Avast WEBforum
Other => Viruses and worms => Topic started by: ajr on February 01, 2005, 10:27:45 PM
-
HELP! I've seem to have a virus on my pc. It can't be repaired & I've removed it to chest (as suggested) but the warning message pops back up every now and then!
I've copied the description of the files infected & they are:
C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif
C:\DOCUME~1\STEVE~1.HOM\LOCALS~1\Temp\V2M0FHa03308
I've tried the online clean, but nothing was detected. My Prevx software isn't picking the virus up and an online scan with trend micro didnt pick it up either.
Not sure what else I can do, or if I should be worried!
-
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.
Next time, please post a problem in your own Thread. Not in Informative Thread. Thanks
-
I downloaded Avast newly and it is supposed to be an antivirus program, yet 8 viruses attacked it and I had to get professional help to get the viruses off. All 8 viruses attached themselves to the Avast program. How did that happen? I actually detected the viruses through Norton - funny enough, I bought Avast because I was told that Norton wasn't doing the best job. Can anyone advise me as to how this happened and how I can stop it from happening again? Thank you
-
Can anyone advise me as to how this happened and how I can stop it from happening again? Thank you
Rather difficult, based on the lack of information.
- What OS are you using? is it up to date?
- What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
- What was the virus name, what was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
If you still had Norton on your system and installed avast! many of the component parts of avast would not have been enabled to avoid conflict. Two resident AVs can cause conflict.
There is plenty of professional help available here, the only difference, you won't have to pay for it here. This really should have been your first port of call.
-
All 8 viruses attached themselves to the Avast program.
How did you see this.. ?
Weren't they rather in avast's CHEST or MOVED-folder ?? ???
eermh.. why is this thread sticky ?
-
Would you please help me out, I have winXP home and Avast home edition. I found beagle bg3 in memory which boot up scan, i am unable to remove. it infected the file c:\windows\system32\wiwshost.exe
would anyone any idea to remove it
thanks
sherif
-
Hi,
are you sure you mean a boot-time scan ?
I don't really see how it could be in memory then
try this:
- Disable system RESTORE
- reboot to SafeMode (F8-Boot)
- do a full thorough scan with archive-scanning enabled, move infected files to CHEST
if you dont succeed, please post here a hijackthis-Log for diagnosis
Details/Links for the above can be found via "VirusRemoval"-link below in my sig
;)
P.S.: Also work through the links/descriptions here, and try and find out which variant fits your symptoms:
http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=wiwshost%2Eexe&alt=wiwshost%2Eexe&Sect=SA
-> follow removal instructions on that site then ;)
-
Try to disable it from start-up:
Start->Run->msconfig->StartUp
and remove after reloading the PC
-
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.
Hi! I just downloaded 4.6 reently. Everytime I run Outlook, I get the same e-mail from search.com that the program detects as netsky, get rid of it and it regenerates. I tried the above procedure but it keeps regenerating somewhere else. Yet when I run the cleaner and the full scan, it doesn't pick up anything.
-
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.
Next time, please post a problem in your own Thread. Not in Informative Thread. Thanks
-
What's with all that quoting guys?
-
HELP! I've seem to have a virus on my pc. It can't be repaired & I've removed it to chest (as suggested) but the warning message pops back up every now and then!
I've copied the description of the files infected & they are:
C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif
C:\DOCUME~1\STEVE~1.HOM\LOCALS~1\Temp\V2M0FHa03308
I've tried the online clean, but nothing was detected. My Prevx software isn't picking the virus up and an online scan with trend micro didnt pick it up either.
Not sure what else I can do, or if I should be worried!
-
And your query or comment is Peter?
-
I am not at all sure I understand any of this. Can my Avast eegularly scan my PC every time I go on line?
-
I'm not sure I understand the question as it doesn't seem related to the current topic, but here goes.
avast's Web Shield can scan http traffic on port 80 before it is saved into your browser cache so the web page, images, etc. can be displayed. So if something harmful is detected it can be intercepted.
You can also set the Standard Shield to scan ALL created/modified files.
However, it isn't scanning your PC because you have gone on-line, just the stuff you want to browse.
Welcome to the forums.
