Virus problems. How can I remove them? *EDITED*

[Misuzu]

Thank you all for your help!  

@Pondus:
So leaving the viruses in the chest forever will do? That's a nice tool that Avast has.  

@Llanziel:
I'm virus-stupid/retarded/clueless... You name it. Haha. So, how do I put Windows Defender in Advanced mode? (I'll go check now to see if I can find it myself...)

If I find out that I still have the virus "TrojanDownloader:Win32/Renos. JM" (Somehow.. Not really sure how I can figure out if I still have the virus or not...) I'll be sure to try out what you did (Once I figure out how to put Windows Defender in Advanced mode )

Anyway, how can I be sure (Or at least pretty sure) that my family's computer no longer has these viruses? Or is it likely that I don't have them anymore?
Sorry for all the questions. But thank you all so much for your help!

EDIT: I couldn't find "msa.exe" in the Task Manager's processes. Does that mean I got rid of it? Or not?
(Also my posts are working normally now... )
Thanks again.

[llariel]

1) join WD (windows defender) with an advance membership (open WD/tools/microsoft spynet/choose advance membership)

To know if your computer frees this one of viruses, you must have at least a program antivirus and antispyware updated (example: avast! free/pro) and realize one scanned I complete of the system.

Also we can know if it is infected observing the behavior of the computer, programs, Internet, browsers, etc.

If you observe rare programs or things that you do not find installed by if same, we can infer that something walks badly. examples of Trojans are: Svchost.exe, svchost32.exe, schost.exe, a.exe, b.exe and a lot of more options. and we all can observe the these ones in Task Manager, be already in the field of processes or services. Also we can infer that it is infected across messages of error. (related to program, memory, boot, etc.) and also when it is slower of the normal thing or you cannot access to security web pages in Internet.

[Tarq57]

It looks like the computer is clean, to me, as far as it's possible to tell.
What I'd do now is have a look at, maybe bookmark This tutorial on securing a home wireless network.Microsoft have an article also. There are plenty around.

Go to www.secunia.org and at least perform an online scan for software vulnerabilities.(OSI). This will help ensure that you know what needs patching. Chances are that there are some apps that are out of date on the family computer, and maybe yours, too.
Personally I downloaded/installed the PSI from secunia. Set/forget it, and from time to time, react to a vulnerability report. (Like an out of date flash player, or old Java version present.)

Have a general look at the prevention tutorials I linked in reply #6. And consider the suggestions at the top of that reply, regarding setting passwords. It's a good idea for users to have their own limited user accounts, and just leave the admin account for installing software/updates etc, but that can get complicated, and be a bit of a PITA for ordinary users. It's probably more appropriate for just the young "click-happy" users to have to have their own accounts (limited user) and that way infections are limited in what they can do, and easier to clean up. (The infection can not progress beyond the users' profile to the heart of the operating system, normally.) See "user accounts" in the control panel.

Just remember, you can do anything you want on your own computer, but remember to seek approval for any changes made to the home computer, which might mean having read and understood the articles well enough that you can basically explain the reasons for doing so to a layman. That's actually not too hard. It's all pretty commonsense stuff, really, just when you buy a computer, the vendor doesn't tell about how to maintain or secure it beyond the basics. (If you're lucky.)

[Tarq57]

Regarding the infected file in the chest: They can stay there. After a time (a few days, maybe a couple of weeks) re-scan them from within the chest. If they are still infected they can be deleted from the chest. But there is no hurry nor need to do this. As Pondus said, they're safe there.

MBAM has a similar quarantine function. It also is a secure area. Most security programs have a similaraly protected quarantine. Only user action can release the captives.

The term "virus" is used by most people to describe any infection that occurs. A more correct generic term is "Malware" (malicious software). It includes virus, spyware, adware, trojans, worms, etc. Each category of malware has it's own way of infecting and behaving, and the cleanup protocol can be different for each. What you have had is a trojan. These programs typically install in response to a vulnerability on the computer, or user action (downloading a codec to play a movie, for example, some of these are fake.), and immediately after they install (milliseconds) download a cargo of other malicious content. The content might be  used to try and scare the user into buying a rogue antivirus program, or to give the author access to the computer, or they may try and remain silent, symptom-free, and scan the computer documents for passwords, credit card info etc, to send to the criminal gang that created it. It's big business. Billion dollar business.

[Misuzu]

Mind if I ask one final question on here?:

If I used a flashdrive/memory stick (Their the same thing... Aren't they?) to try to backup data on my computer when it had malware on it, but I didn't put anything on the flashdrive... Could it have the malware I recently had, on it? And that would apply to DVD's and CD's... Too? I'm just curious.
Thanks!

[Tarq57]

I don't really know for sure, but it is possible with some types of malware that a hidden autorun entry is created on media connected to the computer - some malwares spread themselves this way - it's probably unlikely but it would pay to scan any removable media that was used on the computer at the time.
A good tool to prevent infections spreading to/from flash drives (yes, same as memory stick/usb drive) is AutorunEater by Old Macdonald.
I don't use flash drives that often, but I have it installed anyway. Lots of infections spread via flash drives. The well-publicised Conficker worm largely used this method.

