Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
I have MSN Instant Messenger and was tricked into accepting and receiving the Choke.exe virus. I've deleted all the files attached to it and everything, but it still remains resident in my registry key. I ran an online virus scan the other day and found loads of infected places. I can't tell if it's spreading and making it worse, or just staying there doing nothing. The online virus scan wouldn't let me deleted the infected areas so I have no idea what to do now to get it out completely. Can someone PLEASE tell me how to remove it permanently, because if it is doing damage, it's been there for about 5 months. Another thing i can't tell is if damage really is being done, it's starting to get annoying. I'm finding programs like MSN IM and Adobe Acrobat freezing. First, the worlds get bulky then the window smears and eventually it crashes (OR,it just freezes itself or my whole system), but closing some programs usually helps. I'm taking a guess that it's my memory, i only have 128MB of it and I usually have Winamp, Audiogalaxy, Internet Explorer, Webshots, Zone Alarm, MSN IM and a couple more running at once.
 

·
Registered
Joined
·
45,855 Posts
I'm not sure I'd recommend AVG just to deal with the Choke worm, which you have already identified.

Have you edited the registry just to find it returned?

You must eliminate the running program first. Have you followed the instructions in this link?

http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html

Moving to Security/Virus Forum...
 

·
Registered
Joined
·
45,855 Posts
I have a lot of them bookmarked. Too many. It's easier to go to www.google.com and simply enter the virus name and symantec (which consistently has the best details and removal instructions)

for example, the keywords

choke symantec

will take you right to it. Try it for most any common trojan or virus name you can think of.
 

·
Registered
Joined
·
1,199 Posts
Hi Ceal,I see you also have Audiogalaxy.That program is full of spyware,and cause alot of problems.Follow Rollin Rog's advice and remove the choke worm by following the advice from symantec.Once you have done that go here and download a program called Ad-aware5.6.This will remove some of the spyware.

http://www.lavasoftusa.com

You might also want to post what you have running at startup.Go to Start>Run>type in Msinfo32>click on software enviroment>then startup programs>click on edit>copy>and paste your results back here.Having to many programs running will cause your system resourses to run low and cause your system to freeze up.
 

·
Registered
Joined
·
45,855 Posts
The dire warnings are a bit over done, but it is worthwhile to know how to backup a key and restore it. Or restore the entire registry if need be.

In this case before you do the deed of deleting the nasty entries in the registry, you can if you want, save the run key for backup.

Here's how you would do it.

>> from start, run regedit
>> click in order:

+ HKey_Current_User
+ Software
+ Microsoft
+ Windows
+ CurrentVersion
RUN

>> With the RUN folder highlighted Click on Registry>Export
>> Enter the name: runkey in the "save as" field
>> save it to your desktop (click the desktop icon if you dont see desktop in the save in field)

> Now the run key has been saved to your desktop; if you need to restore it (I'm sure you won't), you can double click to merge it. Once you are sure everything is ok, right click on it and delete it to prevent accidentally reimporting the virus items you are going to delete.

>> Look in the right hand pane now for these two items:

C:\Choke.exe
C:\ShootPresidentBUSH.exe

>> Right click on each and select "Delete"

>> close the registry editor.

=============================================
(If you ever need to restore a whole registry, you can press the control key as soon as the computer starts to boot. You will see a Boot Menu displayed. Select the "command prompt" option, and at the c:\> prompt enter: scanreg /restore Using the arrow keys, select a "started" registry which precedes current problem.)
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top