-
hi, I'm new at this so please bear with me. I have avast 4.6 and run XP. keep getting a scanner warning about Win32:Adan- 094, http:/195.95.218.100/users/serg/web/filers/images/bndmod.jpg, and Win32:Adan-078, http://195.95.218.100/users/serg/web/files/images/hlmicro.jjpg. , every 5 minutes. I have Spyware Blaster, SpybotSearch, Ad-Aware Search and Microsoft anti spyware and can't get rid of this. Please help
-
Please can you post in a new topic.
Copy this then go back to viruses and worms, hit the new topic button and paste your post there.
Cheers.
-
You can also do a forum search for Win32:Adan as this is a very frequently discussed topic.
These detections are I believe being picked up by the web shield so it shouldn't be on your system. There is obviously something else on your system or your browsing habits take you to some suspect sites. But this as Frank said should be fully discussed in a topic related to this.
-
I erased files from temp directory, but the virus created it's files there again and again.
-
Which temp directory, can you give a full path and file name of the infected file,
example (C:\windows\system32\infected-filename.xxx)?
If it comes back time and again, there is either other elements restoring it or you keep visiting the same sites that infected you previously.
Does it come back to in same location and same filename or just the same wim32:adan malware name?
What is your OS?
What is your Browser?
What is your firewall?
Are they all up to date?
-
I erased files from temp directory, but the virus created it's files there again and again.
Too many newbies here... don't coming back to get support or answer the questions :P
Some recurring infections could be solved with a boot-time scanning:
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.
You need XP or 2k to run it.
Other option is scanning in SafeMode (repeatedly press F8 while booting). Other is disabling System Restore, boot, enable it again.
-
try the (old) cleaner of Steven Gould version Clean Up 3.1.2.0 !!
that's how I got rid of some nasty viruses which kept
reproducing in the TEMP.
Just enter Steven Gould in yr Google bar
Good luck. :)
-
Disable system restore? with mine being in the temp folders, would I also have to do this? I'm confused. In advance, let me say thank you ??? ???
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.
-
There is little point in quoting this in isolation, as it doesn't show why Bob offered the advice to disable system restore. One of his files was in a restore point, part of system restore.
C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif
The only way to deal with this is to disable system restore. His other file being in temp could have been dealt with without doing that, it was the combination of locations that required it.
So in your case you shouldn't need to, unless there are more in the restore points or in the windows systems folders.
-
I'm so Sorry the llama slept through it, got cha- thank you! :-[
-
No problem, thankfully the llama is awake now ;D
Welcome to the forums.
-
Hi.
I've just received this on ICQ:
хай
http://fifi.1gb.ru/my_photos.exe
мои фото в архиве
I think, it's a new worm.
-
Please don't post live links to suspect files, modify your post and break the URL so it isn't clickable.
e.g. http :// fifi.1gb.ru/my_photos.exe
Incidentally DrWeb link checker doesn't detect anything.
What makes you think it is a new worm ?
This should really have been in a new Topic in its own right.
-
Further update avast does detect this as:
28/12/2006 22:25 Sign of "Win32:Agent-AGW [Trj]" has been found in
"http :// fifi.1gb.ru/my_photos.exe" file.
However a VirusTotal check shows it is only detected by a few other AVs strangely not by avast (looks like VirusTotal isn't working with an up to date VPS).
-
Hi.. I'm a new arrival. My programme has today detected viruses and they have been sent to the virus chest. But here's the big question.. where on earth is the chest?? I've read the help notes and found how to use the chest.. but cannot actually locate it?? Any help appreciated
-
Right click the avast icon, select Start avast! Antivirus, Menu (or right click on the skin), Virus Chest
-
Where on earth is the chest??
Follow David's advice or, if you want, just run or make a link to:
C:\Program Files\Alwil Software\Avast4\ashChest.exe
-
I had to have my pc reloaded last week, I have spet quite a lot of time in Hospital recently.
But I can not get the Avast anti virus to be in my Security Shield & is therefore not working it also says that it is disabled, what can be done pleasew? I have to go off line for an hour or so but can you help me please?
Peter Murch
-
Who reloaded your PC and did they install another anti-virus ?
Are you getting any avast errors when the system starts, if so what ?
Is there a red circle with bar over the avast icon ?
What avast processes are running, see image ?
-
I have ad-ware in temp file. i move it to chest as it advisemes but it still pops up once in awhile. like it still in temp files ad-ware name is DOMPilot.dll
what is the best ad-ware spyware remover program?
i found one program XoftSpySE (The latest and most advanced Spyware detection and removal application on the Internet.)
Can i use it together with avast? Maybe it can detect that ad-ware in temp file and will remove it?
I hear also that too many antivirus programs are not good..so what should i do?
-
Personally I wouldn't touch xoftspy they have a very chequered history, whilst they are supposedly no longer adware, etc. there are plenty of other options out there without this history and they are free.
If you haven't already got this software (freeware), download, install, update and run it.
1. Ewido, a.k.a. avg anti-spyware (http://www.ewido.net/en/download/) If using winXP. or a-Squared free (http://www.emsisoft.com/en/software/free/) if using win98/ME.
2. Ad-Aware SE Personal Edition (http://www.download.com/Ad-Aware-SE-Personal-Edition/3003-8022_4-10399602.html)
3. Spybot Search and Destroy (http://www.safer-networking.org/index.php?lang=en&page=download)
4. Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html) Don't install this until you are clean.
-
dompilot.dll still pops up can i delete with diableing system restore or something like that and how shoud i do it?
-
Have you downloaded, run any of the programs at 1, 2 or 3 above ?
What do you mean by "dompilot.dll still pops up can i delete with diableing system restore"
What pops up, the avast alert or something else ?
You only need to disable system restore if the file is in the system folders otherwise windows wil save it as a restore point, if it is in temp folders that shouldn't be required, however since you haven't stated where it is I can't say.
A google search for dompilot.dll returns many hits, this is just one of them, http://forums.spywareinfo.com/index.php?showtopic=96299 (http://forums.spywareinfo.com/index.php?showtopic=96299).
-
If you are reunning Win 2000 or XP you have to temporarly turn off restore. Go to Start/Settings/ Control Panel
on performace tab click File System
On the troubleshooting tab click Disable System Restore
Then Click Ok
Run a full scan of system then reboot.
Then activate restore with procedure above
when asked to restart windows click yes
-
oh! its a system restore file i have a similar virus in the same folder..problem is i dunno where to find the system restore folder
-
avast should be able to deal with it, what option did you choose when avast detected it ?
The C:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only really effective way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
-
O cool that avast can deal with it :)
-
Off-topic... Can guests post now? Or kadzis make login and was banned by the administrators?
-
Well the account isn't live as you can't click on the user name.
-
Well the account isn't live as you can't click on the user name.
Does he born dead?
-
No because there was no guest under the name and there was a post count also '1' only I believe.
-
Slow day DavidR :)
thanks for the diligence cleaning up these open threads
Interesting ghost poster
-
I keep getting this same virus.Ive told Avast to move to chest as reccomeded and tried to delete.Keeps coming back.
C:\DOCUME~1\ed\LOCALS~1\Temp\5LS120dL.exe
Ive read through the pages on this and still unclear how to turn off system restore.
Can someone please explain how to do that?
Running Windows XP service pack 3 Avast 4.8
Thanks
edwardamason@yahoo.com
-
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After disabling you can enable it again. To use System Restoration it's necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.
2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.
3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
4. It will be good if you download, install, update and run SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or SpywareTerminator (http://www.spywareterminator.com).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites
5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).
6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.
7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.
8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.
-
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After disabling you can enable it again. To use System Restoration it's necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.
2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.
3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
4. It will be good if you download, install, update and run SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or SpywareTerminator (http://www.spywareterminator.com).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites
5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).
6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.
7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.
8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.
I got it out.I used a combination of things.
First I found out where you turn off system restore it
start>control panel>system>system restore
Next I used www.Ccleaner.com and cleared out my files
Next I scheduled a boot time at start up
Then I restarted computer to safe mode hitting f8f8f8f8f8f8f8f8f8f8
While in safe mode I ran avast antivirus then I ran Ccleaner again.Found 3 viruses in safe mode that AVAST would not find in regular mode.From now on I am running all my antivirus in safe mode
Rebooted let the scheduled boot time at start up start up and do its things.
