I've managed to pick up a rather nasty virus.

It repeatedly closes all programs that are running and has nestled itself in the registry somewhere.
I managed to delete the program I though was responsible (and got hold of a permanent file delete application to zap it) but it's still there.

How could I DL and run that program?
Well that's the wierd bit and kinda gives me some hope; It only affects one of the users on the computer, the rest are fine. So presumably it's in the user files somewhere.
I'd rather not do a full re-instal, but I dont' want to leave it there.

I've ran Adaware and Spybot, but neither found it.

Any ideas?

I've ran Adaware and Spybot, but neither found it.

Any ideas?
adaware and spybot are anti-spyware, not anti-virus, you really need a virus scanner tbh

if you need a free one, the windows live virus scanner is actually surprisingly good. Or you could use the mcaffee stinger (http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx), there are a number of other anti-virus solutions that are free, I've used avg in the past, but now I use the enterprise edition of mcafee from uni so haven't got any recent experience with other software

this might help:
http://en.wikipedia.org/wiki/List_of_antivirus_software

I always use: http://housecall.trendmicro.com/ to scan for viruses @home

McAfee @work.

also, I'd recommend you stop using adaware, since the app has been bought up by a spammer, which means while it kills a lot of spyware, the new owner's spyware/adware is kept running (and might even be added, not sure)


(this could ofc be old news by now)

Easiest solution: install a fresh copy of Windows 7.
It will keep all of your files and throw them in a Windows.old folder as long as you keep your files in sensible locations.
It's good to do this every couple of months anyways. You never know what other kinds of nasty malware could be operating on your system, under the radar. (ie. evil CP botnets XC )
Also, Windows tends to get bogged down with crap running in the background that you really don't need. This is a great way to consolidate the stuff you really need.

take the disk out of computer buy a "USB disk enclosure" and put the disk in that, then attach it to a *different* PC *making sure to disable autoplay and not open any files on it* - then scan the disk without running anything from it, there is no way for the other computer to get infected if you dont actually open any of the files, and you can pick over everything in and get all the bad bits out then put it back in the other computer :)

its better to always keep important stuff on an external disk rather than a computer because of crashes and viruses or if you want to go on holiday etc

Housecall got one, but not the right one.

In the end Malwarebytes got rid of it (and four other trojans).

Housecall got one, but not the right one.

In the end Malwarebytes got rid of it (and four other trojans).
if they were called trojans, you might not be rid of it, seeing as usually trojans are only the vehicle through which viruses or spyware are installed.

Housecall might actually have deleted the actual virus, and then the trojans just reinstalled it, so I would suggest running housecall again.

take the disk out of computer buy a "USB disk enclosure" and put the disk in that, then attach it to a *different* PC *making sure to disable autoplay and not open any files on it* - then scan the disk without running anything from it, there is no way for the other computer to get infected if you dont actually open any of the files, and you can pick over everything in and get all the bad bits out then put it back in the other computer :)

its better to always keep important stuff on an external disk rather than a computer because of crashes and viruses or if you want to go on holiday etc
this is not true, a lot of viruses write their propagation code into the boot sector, and even if you have autorun disabled, the computer reads that bit anyway. If you want to be save, run a livedisk of either windows or linux, and run virusscanners from the live disk. The livedisk OS is very difficult to be corrupted and as such makes it the perfect device for fully purging most virusses.

less pron dj!

this is not true, a lot of viruses write their propagation code into the boot sector, and even if you have autorun disabled, the computer reads that bit anyway. If you want to be save, run a livedisk of either windows or linux, and run virusscanners from the live disk. The livedisk OS is very difficult to be corrupted and as such makes it the perfect device for fully purging most virusses.
what's a livedisk do you mean like running it off a CD without installing it right? i've not heard it called that before though and didn't even know you could do it with windows?

ye, BartPE makes it possible to do it with windows for those who still believe modern linux is hard to use ;) (don't get me wrong, I use windows, not linux, it's just that for things like livedisks modern linux is prolly just as easy to use if not easier)

you need your windows cd though to make it, as it needs to be made with a handy wizard. Linux livedisks can simply be downloaded and either put on a usb drive or a cd/dvd

Avira is pretty good mate; and free.

The Microsoft Malicious Software Removal Tool (http://www.microsoft.com/security/pc-security/malware-removal.aspx) has gotten rid of things for me that no other tool has been able to - highly recommended (even if you think you've already zapped it).

I've also been using the Panda Cloud Antivirus (http://www.cloudantivirus.com/en/) for a while now, and haven't had a single problem.

It's also worth having one of the LiveCD Linux distros on disk in case of emergencies. I dual-boot CrunchBang Linux (http://crunchbanglinux.org/) (which is based on Debian) with Windows 7 and can't tell you how many times it's helped me fix issues with a Windows install.

Used Malwarebytes and got rid of it, or at least stopped it actually doing the thing it was doing.

Now though I see a new program in the startup list. I uncheck it - reboot and though it's still unchecked, there's a new one too.
Managed to find it in the registry through regedit and deleted the entry.

Oh, the MS website seems to be not working for me...

Weird that the MS website isn't working for you - works fine for me. Maybe try googling "Microsoft Malicious Software Removal Tool"? It's unheard of for me to recommend an MS tool, so you know it's worth it :)

As far as the registry goes, most viruses (virii?) put an entry in "Run" or "Run Once" (sometimes both). Usually, all this does is restore the offending .exe when you think you've deleted it. I can't remember the exact path to these entries, but definitely worth a search in your registry editor.

Do you have any filenames associated with the trojan/virus/malware/whatever? You can often google those to find more specific details on removing a particular offender. A lot of security sites post individual tools specifically designed to remove particular problems, so a search might take you to something like that.

I still think he should do what I said... nuking it is the only way to be sure :D

Used Malwarebytes and got rid of it, or at least stopped it actually doing the thing it was doing.

Now though I see a new program in the startup list. I uncheck it - reboot and though it's still unchecked, there's a new one too.
Managed to find it in the registry through regedit and deleted the entry.

Oh, the MS website seems to be not working for me...
Sounds fishy. I recommend doing what I already recommended doing.