Dave Taylor answers free tech support questions about a wide variety of business and technical topics, including blogging, iphone help, ipod help, AdSense, MySpace, Sony PSP help, Mp3 players, Windows XP, Windows Vista, Linux, SEO, Mac OS X, Facebook, Twitter and LinkedIn.

What's the story on the nvctrl.exe trojan virus?

Hi dave. our computer is still taken over by nvctrl.exe. Nvctrl.exe shows in processes in "Windows task manager", and when i select nvctrl.exe i can "end process" or "end process tree". i selected end process tree and it said that "ending this process could cause system instability" so i cancelled it. Is it alright to end the process tree??

Dave's Answer:

Let me tell you the bad news first. You've been infected by a virus called trojan.zlob.E or a variant thereof. The good news, however, is that it's a pretty mild trojan and all it wants to do is mess with your Microsoft Internet Explorer preferences so it controls your home page, bookmarks, and so on. Annoying, but there are definitely more destructive viruses out there.

One place I turn for information on viruses, trojans, etc, like trojan.zlob.e is Symantec and its information-packed Security Response Center. It's pretty easy to use: just type in the name of the file that's mysteriously shown up or has been corrupted and it'll promptly return any and all matching viruses, trojans, spyware or similar.

Here's a copy of their search box if you want to try it for yourself:

Search the Symantec Virus and Threat Database:

 

What's really useful about the Symantec information pages about viruses (etc) like your nvctrl.exe trojan is that it details exactly what files are added, specifies what modifications are made to registry files, if any, and details what other changes are made to your machine.

Of course, knowing what a trojan or virus does certainly doesn't mean that you can manually reverse it or undo the damage manually.

Symantec recommends the following removal instructions for this trojan:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.
5. Reset the Internet Explorer home page.
6. Reset the Internet Explorer search page.

But in fact, it's pretty darn tough to get all this right. If you're not already running some strong antivirus software (which would have caught this infection!) you really, really need to get one installed. But before you install one, you need to have a clean uninfected version of the OS. I'm afraid my recommendation to you is to do a good backup of your personal files and reinstall Windows from scratch.

Apply all the system upgrades from Microsoft, then install and update a good antivirus and antispyware application (I recommend Symantec/Norton Antivirus 2006, actually, and Webroot's Spy Sweeper antispyware application, available at lots of stores online and off).

Run the programs to ensure that everything's clean, then folder by folder restore your files and personal data.

Then never install or use any applications - or visit any Web sites - without having both these programs running and protecting you.

Good luck to you!



Help others find this article at Del.icio.us, Digg, Netscape, Reddit, and Stumble Upon    
Categorized: Windows Help   (Article 6033)
Tagged: , , , ,
Previous: I use Technorati Tags, but don't show up on Technorati?
Next: How do I fix the driver for my Samsung YH-820 MP3 Player?

Subscribe!

Never miss another useful Q&A article again! Subscribe to AskDaveTaylor with Google Reader.

Comments

Respected Dave,
I don't know if there is a virus in my pc or not.Everything runs smooth,except any ANTIVIRUS or virus removal tool like REGRUN is trying to install,it is being corrupt.And pc is not starting in Safemode too.
There is something which corrupts only antivirus files.No any suspected files can be seen,either in taskmanager or in msconfig. Everything is running i:e:regedit, hiddenfolder option, taskmanager, Run option.
Dave please help in this challanging operation.

Posted by: kavi at September 25, 2008 2:12 AM


I have a lot to say, but ...
Starbucks coffee cup I have a lot to say, and questions of my own for that matter, but most of all I'd like to say thank you for all your efforts on this Web site by buying you a chai!

I do have a comment, now that you mention it!









Remember personal info?


Please note that I will never send you any unsolicited commercial email. Ever.

While I'm at it, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site.









Uniblue: Free Virus Scan

Search
Find just the answers you seek from among our 1700+ free tech support articles by using our Lijit search engine.


Member of the B5Media Network

Help!
Ask Dave for Help!




Link To Dave!
• Buy Dave a Cuppa •
Media Queries

Subscribe to
Ask Dave Taylor!

Add to Google Reader
Add to My Yahoo!
Subscribe in NewsGator Online

RDF   XML

Free Updates!
Sign up and get free weekly updates and special offers on books, seminars, workshops and more.

Complete Archives

Recent Entries
Join the List!
Join my author info mailing list, where you'll learn about my upcoming books, speaking gigs, and more!


Book Links
CIG Growing Your Business with Google
Creating Cool Web Sites
Wicked Cool Shell Scripts
Learning Unix for Mac OS X Panther
Solaris 9 for Dummies
Teach Yourself Unix System Administration in 24 Hours
Teach Yourself Unix in 24 Hours
Creating Cool HTML 4 Web Pages
Dynamic HTML Weekend Crash Course
training - speaking - writing - business blog - photography - bio - tech support
© 2002 - 2008 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

[whiteboard marker tray]