Nasty Virus that won't be killed easily

Lenovo / 205545u
May 27, 2010 at 13:58:23
Specs: Microsoft Windows XP Professional, 2.526 GHz / 1977 MB
I have a virus that keeps coming up and tagged by my Symantic and MalWareBytes scans - it says that it gets quarantined and deleted but show right back up within an hour -this is driving me nuts.

As additional Information - Both Anti-Virus-Malware programs are quarantining : Bloodhound SONAR 2 - file smss.exe

I have seen in other virus fights that the techs have asked for both a HiJackIt and a SmitFraudFix report - I have these upon request - thanks for your support.

See More: Nasty Virus that wont be killed easily

Report •

May 27, 2010 at 17:09:19
Have you tried maybe using Combo Fix, and or Hitman Pro 3.5.?. I would suggest getting rid of Norton when possible, it's garbage to be honest. Kaspersky is about as 'heavy' as Norton in terms of the amount of space needed, but it works 10x better than Norton ever will.


Hitman Pro 3.5.:

Report •

May 28, 2010 at 03:31:33
Can't get rid of Norton - it is a company laptop and it is company standard. You may ask why I don't send it to the company to fix - because I travel a lot and need it and cannot afford them having my computer for 2 weeks for them to take their time to fix it.

This is why I also run MalWareBytes along with the Norton - can the two mentioned above be run along side of Norton?

Report •

May 28, 2010 at 06:52:49
Yes, combofix is one of the most capable malware removal tools
around. When you are prompted to install recovery console, click
yes, it only takes a couple of minutes. also do not use www.
combofix .org since they're not affiliated

if combofix doesn't work you'll have to burn a recovery disc from
antivir or avg

Report •

Related Solutions

May 30, 2010 at 15:48:39
get your combofix from this site:
and follow their directions carefully.

I have no idea why response 1 posted the .org response 3 said...they are NOT affiliated

Some HELP in posting on plus free progs and instructions Cheers

Report •

May 30, 2010 at 16:52:09
I didn't know that, my fault. I will keep that in mind though the next time I post a Combo Fix link.

Report •

May 30, 2010 at 22:19:01
Ran this a few times and backed it with MalWareBytes - NO GO
- persistent little SOB - need recommendations for next step -
Thanks for everyones input

Report •

May 30, 2010 at 22:23:49
This thing likes to stay around - it changes the register to look
for csrss & smss in this directory - C:\MSOCache\All
Users\{90120000-0030-0000-0000-0000000ff1ce}-c\drivers -
instead of the windows/system32 directory

Even when I go into safe mode and delete the directory and
change the registry back as soon as I reboot it is back - so
something in startup is keeping this thing alive and reviving it
when it gets deleted.

Report •

May 31, 2010 at 16:25:25
And you've tried Hitman Pro 3.5. already in safe mode I'm assuming?.. You could also try Sophos Anti-Rootkit found here:

Report •

June 1, 2010 at 04:00:48
I had not used Hitman Pro yet -- just ran it --
YAAAAAAAAA!!!!!!! It is gone!!!!!!

THANKS EVERYONE!!!!!!! You guys are a lifesaver.

Hitman found that a program called NVDAHost.exe was in
my startup which was the problem. Everything else got
washed and cleaned too which I am happy to know that this
is my only problem.

Again - Thanks!!!!

Report •

June 1, 2010 at 11:02:01

Report •

Ask Question