Virus is found -moved to chest- over n over -Help Please?

[nottyn]

The virus, "Win32: Trojan-gen (other)" has been found on my PC :  C:\Windows\Sys32\misdirectx.sys

The Avast Alert pops up and prompts which action should be taken. So I select the recommended action, "Move to Chest" .
Of course I panicked , tried to disconnect from my dial-up connection.... failed ... one minute later the same popup Avast window reads the same virus has been found ... so I panicked more and chose to delete it this time....
Still cannot get off the Internet ... try to bring up Task Mngr...
failed ...
The only thing working was the virus alert - over and over again.
All other programs froze so I forced shut-down by cutting power supply off.
Of course I was too freaked out to write down the name of the virus or where it was found.

Don't chew me out because I already know what I did was wrong.  I read a couple of posts on this forum that pointed out that I had done everything wrong in dealing with the virus... after the fact.

So i turned on the PC and got the name of the virus and the file, but I could not find any info on it here.

Any help on this would be very welcome.
The computer info:
AMD Athlon Duron 1.4 Ghz
500 MB Ram
Windows XP Pro - not sure if it has SP2

I'm using Avast  4.6.655 Home Edition
VPS: 0525.5   6-25-2005

Thanks for reading.

Nancy
 

[FreewheelinFrank]

Hello Nancy,

First of all, please run a boot time scan with avast!

Right click the avast! globe and select Start avast! Antivirus.

avast! will do a memory scan: if it finds a virus or worm in memory, it will prompt you to do a boot time scan: accept this and reboot.

If avast! doesn't find anything in memory, schedule a boot time scan. (Click the button at the top left of the avast! silver console and select Schedule boot time scan from the drop-down menu.)

Please ensure that your Windows firewall is turned on if you have no other firewall installed:

http://www.geocities.com/dontsurfinthenude/firetut.htm

Please download, install and update the following anti-spyware programs (If you haven't already, of course) and run scans.

If you experience any more problems, please make a note of the exact warning you receive and the options you are presented with.

Good luck!

[nottyn]

This virus is much more serious than people may think.

I have tried everything that you advised!
I did the boot time scan with Avast.
It finds the virus in a few places, but when it goes into windows,
THERE IT IS AGAIN!... over and over
 
I run Task Mngr and see the program, Aucl.exe (I forgot the name but it starts with an A and has a u,c in the name)
I cannot find out the name anymore because the virus rendered my other computer useless.

As quick as I shut it down in Task Mngr, it starts up again.
 
This virus is generating somewhere and nothing can find it.
I've done a few boot time scans, have system restore disabled, installed "Trojan Hunter" which did not see it at all!, emptied out Internet cache, completely cleaned out all email messages....
Other than reformatting my drive, is there any suggestions?

 :'(  Nancy

[DavidR]

Hijackthis is a good analysis tool to show what is running on your system.

When programs are running windows protects them so it is difficult to remove them and if avast doesn't detect/recognise the other elements they can start them up again.

Program & Tutorial - Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

Terminate the process in task manager, download the HJT program and browse/print of the tutorial.

Google is your friend - a search for msdirectx.sys (not misdirectx.sys as in your post returns lots of hits, so I assume a typo in your post), this is the first (it gives removal instructions as well, this should get you started) and you are right in saying this much more serious.
http://www.antisource.com/article.php/rootkit-msnt-msdirectx

You might also want to get this RootKitRevealer from system internals - http://www.sysinternals.com/utilities/rootkitrevealer.html, this will check if there is in fact a rootkit type virus deeply hidden.

[nottyn]

I would love to be able to run Hijack This on the infected PC, but I cannot keep it running at all anymore.
I think the virus killed it.

The reports show this virus as being mild in damage!
If anyone out there has any influence .... Please double check this "Win32: Trojan-gen (other)" virus.

When I searched the Internet for info on it, it led me to a few posts on the Hijack forum.  The people never replied which makes me think that the same thing happened to them.  I am lucky to have another PC to use.

What is happening to the infected PC now is it starts up and I have the avast boot time scan scheduled... during the scan the pc slams down abruptly.

The only hope I have now is that the slamming down of the PC may be caused from overheating.
It is an AMD Athalon (which are known to run hotter) and it is 90 degrees in Minnesota. I have no air conditioning and I was working on it a lot prior to the shutdowns.

If I can get it going again, I will do as you advised and post again.

If I don't post again, that means the PC is ruined from the virus.

Thank you for your help.

Nancy

[FreewheelinFrank]

Hi Nancy,

I think you mistyped the name of the file you have: it is msdirectx.sys, a rootkit which can hide other malware on your computer.

This rootkit is causing a lot of problems at the moment- see this thread:

http://forum.avast.com/index.php?topic=14613.15

My best advice to you at the moment is to back up your files and reinstall your OS using your computer's rescue disks or original Windows disks.

Edit: your only other option is to wait until the underlying malware is added to avast!'s definitions, or to try the online scanners of other anti-virus companies to see if they can identify it. (Trend Micro, F-Secure and Panda do online scans.)