No infections.
Thanks guys for the help.
-
I'm a newby so forgive my posting in the wrong place.
According to Casir I have the trojan "Trojan.Win32.small.wv" Aside from a few small quirks I have noticed no major problems. No other scanner finds this so does anyone know what it is and how to remove it? Or is it a hoax to get me to buy Casir?
-
Or is it a hoax to get me to buy Casir?
Maybe it's not that hard on intentions, but just a false positive (a wrong detection).
If you submit the file to www.virustotal.com you can check other programs opinions.
About Casir http://www.download.com/CaSIR/3000-2239_4-10695547.html
-
Hi,
I have a problem with infected files being created in Windows' temporary folders.
avast! keeps warning me that VBS:Obfuscated-gen [trj] was detected in .htm files being created in Temporary Internet Files/Content.IE5/...
I talked with a virus specialist, and he explained me that those files appear because some other computer or computers in my network, willingly or unwillingly deviate the traffic through them, using IP spoofing or something like that, and then modify the packets, so that inffected files can get on the other computers.
The good thing is that avast! can protect me from such files, as it instantly detect them. The bad part is the fact that every time, avast! displays the warning message, asking me what to do (I choose to delete them, of course), but it is sooo annoying.
Isn't there at least a way to configure avast! so that it automatically deletes infected files upon detection, without promting me what to do? 'Cause I couldn't find such an option anywhere in the avast! settings.
Thank you.
-
Isn't there at least a way to configure avast! so that it automatically deletes infected files upon detection, without promting me what to do? 'Cause I couldn't find such an option anywhere in the avast! settings.
No, only in the professional version.
Which dialog are you seeing? From the file scanner (with delete, move to Chest... buttons) or from web scanner (abort connection)?
It would be good to send files to Chest instead of deleting, as you can further manage the files (scan, restore, extract).
The best would be finding the cause of these infections and not only eliminating the infected files... a boot time scanning with avast could help.
-
sorry wrong post..:S can't delete it
-
Only moderators can delete posts, you can only do as you have and modify the content.
-
Mine is doing the same thing with both browsers - Firefox and IExplorer 7.
The browsers will be redirected when using searches. I have cleaned and cleaned but nothing shows up as dirty.
done all the "restore stopping" and other program usages to assure clean.
browsers run fine for two or three searches, then suddenly the searches go to other search sites by redirection.
my log after all cleaning is attached
THANKS!!!!
-
Yes it will deal with it....turn off system restore..(start..right click my computer...properties..system restore.....turn off)
open avast....boot scan....reboot..scan...
If all clean....turn system restore back on...
Boot scan is your best bet for removing viruses that rely on the windows to execute.
-
why does my avast put this in the system file chest?
kernel32.dll Original Location C:/WINDOWS/system32
winsock.dll Original Location C:/WINDOWS/system32
winsock.dll Original Location C:/WINDOWS/system32
wsock32.dll Original Location C:/WINDOWS/system32
I'm wandering because I've got this thing before so I reformatted my pc and
I installed avast quickly but it appeared again in the chest
before there is only one winsock.dll in the list now there are two
right now I'm using my pc and it's working good
and by the way I'm not sure if this is the cause but
right now I'm using pirated copy of Windows xp professional Service Pack 2 Version 2002
-
I really do wish Alwil would get rid of this All Chest Files collation of the three sections:
- The only area you should be interested in is the Infected Files section, this is where the files detected by avast and selected by you to move to the chest are placed.
- The User Files section is where the user can add files they suspect of being malware but not detected by avast.
- The System Files section is where avast keeps back-up copies of important system files in case the original becomes infected (leave them alone).
- The All Chest Files is a collation of the three sections.
-
Thank you very much DavidR you ease my burden a lot
by the way I've installed Lavasoft Ad Aware and McAfee Siteadvisor
will this two make conflict with avast
-
You're welcome.
Though AdAware is no longer a top flight anti-spyware and I feel a waste of hard disk space. Either of or both of these two are much better.
- 1. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
- 2. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
McAfee SiteAdvisor is another devalued tool with many sites not having been analysed or revisted in a long as a year.
