Hello, I have a virus called stoicgvxway.exe that runs 7 instances through google chrome. Google chrome isn't even installed on the computer nor can bit defender find it. Ive found the source and deleted the files but haven't be able to get rid of it yet. Any suggestions.?
run malwarebytes in safe mode, you may have to do the 'rinse and repeat' method. also download the free version of panda cloud, one of the best out there from my experience.
Also, its likely installed in the registry and temp folders and %appdata% and whole slew of other places to manifest itself so you can't remove 'all' of it by just finding it on your own. And when i say that, while it may be possible, it is far to time consuming and therefore less efficient. Just do what i suggested and everything will be fine, pm me if you need further assistance.
Okay, thank you! I really needed the secondary input.. Ill try that soon :)
awesome lmk how it turns out :)
Ehhh Panda has become way to spammy, it used to be my recommendation for a good free av, but bitdefender kicks its ass imo.
Edit* Though if its just for a one time scan then why not i suppose.
One way to quickly check to make sure you have nothing left over after the cleanse is to open up a command prompt and type
"netstat -n"
Which will show all the open connections on the computer. You can see the IP addresses that you are connected to, and if any "Foreign Address" is suspicious, you can use
"nslookup {ip address}"
to check where the program is dialing back to.
You may also want to use a "Second-Opinion" scanner to double-check. I advise Hitman. Five minute scan, and actually can catch some things other AV won't.
Try HitmanPro 3:
http://www.surfright.nl/en/hitmanpro/
yeah thats what i was referring too. its very spammy but for a quick and dity virus removal with real time scanning it works quite well.
if you already know the name of the infected file systernals autoruns could probably tell you where it is or atleast it can give you the option to disable it so it won't start with windows any more.
you can also use a 3rd party firewall to see if any programs you don't recognize are connecting to the internet.
personally I use outpost since it has a process monitor that can show the dependency's of each program and gives you the option to end it or even take you to it's working directory.
Re-install Windows?
Just use Sysinternals Process Manager. The best process manager ever.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
https://www.youtube.com/watch?v=Wuy_Pm3KaV8
Watch the video to learn more about it. Trust me I watched the whole video and was able to get rid of a duplicating virus in a VM.
You should be using SysInternals Process Manager instead of Outpost.