Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Silver Lounger
    Join Date
    Dec 2000
    Location
    Northampton, Northamptonshire, England
    Posts
    1,951
    Thanks
    2
    Thanked 1 Time in 1 Post

    Wintrim Virus (Window XP Pro)

    Hi

    Can any one tell me how to remove this I have tried every suggestion I could find on the internet to no avail

    Thanks

    Braddy
    If you are a fool at forty, you will always be a fool

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Wintrim Virus (Window XP Pro)

    Braddy,
    Have you tried to search and delete that line from the reg?
    AND apparently it runs from:
    Runs at boot via HKLMSoftwareMicrosoftWindowsCurrentVersionRun or HKCUSoftwareMicrosoftWindowsCurrentVersionRun
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Wintrim Virus (Window XP Pro)

    It is a copy that was embedded in a "Restore Point", You will most likely need to off System restore and then delete the points and then restart system restore. This will remove ALL points.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Wintrim Virus (Window XP Pro)

    1. Click Start | Run..., type regedit and press Enter.

    Navigate to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVe rsionRun, and delete all items from the right-hand pane that mention Wintrim.
    Do the same for HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV ersionRun.

    2. Delete the folder C:WindowsWintrim.

    That should be it - this does not seem to be a very dangerous Trojan.

  5. #5
    Silver Lounger
    Join Date
    Dec 2000
    Location
    Northampton, Northamptonshire, England
    Posts
    1,951
    Thanks
    2
    Thanked 1 Time in 1 Post

    Re: Wintrim Virus (Window XP Pro)

    Hi Viking

    I wil have a look at that, One other option I sourced from the internet was to to turn off System Restore and reboot, But my System Restore has been disabled by goup policy, I have trawled round in there trying to disable it till I am blue in the face with no luck.

    Don't know if anyone can help with this one, Oh yeah I enabled it in services, but it still disablend in my computer.

    Braddy
    If you are a fool at forty, you will always be a fool

  6. #6
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Wintrim Virus (Window XP Pro)

    Another thought.
    If that is the only location that your AV prog found the worm, that is your System Restore folder for the C: drive.

    If you right click My Computer>click properties>system restore. CHECK " turn off system restore for all drives" Ok out and reboot.
    That should either eliminate the System Information folder on reboot OR you can then go in Windows Explorer and manually delete it.
    The go back in the above location and enable System Restore again.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  7. #7
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Wintrim Virus (Window XP Pro)

    Braddy,
    --------------------------------
    my System Restore has been disabled by group policy
    -------------------------------

    If SR has been disabled in group policy, then you SHOULD be able to just delete it in Windows Explorer. IF no go, then try to boot into safe mode and delete from there.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  8. #8
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Wintrim Virus (Window XP Pro)

    I'm partial to Hans' solution on this since you don't have access to System Restore. However, you might find the information on this page useful. If not there is more information and removal techniques here and, to a leeser degree,here. HTH.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Wintrim Virus (Window XP Pro)

    This is really similar to this thread: AVG IN XP (2001 SP1). I wonder what's causing this? Could it be the default behavior of some spyware removal tools to create a system restore point, thereby backing up bad files??

  10. #10
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Wintrim Virus (Window XP Pro)

    Doc,
    But the info from his virus checker indicated the virus was in the System Information folder. ( system restore ) He has to get rid of the SR files or if he does a system restore, it will re-enable the virus.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  11. #11
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Wintrim Virus (Window XP Pro)

    Bob,

    I see your point and would agree, but am pretty sure that the registry edit would also include the System Information file. I suppose I should have added <img src=/S/blush.gif border=0 alt=blush width=15 height=15> that I believe that a search of the registry for Wintrim and perhaps a few of the associated virus names and aliases it might be lurking under should turn up any traces that need to be edited out. This one seems to have a few variants and may prove difficult to remove any other way.

    But then, I've mislead myself down some stranger thought paths in my time. <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15> <img src=/S/grin.gif border=0 alt=grin width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  12. #12
    Silver Lounger
    Join Date
    Dec 2000
    Location
    Northampton, Northamptonshire, England
    Posts
    1,951
    Thanks
    2
    Thanked 1 Time in 1 Post

    Re: Wintrim Virus (Window XP Pro)

    Hi Ha ns

    I found all mention of Wintrim in the registry as you suggested and everything seems fine now.

    Just a point of information I also found mention of it in the registry under Google Nav client Hist..

    I would still appreciate knowing how I can enable System Restore to My Computer Properties.

    Many Thanks to all who replied to this request,

    Braddy
    If you are a fool at forty, you will always be a fool

  13. #13
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Wintrim Virus (Window XP Pro)

    Braddy,

    Information about changing your Group Policy settings can be found here , here and here. If you want the MS spin on it, in great detail, take a look here. HTH
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  14. #14
    Silver Lounger
    Join Date
    Dec 2000
    Location
    Northampton, Northamptonshire, England
    Posts
    1,951
    Thanks
    2
    Thanked 1 Time in 1 Post

    Re: Wintrim Virus (Window XP Pro)

    Hi Doc

    Thanks for your reply I have been through the Group Policy Editor, but I still can't find anything relating to system restore, Is it reffered to as something else in there?

    Braddy
    If you are a fool at forty, you will always be a fool

  15. #15
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Wintrim Virus (Window XP Pro)

    Unfortunately, I don't have a good answer for that. I am the only user on my machine and have never used the Group Policy Editor. I'll be getting into it soon to set the permissions on a system I just set up for my wife and kids (to keep them off my machine !!), but that doesn't help you now. I'm sure Hans or Bob know something more about this than I do. How 'bout it guys ???
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •