Hi there, this is my first post. I have run out of ideas with this. My bro downloaded something on my pc that messed the system up, got me disabled from facebook and unable to check my emails with yahoo.
Upon downloading an upto date version of clamwin, 3 swizzor/ swizzor.gen trojans were found however there were just two files in quarantine.
I however thought my computer would be back to normal but it wasn't. Still slow. Still no Yahoo when I log my details in.
So I ran the scan again and it said 1 infected file. I also noted that it said not copied. When I checked the quarantine folder there was nothing in there.
Please help me. I am pulling my hair out with this. How can I remove this from my computer?


----------- SCAN SUMMARY -----------
Known viruses: 606493
Engine version: 0.95.2
Scanned directories: 22654
Scanned files: 116880
Infected files: 3
Not copied: 1
Data scanned: 28332.64 MB
Data read: 89940.83 MB (ratio 0.32:1)
Time: 11198.383 sec (186 m 38 s)

Scan Started Sun Aug 02 20:24:40 2009
-------------------------------------------------------------------------------

----------- SCAN SUMMARY -----------
Known viruses: 606699
Engine version: 0.95.2
Scanned directories: 26257
Scanned files: 126693
Infected files: 1
Not copied: 1
Data scanned: 29202.38 MB
Data read: 77917.93 MB (ratio 0.37:1)
Time: 8224.010 sec (137 m 4 s)

There was a false positive detection for a generic Swizzor a day or so ago. Anyway, if you have ClamWin set to Quarantine, it should do so. Check to make sure that your file options are set to show extensions.

Download Dr. Web's free Cureit cleaner from https://www.freedrweb.com/cureit/ on the web. You don't have to install it, jut save it to desktop and then run. If it works for you, keep it around, but you need to update it every few days, and it doesn't scan real-time. That should take care of it. If it doesn't, then download and install the free version of Malwarebytes' Antimalware from https://www.malwarebytes.org/index.php on the web. Click the free block on the left of the page. If it works for you, keep it around. It doesn't scan real-time, and you have to upload it manually every day.

If they don't find anything, it may be a false positive.

Regards,

Hey, me again. Thanks for the advise. You are wonderful, thanks for getting back so fast.
Now, I ran Malwarebyte which found 11 registry threats but no virus. Housecall.trend micro found 1 virus: Tspy. I ran clam win again and it is still saying that there is the swizzor.gen found that is not copied to quarantine in: C:\Windows\System32\DriverStore\FileRepository\ca810av.inf_7fe112da\Dext810a.ax: Trojan.Swizzor.Gen FOUND

Altogether Clamwin found 3 infected files (but only got rid of 2). Spybot found 7 spyware threats. Ad Aware found 17 threats. Malwarebytes 11 registry threats and Trend Micro online housecall virus scan found one. Weird. However, when i used ccleaner registry cleaner, then rebooted and tried again at clamwin again the virus that wasn't quarantined was still there.

My computer is still running really slow right now.

I took it upon myself to try to take the file and put it in the bin to see how things would run, So I found it. Tried but wouldn't bin. Now in that folder there are two file last modified or created dated 30/7/09 as opposed to 2007 like the others. That date was actually the date that my bro downloaded the program so I am assuming that it isn't a false positive and that the file is actually the source of my problems!! I spoke to Dell about this. The guy I spoke to sounded more like a salesman than a technician. They said that it must be because the file is beginning to take control of my system and within days my computer may not even be able to switch on. Is this true or are that just trying to scare me to take out a service plan?

I don't think I would believe the Dell guy. Most (not all though) viruses now are designed to make someone money. They usually want your computer operating so they can continue to make money from it.

If the darn file will not go away, then it is loaded/operating at the time ClamWin scans it. Try this: do a ClamWin scan in Windows Safe Mode. You probably know how to get into Safe Mode, but I'll repeat it. Just hit F8 when your computer comes on, and continue hitting it every second or so until you see the screen where you are asked what you want to do. Just select regular Safe Mode--no bells/whistles. Safe Mode sometimes makes it hard for certain malware to hide/operate. You can do a full scan if you want (it will probably take longer than usual) or just scan the file/directory where the file is supposed to be.

If ClamWin still can't remove the file, stay in Safe Mode, and do a scan with Malwarebytes. If that doesn't help, then reboot your computer. You might next try a scan with an antirootkit. I use F-Secure's free Blacklight. You don't have to install it--just download it to your desktop and scan in regular mode as usual. If it finds any "bad" hidden files, it will ask to rename them, and then you can delete them. Before you OK that, however, do some Googling on the filename and see if it is really "bad" and not a file that you need (especially Windows files). I like Blacklight because it is pretty conservative and usually doesn't give any false positives, but it is not quite as up-do-date as some of the other antirootkits.

My last suggestion is to get/build one of the bootable rescue CDs and scan with it (download and burn it as an ISO file). They boot up your computer (F12) in Linux, bypassing Windows so nothing can hide from the operating system, and they come with a Linux version of their antivurus. I've used both Dr. Web's and Virus Blok Ada's (VBA) rescue CD. They take some time, but they work, and they can update their signatures (I believe you have to choose to update Dr.Web, but VBA does it automatically during a long black out period). Here is a link to an all-in-one Rescue CD page:
https://blog.brothersoft.com/tag/xp-rescue-disk/ on the web.

Regards,

RWS