Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: lulam on April 28, 2005, 02:56:38 PM
-
Windows98
Avast 4.6
database 0517-2
I ran Avast but there is still a virus on my computer. I can't run msconfig or system information.
Doing a "find" on today's date give me 2 files related to virii: norat and fo(o with squiggly on top). They can't be deleted so I booted into DOS and deleted them but they're back after a re-boot. From googling, I'm coming up with a Troj/Norat-A or TrojanProxy.Win32.Mitglieder.bz or TROJ_MTGLDR.F but I'm not coming up with any manual removal info.
Any help would be appreciated. Thank you
-
If you download and run avast! Virus Cleaner (http://www.avast.com/files/eng/aswclnr.exe), will it help?
It will be good run a SpyBot and Ad-aware scannings too.
What is the path of the infected files?
-
norat and fo(o) are in c:\windows\system folder. According to Zonealarm (http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=40947)
To infect a machine, the trojan copies itself to %System%\Winerdir.exe before dropping two DLL files. These file have been identified as:
%System%\foõ.exe (26,112 bytes) and %System%\norat.exe (1,536 bytes).
I can't find the "winerdir.exe" file
I've run adaware and it also did not detect the virus
edit:
After running avast! Virus Cleaner
"avast! Virus Cleaner Tool - version 1.0.207 Ansi
Creating log file: C:\MY DOWNLOADS\aswclnr.log
4/28/05, 9:22:56 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (82.8s).
----------
Files scanning started...
No virus body found.
Files scanning finished (73223 files, 0 infected, 891.4s).
Drives scanned: C:"
----------
-
I got rid of the virus by continually hitting "control/alt/delete" during startup and closing all programs except systray and explorer. I went thru the process 3 times and on the third try, I stopped 2 <unknown> processes from running. I was then able to get into msconfig and unchecked all the programs I knew were not needed by windows. I re-booted and everything worked fine. From here (http://forum.avast.com/index.php?topic=13010.msg109682#msg109682), I think keydr.exe in msconfig was the virus. I then went back to msconfig and re-checked various programs and so far everything is normal.
-
That sounds too hard to do. I too have some odd virus that will not let me into windows. Some message about not being able to flush or load the system registrary. Then it reboots automattically. I end up with at some point my login screen where you click on user, then it asks for a password! I don't have a password setup!!. I then run in safe mode and launch Avast. After about 4 hours it tells me it found nothing! ;-( I'm thinking I've lost and I don't have any choice but to do a complete reformat of the hard disk. :-( :-X :-\ :-* :'( >:(