can you run free rkill & tell us what it stops running:



http://www.bleepingcomputer.com/download/rkill/



also can you tell us what OS Dad is using



Edit:



Thank you - would still like to know if rkill stops anything running, my thinking at present is a worm.



Try the following after letting us know if free rkill stops anything running:



http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/

(stops autorun.inf worm)



then run:



http://www.freedrweb.com/cureit/?lng=en

(picks up on a lot of virus that common AVs miss, also it uses a trick mbam Chameleon mode uses)



keep us updated



but the unfortunate part of this is its ability to block the installation of programs and block already installed anti virus programs - sounds like a possible rootkit



Try running MRT:

start>run>mrt>full scan



Run mbam in Chameleon mode:

https://www.malwarebytes.org/chameleon/

2

Pc Virus Names

This is my guide to virus removal:



Consumer Reports has the following ratings:

Best 4 Free:

Avast

Avira

AVG

Microsoft Security Essentials



Best Paid:

G Data Internet Security

ESet Smart Security 6

F-Secure International Security

Kaspersky Internet Securityu

Avira Internet Security



There are always other opinions and tests:

http://www.pcmag.com/article2/0,2817,2372364,00.asp

http://www.consumersearch.com/antivirus-software

http://www.pcworld.com/category/antivirus-software/



How to remove a virus -

I) The best solution is to back up your data and perform a factory restore. Install a reputable AV program after the restore and download the latest updates before restoring your data.



II) That not being practical for many, try either of the next two methods:

(Please note that it is important to use one of these two methods as you need to boot and scan knowing that no viruses are already in memory. If you try and install an AV product on a machine already infected then there is a decent chance that the virus will be able to hide/relocate from the scanner.)



A)

1) On a clean computer, download 1 or more free bootable AV products. Five I know of are Avira, AVG, Avast, Kaspersky, and G Data.



(There is a handy product called sardu (www.sarducd.it) which will create a flash drive/Cd capable of having multiple AV products built into it. It isn't perfect yet, but it does do the job pretty well. I keep a copy on a flash drive for whenever I go to someone's house to help with computer problems and I have a number of other diagnostic tools included as well.)



2) Create the bootable media and include the latest virus definitions

3) Boot the infected/suspect computer by using the bootable media and run a full/complete/deep scan of the computer using preferably at least two different ones. No AV product gets them all, but 2 different products should find and remove just about anything.



B) second alternative method:

1) remove the hard drive from the infected computer

2) slave the drive to a clean computer which already has at least one AV product already installed with the most current definitions. You can do this by installing it into the case (for a desktop) or by putting the drive in an external drive case which you can get for the low teens $. These can be USB (get at least USB 2.0) or eSata - if the 2nd computer has an eSata connection.



3) From the clean machine, run a full/complete scan of the slaved hdd. The computer should already be booted when you connect the external drive, with the AV product already in residential memory(It will have an icon down next to the clock). Then open the AV and run it on the drive. In an ideal world, you should really use two different AV products.



III) If you are unable to do the above, then download and install an AV product and then run it at its deepest level scan. This is not the ideal method as many viruses can hide from AV products if they are already in memory and running before the AV sofware is executed. There are numerous free ones. I strongly recommend two different AV products and one Adware/Spyware product. For free AV, I would typically recommend Avira, AVG, or Avast as the installed resident (always running) AV solution and Malwarebytes as a secondary, on demand AV product which I run on a weekly basis. For Spyware and Adware, the two top performers there are AdAware and Spybot Search and Destroy (adaware is a product of lavasoft and safer-networking.org produces Spybot Search and Destroy) Both offer a free and paid version. The free version is good, the paid version offers more bells and whistles, just like with the AV products.



Once the virus(es) is/are removed, change any and all passwords having to do with anything important like e-mail, financial-banking logins, etc. as those have probably been captured and sent to the author of the virus.

You will need another computer to download to. Confirmed Clean





First, Use Kaspersky's Rescue Disk 10 to boot into to "Start" the clean up process

http://support.kaspersky.com/4162

You will need a Ethernet connection to update Kaspersky. BUT< try to limit the amount of time online to keep it from downloading more malware. Kaspersky should clean it up enough to get back into normal windows



Download these and copy to a CD?DVD or usb device. Run in the order given

Malwarebytes Anti-Rootkit(Ethernet required for updates)

http://www.malwarebytes.org/antirootkit/



Malwarebytes Anti-Malware

Home Page

http://www.malwarebytes.org/

Download

http://downloads.malwarebytes.org/mbam-download.php



If Mbam will not run or install, use their Chameleon Feature

http://www.malwarebytes.org/chameleon/



FAQ – Malwarebytes’ Anti-Malware won’t run or failed to resolve my issues

http://forums.malwarebytes.org/index.php?showtopic=85715

Boot into Safe Mode with Networking and scan the whole system with your removal tool

I gotta give you props for actually going out of your way to write out a full page of anti-virus solutions and then sit and wait and paste into every question that goes up. You have no life miguel samuel, and you got a little something on your chin.