.csv
    * Close Dr.Web Cureit.
    * Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    * After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.