So my younger brother, who knows nothing about computers, managed to pick up a virus. Its not the first time. I've repeatedly lectured him on it, but he still has no common sense when it comes to the internet.

Well, he got a virus, and AVG Free didn't remove it. It normally removes them, but it said this one is unhealed. He's currenly got his virus scan results open... Its some sort of Trojan that seems to have hidden itself in his Audio files, judging from the file name. AVG was unable to safely remove it, it seems. So now he's options are to either tell AVG to forcefully remove it, or just ignore it.

Again, he's terrible with computers, so trying to find a new anti-virus program would be a crusade I'd rather not embark upon. And I personally like AVG. At any rate, he wanted me to come on here and ask if he should forcefully remove it or not. AVG warned that if he forced the removal, it may cause system instability or other problems. But, I'm not sure if it would cause that much damage since its just a Trojan, and it seems to be in his Audio stuff, not anything majorly important.

So, should he just force AVG to delete it? Or would that cause serious trouble or damage? :smallconfused:


I hate being the family tech guy. I'm not even good with computers, but since I'm the guy who does the most stuff on the internet, I'm obviously a member of Geek Squad. :smallsigh:

Well, what's the actual name of the file in question? You say it's an audio file, but some confirmation of that would be nice! The answer to the question "is it safe to force delete?" will always depend what file you're talking about--it won't end well if you do a force delete on win32k.sys, for example :smallsmile:.

What's the file extension?

Odds are that forcing the removal is the best option.

Location: C:\ProgramFiles\Audio\Drivers\RtkUpd.exe

Name: Trojan Horse Agent2.BBNN

Object Type: File

SDK Type: Core


That's all the info it really gave. :smallconfused:

That's the driver installer package for your RealTek audio stuff. Your drivers should already be installed. Delete it. If you need to find the drivers again later, you can find them from their website.

So its safe to forcefully remove? :smallconfused:

I gotta be sure, because he's going to interogate me. He's already been asking tons of questions and flipping out. Even after I explain how stuff works to him, as far as I know myself, he flips out and doesn't remember or listen to a thing I just said. Its like trying to explain stuff to a brick wall, but the brick wall makes insane demands and you just want to go to sleep since its 2 AM. :smallsigh:

Yes, it is okay to forcefully remove this file.

Alrighty. He read your posts and was still like "wut?" about it. XD

Forced removal was a success. AVG shows it has been removed and healed. Problem solved. :smallsmile:

Thanks, Zeb. :smallbiggrin:


Should I ask the mods to close this thread, or just leave it open in case something else comes up or his computer randomly explodes?

I'm sure it'll die on its own. Someone else may have some input, or a question pertaining to the problem/resolution. Don't worry about it. :smallcool:

My wife and I use Avira. It's free, and it keeps our comps clean. Even found a few keylogger programs my wife had that two other subscription antiviruses missed. Can't remember which ones. Download it on there and set it up to do a full scan daily. It'll keep him clean...

If he's got one, chances are he has more. Download, update and run Spybot Search and Destroy. It's free and powerful. Normally, I also suggest "Hijack This!", but if you don't know what you're doing with that you can damage your OS.

I second the Spybot suggestion. I've yet to contract a virus that it hasn't been able to take care of (touch wood).

At the recommendation of someone else on the playground, I picked up the trial version of Avast, and I must say, I'm impressed. Its pretty easy to navigate and use, much more than the Norton Pro I used to use, and certainly more potent than the AVG free I've used since. I'm so impressed I'm thinking about buying it when my free month is over.

Also, teach your bro how to get in the habit of backing up his data/music/videos/etc. Get him an external HD for xmas or something. That way, if he REALLY screws something up, freedom is a simple boot-from-disk wipe away. Takes about a half a day to wipe and reinstall everything, but it sure beats several days of troubleshooting or paying someone like geek squad to run basically run AV on your comp. In fact, its not a bad practice to get in the habit of reloading your OS about once a year. This cleans out a lot of the random crap that builds up over time that you normally don't do anything with. Its like cleaning out your garage and realizing that you should throw half of that crap away.

Random thought off topic here. OP, by the heading of your post, I thought your brother had come down with some strange disease or bug. You may now continue your regularly scheduled thread about computers, thank you.

At the recommendation of someone else on the playground, I picked up the trial version of Avast, and I must say, I'm impressed. Its pretty easy to navigate and use, much more than the Norton Pro I used to use, and certainly more potent than the AVG free I've used since. I'm so impressed I'm thinking about buying it when my free month is over.