-
Maybe you could try Finjan as a replacement for McAfee SiteAdvisor.
-
hy avast find this virus SYSTEM 1700 Sign of "JS:ScriptSH-inf [Trj]" has been found in "C:\Windows\Temp\clamav-fdfa6507deb1d76a3eb115a2fba48639.00000f78.clamtmp\daily.ndb" file. this is the registry line i see that is the daily database of my spyware terminator whit contain clam antivirus every time i launch a scan whit spyware terminator avast find this virus what i have to do
-
Megas,
Please search the forum first, before posting and then if nothing is found create a new topic.
For now though see:
http://forum.avast.com/index.php?topic=45231.0
This has been discussed extensively
Thanks,
-Scott-
-
sorry i dident see it
-
AHH!!! when im about to download Garena cause i want to play warcraft
i read that avast see this as a threat to my pc is that true?
any suggestion if i will continue to install Garena or not?
-
-= Try here: http://www.garena.com/forum/viewthread.php?tid=6676&extra=page%3D1
-= By the way, you may submit the suspected file to VirusTotal (http://virustotal.com) to get a hint if it is really a malware or an FP.. In case its an FP, add it to exclusions..
-
what is this?? sporder.dll is this a spyware or malware
-
-= Probably, a riskware.. Better send it to VirusTotal (http://virustotal.com) so we can have a better check..
http://www.threatexpert.com/files/sporder.dll.html
-
i actually know where my viruses are and i have avast 4.8 pro but someone let a virus through...
-
Hi ryanpogi12,
File Description: http://download.bleepingcomputer.com/winfiles/SpOrder.Dll
Sporder.dll is a file used by programs to work with the Windows LSP chain. Unfortunately this file is used by malware and some antispyware programs delete it by accident and break legitimate programs. You can use this replacement to try to get your programs working again. If the program continues to not work properly after replacing this file, then it is advisable that you reinstall that particular application.
Usage Information:
Download this file and save it into c:\windows\system32 or c:\winnt\system32 depending on your operating system,
polonus
-
Hie, cant seem to find how to post my own thread. Anyway, have a problem, a virus which infects mp3 files is on the loose. It attaches an intro to your songs saying "Im code breaker" every single time. it later then renames your album title to the same name. This happend to my machine when i plugged my Ipod to sync som music from my desktop. After a few hours my Ipod was wiped out. the suscpicious file was title ""fresh_MP3""".
Help!!!!!!!!!!1
-
Hi Linkup,
To start a new thread with your problem please click in the button (indicated in the image) on this page:
http://forum.avast.com/index.php?board=4.0
This will prevent the confusion that will indefinitely ensue
Thanks,
-Scott-
-
Hi,
Im using window vista....right now my computer can not connect to the internet. I tried IE and Firefox, both doesn't work.
Router is fine, connection with other PC is fine too.
my computer right now have Avast and Norton. I'm trying to uninstall Avast, but unsuccessful and I tried to uninstall Norton, it was unsuccessful too...
I also restore backup to a couple months ago....but still the same..can not access to the internet.
when I turn on my windows security center--->Malware protection-->then I tried to turn on Avast, it says "program cannot activate resident part (Standard Shield provider not found"....
by having two anti virus was that the reason I'm not able to connect to the internet?? Can someone please help me out on this?? maybe uninstall avast or norton and reinstall one of them??? by the problem right now is I can not uninstall either one of them....
Thanks alot
-
- Please start a New Topic of your own as this seems unrelated to the original subject and will just confuse the topic and we will try to help.
- Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the avast! 4.x Home/Pro forum and click it, click the New Topic button at the top of the list and post there.
Having two resident scanners installed is not recommended(more so when one is called Norton) as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. It may a great impact on lots of things.
-
Regards!
Every time i connect any additional memory as pendrive, ipod, etc, The Avast Antivirus displays a virus message from an infected file name autorun.inf. All i do is send it to chest as suggested by the program. It happens and it keep happenning. What i need to do to solve this?. I appreciate your help as soon is possible. I got Avast Antivirus Pro ver 4.8.
-
Please start your own new topic as suggested in my last post.
