Cheat Engine

[mark_the_hacker]

So to start it off I got AhnRpta.exe virus, which even if I delete from C:\WINDOWS\AhnRpta.exe, every time I open a process it pops out.
Now I also got the IEXPLORER.EXE virus, which is different from explorer.exe or iexplore.exe, and it pops out sometimes when AhnRpta.exe pops out. And just recently I find out that I come over the Confiker Virus. WHAT VERSION??? I don't know. it stops me from going to any microsoft website and those associated with it and some antivirus websites. Also it stops me from windows update. HELP???

btw, I got 56k modem....I know right?

[Polynomial]

Things to try:
1) Locate all of the virus executables and write down their locations (on paper). You can use Process Explorer and Autoruns from Microsoft Sysinternals to achieve this.
2) Go into safe mode and delete the files. Remove the registry entries that match the file locations in Autoruns.
3) Reboot - Virus should be dead.

Failing that, system restore to before you got the virus, or reformat.

My personal recommendation would be the latter - in the time it takes you to read these forum posts and download the tools and stuff to sort this problem on a 56k, yoiu may as well have gone out and got a job, worked for a month or two, used your pay to buy a new computer and then freshly installed Windows on that.

[mark_the_hacker]

Im 15....I know right.

BTW I am in safe mode, or is. Kinda IDK. So heres the story, a year? ago, I downloaded Talix's AQ (FAKE) Gold Hack trainer by accident because of a failed noob that put up the download link in another thread. SO I runned it, and pressed the gold hack button which in turn deleted my system32 folder. So I was forced to have it fixed and when they fixed it, every time I run my computer I need to choose between two accounts, both in safe mode or IDK, and one can't work so I'm stuck with another. So yeah. Reformating is not a choice for me, and I know where 1 is, C:\WINDOWS\AhnRpta.exe. the two latter IDK.

[Haswell]

If the virus took up residence for over a year, chances are that System Restore won't even come close to the point when you were clean.

Formating and reinstalling is your best option. It's hard to imagine what kind of games you would have on a 56k connection, so I assume you don't really have much to backup.

[Polynomial]

I am beginning to suspect that mark is attempting to make a mockery of us.

Things wrong so far:
1) Nobody uses a 56k, let alone someone who has over 1000 posts on CEF.
2) There's no reason to tell us he's 15.
3) Viruses can't delete system32, it's protected by the OS. Besides, after deleting 20 or so files it'd likely cause the entire OS to crash or BSOD.
4) You don't access safe mode from an account.

I'll no longer be helping in this thread, I get the feeling that he's trolling.

[Haswell]

You have a point. 56k = fail.

Reformat and reinstall, period. Requesting lock, if applicable.

[FullyAwesome]

if you're not trolling, reformat, install antivirus software.

[Thanitos]

[Haswell]

No, because Windows is using the processes in system32. If the program somehow manages to kill all the processes without Windows displaying the BSOD and/or shutting down immediately and remove system32, he shouldn't even be able to reboot.

So, format and reinstall.

[Thanitos]

Ahhhh ok, that makes seance.

[Polynomial]

Indeed. Furthermore, Windows puts extra protection on files like ntoskrnl and the core system services (winlogon, lsass, crss, etc). Simply using rmdir /S /Q C:\Windows\system32 doesn't cut it, nor does del /F /S /Q C:\Windows\system32\*.*

He has his answer, requesting lock from nearest moderator.

[mark_the_hacker]

[Haswell]

Burn an AV (actually, multiple AVs, to be on the safe side) and stuff like MalwareBytes, Spyware: Search and Destroy, etc... into a CD, run it from there.

Best option is still a reinstallation of your OS.

[Luigi]

Yeah, the best is to reformat, but if you must and are sure it's conficker, there are a few conficker removers that are portable, but conficker might infect it by time you plug in the USB drive.
I recommend http://www.ubcd4win.com/
I believe it has the CrapAffee stinger, which is supposed to work.

[Polynomial]

Fine, if you're not trolling, post your HJT log and let us have a look.