how do i et this virus off my computer

  • Thread starter Thread starter aishakitty
  • Start date Start date
A

aishakitty

I have a hacktool.notifier on my daughter's computer and i have done
everything i can think of to remove it and it will not get off my daughter's
computer. Anyone have any ideas? I tried norton, it wont even let me delete
it. I tried housecall it told me it was there,but it will not even touch it.
 
aishakitty said:
I have a hacktool.notifier on my daughter's computer and i have done
everything i can think of to remove it and it will not get off my
daughter's computer. Anyone have any ideas? I tried norton, it wont
even let me delete
it. I tried housecall it told me it was there,but it will not even
touch it.
Click to expand...

http://securityresponse.symantec.com/avcenter/venc/data/trojan.repsamo.html

You need to run all virus/malware scans in Safe Mode. I don't know what
"everything I can think of" encompasses, but you might try scanning in
Safe Mode with either Sysclean or Dave Lipman's Multi-AV:

http://www.elephantboycomputers.com/page2.html#TrendMicros_Sysclean
http://www.ik-cs.com/multi-av.htm - how to use Dave Lipman's Multi-AV
http://www.ik-cs.com/programs/virtools/Multi_AV.exe - Multi-AV download

Then make sure your NAV is a current version (not earlier than 2004),
the subscription is active, and the virus definitions are updated. Do
another thorough scan with it in Safe Mode.

Continue with malware removal steps here -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
 
From: "aishakitty" <u17679@uwe>

| I have a hacktool.notifier on my daughter's computer and i have done
| everything i can think of to remove it and it will not get off my daughter's
| computer. Anyone have any ideas? I tried norton, it wont even let me delete
| it. I tried housecall it told me it was there,but it will not even touch it.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

You failed to provide two important facts...

1. What anti virus identified "hacktool.notifier"

2. What is the fully qualified name and path to the file(s) found to be infected with the
"hacktool.notifier"

I suggest you perform the following. If the following scanners detect but can't remove, you
*must* supply the above that was left out of the initial post.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
I done everything you said to do but i got this still in my daughters
computer.
C:\WINDOWS\SYSTEM32\SRSHOST.EXE
is infected with the Hacktool.Notifier virus.
Unable to repair this file.
Unable to delete this file.
 
1. What anti virus identified "hacktool.notifier"
answer. I tried norton, it wont even let me delete it.
I tried housecall it told me it was there,but it will not even touch as
stated above.
2. What is the fully qualified name and path to the file(s) found to be
infected with the
"hacktool.notifier"
answer.
C:\WINDOWS\SYSTEM32\SRSHOST.EXE
is infected with the Hacktool.Notifier virus.
Unable to repair this file.
Unable to delete
I tried everything in both posts.
From: "aishakitty" <u17679@uwe>

| I have a hacktool.notifier on my daughter's computer and i have done
| everything i can think of to remove it and it will not get off my daughter's
| computer. Anyone have any ideas? I tried norton, it wont even let me delete
| it. I tried housecall it told me it was there,but it will not even touch it.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

You failed to provide two important facts...

1. What anti virus identified "hacktool.notifier"

2. What is the fully qualified name and path to the file(s) found to be infected with the
"hacktool.notifier"

I suggest you perform the following. If the following scanners detect but can't remove, you
*must* supply the above that was left out of the initial post.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

* * * Please report back your results * * *
Click to expand...
 
From: "Tammy via WindowsKB.com" <u17679@uwe>

| 1. What anti virus identified "hacktool.notifier"
| answer. I tried norton, it wont even let me delete it.
| I tried housecall it told me it was there,but it will not even touch as
| stated above.
| 2. What is the fully qualified name and path to the file(s) found to be
| infected with the
| "hacktool.notifier"
| answer.
| C:\WINDOWS\SYSTEM32\SRSHOST.EXE
| is infected with the Hacktool.Notifier virus.
| Unable to repair this file.
| Unable to delete
| I tried everything in both posts.
|

Use the Multi AV Scanning Tool I suggested.

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }


When you get to the menu hit the letter 'E' or 'e'.

It should bring up a killproc.txt and should then have the following contents...

iexplore.exe
firefox.exe


Append to the list...
SRSHOST.EXE
SRSHOSTU.EXE
mcsmss.exe
mdms.exe

It should now look like...

iexplore.exe
firefox.exe
SRSHOST.EXE
SRSHOSTU.EXE
mcsmss.exe
mdms.exe


Make sure the last line is an empty line then save the file, File --> Save, File --> Exit

Now from the menu choose the Sophos module and then the Trend Micro module.
 
From: "Tammy via WindowsKB.com" <u17679@uwe>

| 1. What anti virus identified "hacktool.notifier"
| answer. I tried norton, it wont even let me delete it.
| I tried housecall it told me it was there,but it will not even touch as
| stated above.
| 2. What is the fully qualified name and path to the file(s) found to be
| infected with the
| "hacktool.notifier"
| answer.
| C:\WINDOWS\SYSTEM32\SRSHOST.EXE
| is infected with the Hacktool.Notifier virus.
| Unable to repair this file.
| Unable to delete
| I tried everything in both posts.
|


Besides my other advice...

Please submit a sample of "SRSHOST.EXE" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
 
Yes it worked thank you so much her computer is virus free. :)
From: "Tammy via WindowsKB.com" <u17679@uwe>

| 1. What anti virus identified "hacktool.notifier"
| answer. I tried norton, it wont even let me delete it.
[quoted text clipped - 9 lines]
| Unable to delete
| I tried everything in both posts.

Besides my other advice...

Please submit a sample of "SRSHOST.EXE" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
Click to expand...
 
From: "Tammy via WindowsKB.com" <u17679@uwe>

| Yes it worked thank you so much her computer is virus free. :)
|

Fantastic !
Glad to hear that and thanx for updating the thread.
 
Back
Top