Yeah, Avast is wonderful. I've been using the free version for well over five years, and it's certainly proven more than competent, only failing to intercept one single virus a few months ago in all this time (Avast could detect it, but proved unable to force delete it). I'm in the habit of installing it into every computer I get asked to fix (which, as you can imagine from my being the only mildly computer literate in my family, are a lot), and the reaction has been overwhelmingly positive.

So yeah, add another "Yay!" for Avast Free.

could I possibly get a Link to Spybot search and destroy or Avast? I tried downloading Spybot on our last computer but I think I got a fake virus version instead.

could I possibly get a Link to Spybot search and destroy or Avast? I tried downloading Spybot on our last computer but I think I got a fake virus version instead.

Spybot is pretty good, but my recommendation goes to Malwarebytes. Or even better, use both.

http://www.malwarebytes.org/mbam.php
http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html
http://www.avast.com/free-antivirus-download

Spybot is pretty good, but my recommendation goes to Malwarebytes. Or even better, use both.

http://www.malwarebytes.org/mbam.php
http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html
http://www.avast.com/free-antivirus-download

I support his plan wholeheartedly. I've found that this works phenomanally.

At the recommendation of someone else on the playground, I picked up the trial version of Avast, and I must say, I'm impressed. Its pretty easy to navigate and use, much more than the Norton Pro I used to use, and certainly more potent than the AVG free I've used since. I'm so impressed I'm thinking about buying it when my free month is over.

It's free for as long as you want it -- you just have to give them your e-mail address and keep it up to date once your month is up.

Avira is about as good as Avast, but has an annoying nag screen.

I have some weird kinda adware on my computer at the moment. I keep hearing ads for Bonjela.

If you can locate the process (hit Ctr + Alt + Delete, click on processes, and google search EVERY process thats running, alternatively go into msconfig and check the start-up tab for processes you don't recognize), you can go into regedit and Ctr + F then delete the registry keys that keep the ad from popping up. Make sure you back up your crap before you go monkeying around with the registry, because if you accidentally delete something you shouldn't, you might bork windows. Still, that IS a pretty surefire way to get it to stop.

And of course, if all else fails, reformat. Viruses and malware can't survive the clensing power that is a complete reformat/reinstall. Its like an EMP for everything, except you can recover from it, the bad things can't.

If you can locate the process (hit Ctr + Alt + Delete, click on processes, and google search EVERY process thats running, alternatively go into msconfig and check the start-up tab for processes you don't recognize), you can go into regedit and Ctr + F then delete the registry keys that keep the ad from popping up. Make sure you back up your crap before you go monkeying around with the registry, because if you accidentally delete something you shouldn't, you might bork windows. Still, that IS a pretty surefire way to get it to stop.

And of course, if all else fails, reformat. Viruses and malware can't survive the clensing power that is a complete reformat/reinstall. Its like an EMP for everything, except you can recover from it, the bad things can't.

Thanks.

:smallbiggrin:

And of course, if all else fails, reformat. Viruses and malware can't survive the clensing power that is a complete reformat/reinstall. Its like an EMP for everything, except you can recover from it, the bad things can't.

There are viruses that infect the BIOS somehow, and will survive a hard drive wipe.

There are viruses that infect the BIOS somehow, and will survive a hard drive wipe.

I haven't heard of that one, but the BIOS can be flashed. Although that's probably better done by a professional.

From what I've read, some can be so tenacious that you have to physically replace the BIOS chip.

It's scary, and I don't know why people would do such a thing.

From what I've read, some can be so tenacious that you have to physically replace the BIOS chip.

It's scary, and I don't know why people would do such a thing.

I'm not convinced that's possible -- whatever the virus did to get in there can also be used to dispose of it.

I haven't heard of that one, but the BIOS can be flashed. Although that's probably better done by a professional.

Eh. It's not too hard any more. It used to be a pain way back when, but most newer BIOS flashes are just an .EXE that loads into RAM or something, shuts down Windows, does it's thing then reboots the computer. Pretty cool if you ask me.

Eh. It's not too hard any more. It used to be a pain way back when, but most newer BIOS flashes are just an .EXE that loads into RAM or something, shuts down Windows, does it's thing then reboots the computer. Pretty cool if you ask me.

