Contra Virus is a Rogue program and is installed by a Smitfraud Trojan variant. The reason it can reinstall itself is the Trojan is designed to hide in hidden areas of your computer that is not scanned when the scan is done while the computer is in the normal operating mode. When the scan is completed the Tojan download the Contra Virus again.



Here are two sites that address Smitfraud infections and can remove this infection free:



http://www.internetinspiration.co.uk/roguefix.htm



http://siri.urz.free.fr/Fix/SmitfraudFix_En.php





If you desire to use Kaspersky (it is the best and claims it can remove this) use this procedure. It open all areas and deletes other areas where this Trojan may hide. It has worked for me, many of my friends, and many on this site.





Download and update Kaspersky. Do not run.



TEMPORARILY SHOW HIDDEN FILES AND FOLDERS.



1. Click Start, and then click Control Panel.



2. Click Appearance and Themes, and then click Folder Options.



3. On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.



IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.





EMPTY INTERNET EXPLORER BROWSER CACHE:



1. On the Internet Explorer Tools menu, click Internet Options.



2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK. Click OK again.



RESTART IN SAFE MODE:



To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."



Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.







START THE SCAN WITH YOUR PROGRAM(S).







When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode.



RESET HIDDEN FILES AND FOLDERS.



The RESTORE POINTS may be infected with the Malware and cannot be used. Delete the old one(s) and make a new one.



CLEAR OLD RESTORE POINT(S). HERE'S HOW:



1. Click Start, and then click Control Panel.



2. Click Performance and Maintenance, click System, and then click on the System Restore tab.



3. Select the Turn Off System Restore check box, click Apply, then restart your computer.



4. Return to the System Restore Tab and turn System Restore back on.





TO SET A NEW RESTORE POINT:



1. Click the Start button.



2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.



3. Choose Create a restore point, and then click Next.



4. In the Restore point description box, type a name for your restore point, and then click Next.



5. Click OK.



NOTE: If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the box. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.

I got this on my computer as well. I spoke with one of our IT guys and he suggested that i restart windows in safe mode without networking (XP) and then go on to control panel and uninstall ContraVirus, then click on start and then seach and type Contra under Files and Folder and then click on advanced search options. Check the hidden files option and then search. The list that populates with Contra Virus should be right clicked and deleted. If you are unable to delete certain files, just right click on them and change there names and then delete. Make sure to empty your recycle bin. Then restart the computer in normal mode. THis should solve the problem.



I kept uninstalling the program but it kept coming back, that is because i have high speed internet and the internet connection must be disabled for it to work. I even tried deleting the folders but it wouldn't let me but changing it's name helped me get rid of that folder.



Anyhow, it is not there any more on my computer. I just didn't want to pay big bucks to get rid of the program.

the reason it reinstall is due to the RESTORE bin, you must boot into safe mode and turn it off, then proceed to clean



99% of all internet problems can be attributed to the wrong set of Web browser and Email clients in coordination of the

AV/ Spyware / Firewall software.





Get the following, all are free for a safe surfing experience, with proven track records and do not take up

system resources like Norton or McAffee.

install in SAFE mode with networking ( hit F-8 at boot time ), run them all in SAFE mode

with networking as you'll need it for the updates all the programs below will need.

Turn off RESTORE and the RECYLE BIN temporarily as virii can regenerate / reinfect even if you delete

them with both services on. After all the scanning and cleaning after a 2nd reboot and one last

scan do you turn both of them back on.



ANTI VIRAL



AVG (free) http://free.grisoft.com/





FIREWALL



ZoneAlarm http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp



WEB BROWSER - http://www.mozilla.org/products/firefox



EMAIL use thunderbird. It has a good built in spam filter and learns when you teach it. http://www.mozilla.org/products/thunderbird



SPYWARE



http://www.lavasoftusa.com/software/adaware/



http://www.safer-networking.org/en/index.html



Once you set it all up create 3 email accounts..



a hotmail or yahoo account for web "verification", this account you will not care if it get spammed



a sub account ( from the master account )to your ISP that you use for logons, this is the one you use for personal

emails only to trusted people and banking, ebay and paypal. Never use the account for anything else than that,

you find spam is low to non existant if you follow this rule, and even if it does become spam laden, then you

can delete the account and create a new sub account and do all the email updates to ebay, paypal, banks and your

freinds.



finally your master account from your ISP, this one you NEVER use, it's only kept for creating sub accounts since

changing the master account is a real pain.





and if you have a wireless router follow these tips,





1. Use WPA encryption (WPA-PSK) it's less crackable then WEP.



2. Make a passphrase that is upper & lower case and has some numbers thrown in there as well, again harder to crack.

some like mAkE1t5eCurE0rel53 and as long as possible.



3. Use MAC access control so only you or authorized PC's can connect (even if you do have encryption turned on)



4. Turn off DHCP use static addresses.



5. Turn off SSID (and change it) unless your card really needs it (some do)



6. Change username/password of access unit front end



7. Ensure you have the usual firewall enabled on your PC.



8. Paranoia rules, turn WLAN off if your not using it :)





one last tip

control panel---administrator tools--services--messenger



right clik on it

stop the service

then disable it

save changes

those are instruction manual steps turn on the comp and faucet F8 go with risk-free mode with networking , hit enter hit enter on domicile windows xp logon as in many situations happening click particular start up--my comp click equipment--folder innovations--view--click " coach hidden documents uncheck conceal extentions for popular record varieties uncheck conceal secure working syst documents , click particular to warning , click ok on the backside open interior of sight disk c: or hp pavillion c: or presario c: open software documents delete contra virus folder , close the window start up--run--sort system32 click ok click view on the desirable and click information click on date changed column such that it exhibits 6 13 2007 on the desirable there will be one nasty record that's to blame for purple flashing element on the suited bottm corner of your reveal i think of its xpuupdate.exe , delete it or decrease and paste it on workstation and delete on reboot ( dont delete any documents except you're particular that its a bad record , sort the record call in google and do a seek , it ll permit you recognize if this is a bad record or no longer ) start up--run -- sort msconfig click ok click startup on the desirable and uncheck contra virus click be conscious --close--restart -- click on dont coach this msg and press ok

No, you do not have to buy another computer because of ContraVirus infection :)

ContraVirus can be either removed manually or automatically:

http://www.spyware-removal-guideline.com/contravirus-removal