I would also suggest a forum search for autorun.inf (or Flash Disinfector) as this has been covered many times.
- "Flash Disinfector" program, see See http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/
-
Make sure your avast is up to date and hook up your drive to your EIDE cable.. or if you have a over the 137 GB EIDE adaptor for USB or Firewire just hook it up that way but becareful if and most likely the Auto play pop up starts to scan the drive.. HIT cancle and just click cancel again.. Then use avast to scan it.. I would suggest you just Hook it up to your EIDE cable of your PC then boot up then start avast and schedual a pre-boot and select the drive letter of the infected drive it is assigned..
I do that all the time as I have a IBM and i just pull the cover off and hook up the infected drive. Im protected I have avast to stop even if the drive is hooked up. Ive not had any problems doing this.
Scan and kill it in the preboot.. Move it to the chest.
Scan later to try and attempt to repair the file.. if dont work well yeah just delete it :/
Wish you luck dude o;
-
I downloaded Avast newly and it is supposed to be an antivirus program,yet 8 viruses attacked it and I had to get professional help to get the viruses off. All 8 viruses attached themselves to the Avast program. How did that happen? I actually detected the viruses through Norton - funny enough, I bought Avast because I was told that Norton wasn't doing the best job. Can anyone advise me as to how this happened and how I can stop it from happening again? Thank you
:o
I wonder how that happened, too. It's the first time I hear about such a case. For the time i've been using Avast! nothing like this happened to me (I could not tell the same about Norton). I once got problems to install Avast! due to a virus which was blocking the process, but never had viruses attached. For the experience a friend of mine had, I early learnt not to have two AV systems installed at a time because it becomes normal that your PC freezes or get unabled to run OS. Having last updates of Avast! prevents a lot of stuff happening
-
Gee!
Something else exciting happened on my Birthday way back in 2005 besides me turning 60 and being able to collect an additional Canada pension.
I have Malwarebytes Anti-Malware (MBAM) as well as an additional layer of system protection:
http://www.malwarebytes.org/mbam.php
-
my computer is picking up viruses that i thought avast was suppose to protect me from and i keep receiving blockers asking me to subscribe to something else to protect my PC, what am i to do do need help immediately!!!!! >:(
-
Hi miqunon,
You probably contacted a fake alert from a fake av program, you did not react to it so I assume you have not come infected. What is your browser and did you fully update and patch it? Can you present us with a fresh hjt log text. Get hijackthis from here: http://www.filehippo.com/download_hijackthis/download/8571e06e5eb8ab03c649f3b5d647c599/
Attach the logfile txt to your next posting and we will give it a glance,
polonus
-
erm my computer automatically deleted it. i tried going to the virus deleted place. but right clicking it, the send option was not clickable.
-
Menu also automatically deleted without any problem only once I have a problem with avast December 4.8. does not detect me a trojan virus and I have the NOD32 to clean up the
-
I downloaded Avast newly and it is supposed to be an antivirus program, yet 8 viruses attacked it and I had to get professional help to get the viruses off. All 8 viruses attached themselves to the Avast program. How did that happen? I actually detected the viruses through Norton - funny enough, I bought Avast because I was told that Norton wasn't doing the best job. Can anyone advise me as to how this happened and how I can stop it from happening again? Thank you
I don't know much about computers but, I do know you must remove a program before trying to replace it
-
Scan using Avast and send the viruses to the chest
-
Use ccleaner to clean all the temporary folders^^
-
Clear it with ccleaner.
http://www.ccleaner.com/
-
my computer is picking up viruses that i thought avast was suppose to protect me from and i keep receiving blockers asking me to subscribe to something else to protect my PC, what am i to do do need help immediately!!!!! >:(
Try getting a good anti-spyware program like spybot s&d, ad-aware, malware bites to run alongside avast!
-
Try getting a good anti-spyware program like spybot s&d, ad-aware, malware bites to run alongside avast!
