Jump to content
Guest alisaselez

Winstall.exe - helpp!!

Recommended Posts

Guest alisaselez

Hi everebody

My computer was infected with a trojan virus today, from a link from someone on msn messenger. I ran AVG Free and the virus went to the vault, which i have deleted and all seems to be running fine now. however, i've had to vault it three times. when I restart, the virus seems to reappear. but my computer is running fine.

but...

there is an icon on my desktop titled winstall.exe which when scanned doesn't contain a virus, but I have just had a quick scan thru some stuff on the internet and get the idea that its a nasty little program that lets other nasty stuff infect my computer I can't delete it, and in fact, am not sure if this is accurate and am a little worried its an important windows file i shouldnt be deleting at all.

I've now installed Avira Antivir as well, as a double up safety precaution, but no spyware detection programs as yet (I'm not even sure if I'm wording that correctly..)

help??

Thanks a lot

Share this post


Link to post
Share on other sites

Winstall.exe is related to the SpySheriff infection.

Lucky for you Malwarebytes has recently published a program, called RogueRemover, that is specifically designed to remove rogue anti-spyware programs like SpySheriff. :D

Download it here, run it and tell us if it worked.

Share this post


Link to post
Share on other sites
Hi everebody

My computer was infected with a trojan virus today, from a link from someone on msn messenger. I ran AVG Free and the virus went to the vault, which i have deleted and all seems to be running fine now. however, i've had to vault it three times. when I restart, the virus seems to reappear. but my computer is running fine.

but...

there is an icon on my desktop titled winstall.exe which when scanned doesn't contain a virus, but I have just had a quick scan thru some stuff on the internet and get the idea that its a nasty little program that lets other nasty stuff infect my computer I can't delete it, and in fact, am not sure if this is accurate and am a little worried its an important windows file i shouldnt be deleting at all.

I've now installed Avira Antivir as well, as a double up safety precaution, but no spyware detection programs as yet (I'm not even sure if I'm wording that correctly..)

help??

Thanks a lot

Per instruction of RR, If you find getting rid of it hard and it keeps apprearing, I suggest shutting off your System Restore, many infections hit there first and can't be removed from the restore. Set it to 0% or as some have 1-2% lowest and then shut it off. Rescan and then try to delete the file, sometimes a restart after shutting of Sys Restore is necessary for Anti v apps to do away with it. Even try SAFE MODE which will only load needed OS applications and do it that way if the above doesn't work.

Paul

EDIT: some will argue that then you won't have a restore point if you lost files, however, if the virus\infection is in the restore, it won't matter anyway, you'll simply keep going in a vicious circle.

Share this post


Link to post
Share on other sites
Per instruction of RR, If you find getting rid of it hard and it keeps apprearing, I suggest shutting off your System Restore, many infections hit there first and can't be removed from the restore. Set it to 0% or as some have 1-2% lowest and then shut it off. Rescan and then try to delete the file, sometimes a restart after shutting of Sys Restore is necessary for Anti v apps to do away with it. Even try SAFE MODE which will only load needed OS applications and do it that way if the above doesn't work.

Paul

EDIT: some will argue that then you won't have a restore point if you lost files, however, if the virus\infection is in the restore, it won't matter anyway, you'll simply keep going in a vicious circle.

You should never turn off System Restore until you know you are rid of the infection completely. The only way you will be reinfected via SR is by using an infected restore point.

Share this post


Link to post
Share on other sites
You should never turn off System Restore until you know you are rid of the infection completely. The only way you will be reinfected via SR is by using an infected restore point.

http://www.microsoft.com/technet/community...s/faqsrwxp.mspx

http://www.cmu.edu/computing/documentation...em_restore.html

You will also find this on MANY anti-virus sites.

Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled as previously directed, because Windows prevents outside programs from modifying System Restore.

I mean no offense or intrusion on this question that was asked, however, I do this for a living, and I am going off the fact that the anti-virus is still detecting the virus.

If it keeps detecting it from system restore, you won't know if you have it gone unless someone can read the path\location it's in. My guess, in the system restore.

Paul

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.