Author Topic: Virus in temp  (Read 118969 times)

Offline ajr

  • Newbie
  • *
  • Posts: 1
  • I'm a llama!
    • Personal Message (Offline)
Virus in temp
« on: February 01, 2005, 08:27:45 PM »
HELP! I've seem to have a virus on my pc. It can't be repaired & I've removed it to chest (as suggested) but the warning message pops back up every now and then!

I've copied the description of the files infected & they are:

C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif

C:\DOCUME~1\STEVE~1.HOM\LOCALS~1\Temp\V2M0FHa03308

I've tried the online clean, but nothing was detected. My Prevx software isn't picking the virus up and an online scan with trend micro didnt pick it up either.

Not sure what else I can do, or if I should be worried!


Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23940
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Re: *** Advice&Tools for virus/trojan/malware Removal & Prevention***
« Reply #1 on: February 01, 2005, 08:35:31 PM »
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.

Next time, please post a problem in your own Thread. Not in Informative Thread. Thanks
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Offline plmusic

  • Newbie
  • *
  • Posts: 1
  • I'm a llama!
    • Personal Message (Offline)
Re: Virus in temp
« Reply #2 on: February 10, 2005, 12:47:13 PM »
I downloaded Avast newly and it is supposed to be an antivirus program, yet 8 viruses attacked it and I had to get professional help to get the viruses off.  All 8 viruses attached themselves to the Avast program.  How did that happen?  I actually detected the viruses through Norton - funny enough, I bought Avast because I was told that Norton wasn't doing the best job.  Can anyone advise me as to how this happened and how I can stop it from happening again?  Thank you

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Virus in temp
« Reply #3 on: February 10, 2005, 02:28:23 PM »
Quote
Can anyone advise me as to how this happened and how I can stop it from happening again?  Thank you

Rather difficult, based on the lack of information.
    - What OS are you using? is it up to date?
    - What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
    - What was the virus name, what was the filename, where was it found
      example (C:\windows\system32\infected-filename.xxx)?

If you still had Norton on your system and installed avast! many of the component parts of avast would not have been enabled to avoid conflict. Two resident AVs can cause conflict.

There is plenty of professional help available here, the only difference, you won't have to pay for it here. This really should have been your first port of call.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
    • Personal Message (Offline)
eermh.. why is this thread sticky ?
« Reply #4 on: March 09, 2005, 10:01:06 PM »

 All 8 viruses attached themselves to the Avast program. 


How did you see this.. ?

Weren't they rather in avast's CHEST or MOVED-folder ?? ???



eermh.. why is this thread sticky ?

Offline SHERIF

  • Newbie
  • *
  • Posts: 1
  • I'm a llama!
    • Personal Message (Offline)
beagle BG3 worm can not be removed
« Reply #5 on: April 22, 2005, 04:49:23 PM »
Would you please help me out, I have winXP home and Avast home edition. I found beagle bg3 in memory which boot up scan, i am unable to remove. it infected the file c:\windows\system32\wiwshost.exe
would anyone any idea to remove it

thanks
sherif

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
    • Personal Message (Offline)
Re: Virus in temp
« Reply #6 on: April 22, 2005, 05:16:40 PM »
Hi,

are you sure you mean a boot-time scan ?
I don't really see how it could be in memory then

try this:
- Disable system RESTORE
- reboot to SafeMode (F8-Boot)
- do a full thorough scan with archive-scanning enabled, move infected files to CHEST

if you dont succeed, please post here a hijackthis-Log for diagnosis

Details/Links for the above can be found via "VirusRemoval"-link below in my sig

 ;)

P.S.: Also work through the links/descriptions here, and try and find out which variant fits your symptoms:

http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=wiwshost%2Eexe&alt=wiwshost%2Eexe&Sect=SA

-> follow removal instructions on that site then ;)

Offline ErrorFIXer

  • Newbie
  • *
  • Posts: 1
  • I'm a llama!
    • Personal Message (Offline)
Re: Virus in temp
« Reply #7 on: October 06, 2005, 03:29:31 PM »
Try to disable it from start-up:

Start->Run->msconfig->StartUp

and remove after reloading the PC
Computer Safe with ErrorSafe

Offline wiseman

  • Newbie
  • *
  • Posts: 1
  • I'm a llama!
    • Personal Message (Offline)
Re: *** Advice&Tools for virus/trojan/malware Removal & Prevention***
« Reply #8 on: October 10, 2005, 12:42:36 AM »
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.

Hi! I just downloaded 4.6 reently.  Everytime I run Outlook, I get the same e-mail from search.com that the program detects as netsky, get rid of it and it regenerates.  I tried the above procedure but it keeps regenerating somewhere else.  Yet when I run the cleaner and the full scan, it doesn't pick up anything.

Offline Scott

  • Newbie
  • *
  • Posts: 2
  • I'm a llama!
    • Personal Message (Offline)
Re: *** Advice&Tools for virus/trojan/malware Removal & Prevention***
« Reply #9 on: October 15, 2005, 04:46:00 PM »
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.

Next time, please post a problem in your own Thread. Not in Informative Thread. Thanks

darth.mikey

  • Guest
Re: Virus in temp
« Reply #10 on: October 15, 2005, 04:58:10 PM »
What's with all that quoting guys?

Offline Peter Murch

  • Newbie
  • *
  • Posts: 5
  • I'm a llama!
    • Personal Message (Offline)
Re: Virus in temp
« Reply #11 on: October 21, 2005, 09:45:50 PM »
HELP! I've seem to have a virus on my pc. It can't be repaired & I've removed it to chest (as suggested) but the warning message pops back up every now and then!

I've copied the description of the files infected & they are:

C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif

C:\DOCUME~1\STEVE~1.HOM\LOCALS~1\Temp\V2M0FHa03308

I've tried the online clean, but nothing was detected. My Prevx software isn't picking the virus up and an online scan with trend micro didnt pick it up either.

Not sure what else I can do, or if I should be worried!



Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Virus in temp
« Reply #12 on: October 21, 2005, 09:50:33 PM »
And your query or comment is Peter?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Peter Murch

  • Newbie
  • *
  • Posts: 5
  • I'm a llama!
    • Personal Message (Offline)
Re: Virus in temp
« Reply #13 on: October 21, 2005, 09:53:54 PM »
I am not at all sure I understand any of this.  Can my Avast eegularly scan my PC every time I go on line?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Virus in temp
« Reply #14 on: October 21, 2005, 10:07:41 PM »
I'm not sure I understand the question as it doesn't seem related to the current topic, but here goes.

avast's Web Shield can scan http traffic on port 80 before it is saved into your browser cache so the web page, images, etc. can be displayed. So if something harmful is detected it can be intercepted.

You can also set the Standard Shield to scan ALL created/modified files.

However, it isn't scanning your PC because you have gone on-line, just the stuff you want to browse.

Welcome to the forums.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now