I've seen those, yes. I assume the main trick is just to not wipe the whole thing at once.

I`ve got this weird thing going on in my computer. Everything runs fine, but I get random slowdowns sometimes. While this is normal, the scary part is:

When I go into the prosseses tab in task manager, a strange prossess apears for about 1/4th of a second, then goes away. It comes back every 1-3 seconds.

So far, I haven`t been able to even READ the name of it, so googling is imposible. I`ve done virus scans with Cogeco Security (Came free with Internet/Cable, Mom loves it for some reason and WILL NOT replace it) but nothing has come up.

Also, another bug I have (May or may not be related) is when I turn my computer off, the Shutting down prossess is ALWAYS interupted buy "Program could not close....blah blah" The program is either (One of the two, changes all the time) Ghand.exe or lsass.exe. A simple click of End Now continues shutting down, but it`s quite odd.

Anybody have any Idea on how to fix these?

Try googling those two terms. It looks like they're both viruses, however.

My mom's laptop used to have the same problem with shutting down (with different programs though) and it turned out to just be one of the drivers needing updating when we googled it.

Oh geez! I thought you meant a terminal illness!

Have you tried using a backup memory to place every file except that one, resetting the entire computer, and restoring from the backup?

I`ve got this weird thing going on in my computer. Everything runs fine, but I get random slowdowns sometimes. While this is normal, the scary part is:

When I go into the prosseses tab in task manager, a strange prossess apears for about 1/4th of a second, then goes away. It comes back every 1-3 seconds.

So far, I haven`t been able to even READ the name of it, so googling is imposible. I`ve done virus scans with Cogeco Security (Came free with Internet/Cable, Mom loves it for some reason and WILL NOT replace it) but nothing has come up.

Also, another bug I have (May or may not be related) is when I turn my computer off, the Shutting down prossess is ALWAYS interupted buy "Program could not close....blah blah" The program is either (One of the two, changes all the time) Ghand.exe or lsass.exe. A simple click of End Now continues shutting down, but it`s quite odd.

Anybody have any Idea on how to fix these?Try running a spyware program like Spybot Search and Destroy or Malwarebytes. They're both free and highly recommended.

lsass.exe is the name of the file that's responsible for login verification (Local Security Authentication Server Service is what it stands for) however some crafty malcontents have named their malicious files the same thing, but put it in a folder other than your system folder. That way it looks normal on your Processes tab, but it's not the right one that's running.

I can't find any good info on ghand.exe and I've never heard of it.

I suspect you've got something yucky going on with your computer, though.

1.) Download the spyware program of your choice and install it and update it.
2.) Turn off your System Restore feature. These things often reinstall themselves from there.
3.) Boot your computer into safe mode and run the spyware you installed. Follow the instructions given.

This will handle most uninvited programs.

Random shut downs mean overheating 9/10 times.

have you tried switching him off then on again? :smalltongue:

Dr Web's Cure It.
Google it. It's the best one shot free virus scan out there, for use when everything else is going to hell.

Google offers nothing on GHAND.exe. One of the results is this very topic.

My dad works in computer security, so I might ask him about it, but if Google's got nothing I doubt he'll have anything either.

The thing is, I`ve already done some spyware scans, (With search/destroy) and nothing came up! I`m just going to hope that lsass is acting up, which causes GHAND to act up as well, whatever it is.

Though that 1/4th second process realy scares me......any way to identify it?

Use a screen recording program and view it frame-by-frame, then post back here.

Spybot is pretty good, but my recommendation goes to Malwarebytes. Or even better, use both.

A friend recommended Malwarebyte to me and so far it seems to do a good job. :smallsmile:

The thing is, I`ve already done some spyware scans, (With search/destroy) and nothing came up! I`m just going to hope that lsass is acting up, which causes GHAND to act up as well, whatever it is.

Download a second program and use it to also scan. I'll also recommend malwarebytes. And another one is Spysweeper from a company named Webroot. They have a free version of their paid product on their site that you can download and try.

I've seen plenty of instances where something sneaks past one program but is detected by another.

Also, make sure your anti-virus is completely up to date. Go into it and force it to check for program and data updates. Once you know that's up to date, run a complete scan of your system. Many programs don't do a complete scan by default, they just check the most likely culprits. It'll take longer, but (in my opinion) it's a good task to do once a month or so.


Though that 1/4th second process realy scares me......any way to identify it?

Roger's suggestion of screen recording is your best bet...