Only MBAM is effective nowadays ::)
-
Evertime I open an email today I get the tojan horse warning! "JS:SCRIPTIP.inf" (TRJ.!) I keep moving it to chest but how do I solve the problem?Thans--new to y'all
-
All internet is infected with Viruses... Evry 2th wep site I open I catch virus! The last time I have XP I use Spyware Terminator and this program have Internet shild.. I have toolbar on my Internet Exploler and always goes red... this means danger... Site with alot of viruses.. Now I am with windows 7 from 2 days and I download Avast and I will see how will be with that antivirus program! I hate the last one (antivirus program) becourse for every one thing what I do and constantly asked me to do it or not...
-
hello:
computer idiot here. My eight year old was researcing african penguins and clicked something. my Avast kicked in and said I had a trojan horse... the recommedation was to move to the virus chest but I am unable to preform that operation. When I try I get the error message file in use. It seems to be in my temporary internet files. I am running windows xp.
the file name is C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PMJ99A0I\.l[1].htm
the malware is JS:Downloader-JR [Trj]
my vps version is 100128-1, 01/28/2010
Any Help would be greatly appreciated.
-
hello:
computer idiot here. My eight year old was researcing african penguins and clicked something. my Avast kicked in and said I had a trojan horse... the recommedation was to move to the virus chest but I am unable to preform that operation. When I try I get the error message file in use. It seems to be in my temporary internet files. I am running windows xp.
the file name is C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PMJ99A0I\.l[1].htm
the malware is JS:Downloader-JR [Trj]
my vps version is 100128-1, 01/28/2010
Any Help would be greatly appreciated.
1 Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
2 Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
3 Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32\*.dll /lockedfiles
c:\windows\system32\drivers\*.sys /lockedfiles
%systemroot%\*. /mp /s
CREATERESTOREPOINT
4 Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply as an attachment.
-
:) Sorry.
-
Howdy my good friends:
As you can see, i´m in deep trouble. I don´t know how i catch this pest call it Recycler virus and their signature is that write in System Information, c:\Recycler and as a matter of fact; it turn off my Avast Icon in my task bar , also the way to configure Avast Features after infected. Also, i can´t download my updates VPS.
HELP or at least teach me how to kick... that Pest, ¿Please????
-
Sorry, but total rubbish, viruses don't just hang out in the temp folders, the majority try to place files in the system folders to try and scare you into not removing them.
-
Why does virus go into Temp? What does it mean? Is it still activated?
-
Thanks
-
I have Windows XP
Today I've found a new virus that Avast did not see. Distributed through a web browser with some sites. Alone and unnoticed.
Symptoms:
When starting Windows opens "My Documents".
Found 2 files in the folder "temp" with the same icons. Their removal did not help. Then find them in the folder system32, deleted. (Outpost Firewall just reacting to them when they wanted to run something in the system).
Attach the files.
http://rapidshare.com/files/414093818/438743ad.exe
http://rapidshare.com/files/414093871/pnfimu.exe
Help please!
-
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
-
Thank you for useful information.
'll Know how to send viruses. Previously, for a month waiting for Avast when cure is a new virus.
-
HELP! I've seem to have a virus on my pc. It can't be repaired & I've removed it to chest (as suggested) but the warning message pops back up every now and then!
I've copied the description of the files infected & they are:
C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif
C:\DOCUME~1\STEVE~1.HOM\LOCALS~1\Temp\V2M0FHa03308
I've tried the online clean, but nothing was detected. My Prevx software isn't picking the virus up and an online scan with trend micro didnt pick it up either.
Not sure what else I can do, or if I should be worried!
You Can Just Do This.
1. Go To Folder Options
2. Enable (Show Hidden Files and folders)
3. Uncheck Hide Protected OS Files
4. Uncheck Hide Extension for know file types. And Hide Empty Drives In Computer Folder
5 Grab "MalwareBytes File assassin" http://download.cnet.com/FileAssassin/3000-2094_4-10639988.html
6 Install... Target The File And Press Delete With FileAssassin On The Infected Files.
7. Reboot If Required
8. Malware Begone! :) But Check With A Virus Scanner To See if Anymore.
-
Salve
Non sono pratica dei forum ma avrei bisogno di un vostro aiuto!
Come il mio antivirus avast ha rilevato un virus cche si chiama Win32:Zwangi - F (PUP),al momento l'ho sposato nel cestino ma ogni volta che apro internet mi viene segnalato! Vorrei sapere se è dannoso per il pc? Vorrei eliminarlo ma cosa succede poi il pc?