[Misuzu]

I don't really know for sure, but it is possible with some types of malware that a hidden autorun entry is created on media connected to the computer - some malwares spread themselves this way - it's probably unlikely but it would pay to scan any removable media that was used on the computer at the time.
A good tool to prevent infections spreading to/from flash drives (yes, same as memory stick/usb drive) is AutorunEater by Old Macdonald.
I don't use flash drives that often, but I have it installed anyway. Lots of infections spread via flash drives. The well-publicised Conficker worm largely used this method.

I scan the removable media with the Flashdrive/Memory Stick plugged into the computer? Right?
If the flashdrive has malware on it, and I put it onto my computer, I should get the malware? Or not?
Sorry for all the questions and thanks for your reply! 

[Tarq57]

I scan the removable media with the Flashdrive/Memory Stick plugged into the computer? Right?
If the flashdrive has malware on it, and I put it onto my computer, I should get the malware? Or not?
Sorry for all the questions and thanks for your reply! 

Correct.
If your resident protection is capable of detecting it, it (in theory) should also be able to stop it from running when the drive is plugged in. If not, then the malware can transfer. (But not necessarily.)

To play it safe, disable autoruns in your removable media, so that when you plug it in, it won't automatically start.
Autoruns can be re-enabled once you've scanned it (with Avast and MBAM, for example) and it comes up clean.
If you have Autorun Eater installed on the computer that is an additional layer of security if you can't be faffed remembering to disable autoruns all the time.

[Misuzu]

I scan the removable media with the Flashdrive/Memory Stick plugged into the computer? Right?
If the flashdrive has malware on it, and I put it onto my computer, I should get the malware? Or not?
Sorry for all the questions and thanks for your reply! 

Correct.
If your resident protection is capable of detecting it, it (in theory) should also be able to stop it from running when the drive is plugged in. If not, then the malware can transfer. (But not necessarily.)

To play it safe, disable autoruns in your removable media, so that when you plug it in, it won't automatically start.
Autoruns can be re-enabled once you've scanned it (with Avast and MBAM, for example) and it comes up clean.
If you have Autorun Eater installed on the computer that is an additional layer of security if you can't be faffed remembering to disable autoruns all the time.

So basically, if the flashdrive has malware on it and MBAM or Avast detect the malware, they can stop it right there from getting on my computer?

And how do I disable autoruns in my removable media?
Thanks!

[Tarq57]

And how do I disable autoruns in my removable media?

From the windows help and support centre:

To change how your computer handles multimedia content
Open My Computer.
Under Devices with Removable Storage, right-click the device you want, such as a digital camera or CD-ROM drive, and then click Properties.
On the AutoPlay tab, click the multimedia content type you want to change.
Under Actions, click the action you want Windows to perform when it detects the media type you selected.

I would suggest using the "take no action" button. You can always change it later.
For a USB device, you might have to have a flash drive actually plugged in before that drive can be viewed in My Computer. Use a known clean one.

[Misuzu]

Ok, I'm going to do that pretty soon. But one question: Since I didn't really put any files on the memory stick (I only put it in my computer, but then took it out) would Avast or MBAM be able to scan it?

Sorry, I know I could go find this out myself, so you don't have to answer this. I was just curious.
Thanks!

And happy holidays! (For those who celebrate them) 

[DavidR]

The file structure would be there even if no files were in the location, so it could scan, albeit the results wouldn't show much, 0 files scanned, etc.

[Misuzu]

This is a little off-topic, but I'm just curious:

Twice now, whenever I turned on my computer a pop-up would say:

"wisptis.exe - Application Error

The instruction at 0x6f2e242e referenced memory at 0x00000003. The memory could not be read. Click OK to terminate the program."

There is so many numbers in there, I may have some of the numbers wrong.

What does this mean? Is this malware? MBAM could not detect anything and none of my antivirus programs have told me that I have malware. If this isn't malware, does anyone know how to stop my computer from doing this? It's kind of annoying.

Thanks! Sorry for any typo's.

Thanks for the reply DavidR!

[Tarq57]

This is caused by a reg entry (and/or a startup entry) that is asking the computer to run this program.
It can't. Either because it has been removed or become corrupted.
Here are some links to give you an idea of what that program (it isn't malware) is, and might give you a clue as to what happened to cause it to not work any longer.
(Reinstalling the program usually fixes such errors, or removing the reg entry pointing to it.)
http://www.neuber.com/taskmanager/process/wisptis.exe.html
http://www.mobileread.com/forums/showthread.php?t=1260
http://www.liutilities.com/products/wintaskspro/processlibrary/wisptis/

[joeycortes]

I need to know simply if the avast home program is enough to remove the trojandownloader:win32/renos.jm. Or is other way to remove it. Windows deffender show me the error but if i press (fix it, remove all) or anything, still running and no resolve at all.
Thanks in advance!
[/quote]