IST activex.dll UGH!

[suze.]

Please help me....my boyfriend's computer is on the fritz. He has a icon on his desktop for this virus thing, but we don't know how to get rid of it. His computer is acting up now...has a hard time logging onto the internet, most of his icons on his desktop do not work, and his window xp restore thing has disappeared. He does 3d animations has now basically given up his computer. He tried to download the Norton anitvirus from cd, but halfway thru it freezes up. He does have adaware, but I don't know if he tried that or knows what to do with it. He's quite stubborn right now and won't really tell me anything about his computer. Any advice would be greatly appreciated!!!!:-[

[whocares]

He's quite stubborn right now and won't really tell me anything about his computer.

Well, that makes it quite difficult to give advice..

try booting the PC in SafeMode (F8-Boot) and running a full scan with avast then: note all virusnames and filenames/locations of infected files exactly,
and let avast repair any infections, or move the files to chest.
 a Boot-time scan could also help..

Also try SPYBOT from http://security.kolla.de
and CWSHREDDER from www.lurkhere.com

update them, and then scan&fix with them in safeMode

***

General advice:

Where exactly was the infected File found  (full pathname and filename) ?

Sometimes it's enough to
- clear all TEMP-folders and
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP
to get rid of it..


test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shield/Monitor/Guard to be able to scan the file online)

(If they all don't show it as infected, please send it in a password-protected zip-file to
virus@free-av.de/virus (at) asw (dot) cz
Include the password and a link to this posting in the mailtext)

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
 

-Secure your system:
   change passwords, secure shares, install patches/updates for WIN&IE;
   disable ActiveX and Scripting in IE except for know secure sites - or better use a secure browser
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean
- reenable system restore on Win ME/XP


if it's of the trojan-gen kind: spybot, ad-aware and cwshredder might also help
if you still can't remove it, you could post a logfile of Hijackthis here

see www.lurkhere.com ->nicefiles and www.lavasoft.de

Further Details and Links via the board search above

[suze.]

Thanks for the info...I forwarded the info to my boyfriend. *keeps fingers crossed*