Vi prego di aiutarmi
GRAZIE
-
Salve
Non sono pratica dei forum ma avrei bisogno di un vostro aiuto!
Come il mio antivirus avast ha rilevato un virus cche si chiama Win32:Zwangi - F (PUP),al momento l'ho sposato nel cestino ma ogni volta che apro internet mi viene segnalato! Vorrei sapere se è dannoso per il pc? Vorrei eliminarlo ma cosa succede poi il pc?
Vi prego di aiutarmi
GRAZIE
International zone http://forum.avast.com/index.php?board=21.0
Espanol http://forum.avast.com/index.php?board=25.0
-
Salve
Non sono pratica dei forum ma avrei bisogno di un vostro aiuto!
Come il mio antivirus avast ha rilevato un virus cche si chiama Win32:Zwangi - F (PUP),al momento l'ho sposato nel cestino ma ogni volta che apro internet mi viene segnalato! Vorrei sapere se è dannoso per il pc? Vorrei eliminarlo ma cosa succede poi il pc?
Vi prego di aiutarmi
GRAZIE
International zone http://forum.avast.com/index.php?board=21.0
Espanol http://forum.avast.com/index.php?board=25.0
That's italian, not spanish ;) .
http://forum.avast.com/index.php?board=26.0 << Italiano.
-
I hope I am posting this correctly, my virus is only working until 41%, and then my computer shuts off. Any suggestions?
-
- Please start a New Topic of your own as this seems unrelated to the original subject and will just confuse the topic and we will try to help.
- Go to this link, http://forum.avast.com/index.php?board=2.0 (http://forum.avast.com/index.php?board=2.0). Click the New Topic button (see image, click to expand) at the top of the list and post there.
In that please state:
What avast version you are using (4.8 or 5.0) ?
What does working until 41% means, are you talking of running an on-demand scan ?
If so which scan are you doing ?
-
First download and run CCleaner
Once that is complete, follow these steps precisely
You will then be required to submit (via attachment) your HJT logs and scan results
Running the above procedure will clean most computers of malware, submitting the attachments is for any further areas that could not be resolved, and to confirm all OK
-
@ SofiaBrown,
Most of us use CCleaner and MBAM for a cleaner and for a deeper cleaner use TFC. However Hjk has been replace by OTS these days. Please refer to the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0). Thank you.
-
Rightio, Lets See.
Firstly, Boot Up In Safe Mode And Go On Internet Explorer Or Another Browser. Now, Visit www.avast.com And Download Avast Free Edition. Run Download And Let It Install. Open Avast Interface And Click Scan Then Boot Time Scan. Click Settings On The Boot-Time Scan. Choose It To Scan At All Harddisks, System Drive And Auto-Start Programs (All Users). Put Sensitivity On Full. Schedule The Scan Then Reboot And Let Avast Do Its Work.
Hope This Helps! Good Luck.
-
*.pif files are droppers. That means that some other infection is still inside the computer. Check for any virus named as Zbots or Infostealers. These type of viruses drop .pif droppers.
-
I am in the same boat but mine is slightly different.
80000032.@ c:\\Windows\assembly\temp\U and rlls64.dll c:\\Program Files (x86)\RelevantKnowledge Win32:Relevant-U [PUP]
I attached a pic and have no idea what to do from here. Hopefully you have some magic left for me.
I am running W7, just got the computer plugged in, on line and installed avast!...a bit surprised that I already have a virus. Please help!
Also, it will be helpful to me if you reply like I am 5 years old. :-[
Thanks a TON!!
Dezz
(http://i258.photobucket.com/albums/hh270/meiersimmons/avastmsg.jpg)
-
- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.
- This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) for information on Logs to assist in cleaning malware. Use the information about getting and using the logs and start your own new topic and attach the logs there, not in the LOGS topic.
-
The same virus i found in my vcd cutter files , please suggest what to do.
Thanks & Regards (http://imagicon.info/cat/5-64/icon_smile.gif)
-
As in the post directly above yours, start your own new topic and give full information on the alert, file name, location, malware name, etc.
Then follow the rest of the information in the "information on Logs to assist in cleaning malware" link.