I think my computer has a virus but my scanners aren't picking any

Discussion in 'Computer Games and General Discussion' started by JJBro1, Mar 22, 2009.

  1. JJBro1

    JJBro1 GBAtemp Advanced Fan

    Jan 20, 2008
    United States
    The other day avg picked up a trojan and some cookies and i sent them to the virus vault and deleted them. Even though I deleted them from the virus vault my pc is runs awfully slow and buggy. I ran scans with avg and spybot both in regular and in safe mode and nothing is being detected. What do you think is the problem with my computer? How do i get avg or spybot to detect the problem or is there a software out there that is better than both of them? And when i tried to do a system restore all of my restore points were gone!
  2. FAST6191

    FAST6191 Techromancer

    pip Reporter
    Nov 21, 2005
    United Kingdom
    Some of the newer stuff I have tangled with can embed itself rather nicely and avoid detection quite well (one I dealt with deleted the startup entry after launch (before I could run a scanner) and added itself again on shutdown).

    Two options and you can combine ideas quite easily.
    liveCD boot and test.
    Linux and windows options here, bartpe is the usual windows suspect
    bartpe: You will need a windows CD
    bartpe plugins:
    and linux:
    http://www.raymond.cc/blog/archives/2008/0...otable-windows/ is a start, I tend to go in manual rather than automated though.

    Option 2 is safe mode. Safe mode if you were unaware is a minimal version of windows that only loads a specific subset and will usually stop any bad code loading.
    Press f8 when booting up (I usually start just after the bios has finished doing whatever) and you should get the option.
    You can then proceed to doing whatever including the steps below:

    Applicable to both.
    AV scanners do have limited heuristics (detection of bad code not in the database) but I have never encountered a good one and obviously a database is not going to be 100% accurate. This means going manual is the way forward.

    You have two options:
    1. Use something like a sqaured hijack free (note all the various programs are on the page so make sure to get a sqaured hijack free rather than something else:

    2. I know I just rubbished heuristics but if you do not mind the odd false positive full packages like comodo http://personalfirewall.comodo.com/ have the ability to tell you if something is trying to do something.
    I also use a few things from the people behind spybot that are a bit more low end: