Hello I have a virus in my Pc there are a message will appear in top of each tool bar for every windows in O.S. this message is *BLUE STAR* and I am us Symantec antivirus. Any suggestion to How can erase this virus thnx
It's true. You can't trust the system any long after it's been infected with malware. The fastest way back to happy status is rebuilding the box from original media. Backup data first of course (external usb hard drive is handy for such), but you'll want to rebuild from original media, bring the system up to date with windows update as many times as it needs from behind a hardware firewall device of some sort, add back a good antivirus product like eset nod32, update it to the latest, attach the external disk with your (likely dirty data), scan it and then copy it over into a directory that you look upon VERY suspiciously.
If he ran as a non-admin user, then flattening and rebuilding the user account together will all the programs and data he had access to would be sufficient. The problem hereby is that he ran Symantec software, so most likely the system already exploited one of its privileged services directly, and even if not it could still trivially escalate privileges.
I think your system is been hitted by malware.. and while scanning with symantec you must got the idea where the malware residing in the pc. Rebuilding is a big task if you have lots of application running on your BOX
I suggest you clean the system with latest antimalware, you can try below i used it once its okay
Next you need to clean the registry through regedit.. search the *bluestar in registry editor and delete all the entries.
Symantec is installed on the computer, is running, but still the computer got infected. Symantec has no clue, does it?
Of course. Unless you have good backups.
Why do you think the computer is clean afterwards? Some people posted about this virus that it plays nice games with antivirus software, popping back right after its files have been removed. Symantec did not catch it.
Why do you think this virus uses "blue star" as text in the registry? Why do you think the virus uses "bluestar" as filename? Why do you think cleaning the registry would help at all?
Syamntec in antivirus not a anti malware/spyware. Yes it happened with Symantec it dectects a threat but cannt clean or qurantine it but keep poping threat alert.
If data is infected thr is no use of backups at all . so leave this issue.
Symantec is not good as i stated above also.. Now if u now windows OS then you should know if windows is not genuine then bluestar servie wil pops up again and again stating to install genuine windows.
May be or may not be but whats bad in giving it a shot.
Cleaning the registry is needed. Every service which start at startup add itself automatically to regedit\\localmachinepolicy\\ So if u clean the machine it wont help u need to clean the startup registry as well
What is the difference between antivirus and antispyware?
Symantec advertises with
"# Detects and removes spyware and viruses # Blocks spyware and worms automatically"
for their antivirus product.
If you have a backup you can restore a clean system and compare your backed up data with the current one. This will show what has been modified.
Why do you think running some anti-something software will clean the computer from all malware?
The other security suites are not any better.
I know. How is that related to this virus?
Because it is futile. Either you check the whole registry looking for all suspicious changes (which is basically impossible) or you restore a clean backup. They won't call it "bluestar" neither in the registry nor the filesystem to make it easy for you to remove it.
If you have an infected computer you don't want to try a few things here and there "giving it a shot". Don't play around with infected machines. Reinstall the computer.
Any malware which is running quickly puts back the registry keys which you remove manually.
To clean the registry you must know very well what information is contained there, how it is related, and how to clean it without breaking the system. There are many registry cleaners out there which try to clean your registry to make the system perform better. Still frequently users run into issues afterwards that some software does not work at all or crashes. If they don't get it right I doubt the average user will be able to clean all remnants of some malware from the registry. Simply searching for "bluestar" in the registry won't get rid of it...
ridha, see SG's original response: "Flattening and rebuilding is the only viable option at all." The proposed action is supported:
"The only way to clean a compromised system is to flatten and rebuild."
You may wish to consult an expert (computer shop) who can help you re-building your OS.
Alternatively you could: Download David H. Lipman's MULTI_AV.EXE from the URL:
The web site is in German but the MULTI_AV scanning tool is in English. Anyway, go down to near of the bottom of the page and you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see: Download von www pctipp.ch and the link to download:
Once you've clicked this link, it will bring to:
You will have to wait for a few seconds or so and the 'Download file' window should appear - just follow the prompts to download Multi_AV.exe
If however the 'Download file' window does not appear don't panic, don't click, don't do anything, just look for:
Der Download started in wenigen Sekunden automatisch. Fall nicht, klicken Sie bitte -hier-.
Translated to English: The download process is going to start in a few seconds. If not, click -here-.
This should be pretty self-explanatory.
the links displayed within this site as they are not valid anymore and have not yet been updated to current status.
Still no luck? Go to:
Again, flattening and rebuilding the OS is the *preferred* option!