Avast WEBforum

Other => Viruses and worms => Topic started by: Renfeh on February 10, 2004, 10:53:33 PM

Title: W32.Protoride (win32.tojan.gen - per Avast)
Post by: Renfeh on February 10, 2004, 10:53:33 PM

I have a virus on my system that I just can't seem to get rid of.  As per the subject line, it is called Protoride - or - win32.trojan.gen per Avast.  It is also known as msupdate.exe.  

Avast finds it - that isn't the problem.  The problem is getting the darned thing to dissappear from my system!  I went to Symantec, retrieved instructions on how to remove the virus from my system and followed the instructions verbatim.  No problem.... until a couple of days later and there it was again in the startup again... *sigh*...

Does anyone know how I can get the darned virus OFF MY SYSTEM permanently??  ???

I just went through and removed it again, so for now it isn't there...

Thank you for any help!

Donna  :)

Title: Re:W32.Protoride (win32.tojan.gen - per Avast)
Post by: whocares on February 11, 2004, 12:00:31 AM

Hi,

what WIN do you have ?
do you have ALL windowsupdates applied ?

What AV-program detects it as "protoride" ? Symantec ? please provide Link

Where exactly was the infected File found  (full pathname and filename) ?
did you disable  RESTORE ??

test the file with OnlineScanners e.g. from TrendMicro & Kaspersky to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)


-remove the Virus/Malware and it's system modifications according to VirusInfos from Avast, VGREP, TrendMicro, Kaspersky; you might also try searching for the virus name or filename with google

general removal procedure:
- kill respective Worm/Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
 

-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc..)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean ;)


**** if the Virus was found in a RESTORE-folder:

disable System-Restore, reboot, and it will be gone
see
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
reenable Restore afterwards, if you need it

Title: Re:W32.Protoride (win32.tojan.gen - per Avast)
Post by: whocares on February 11, 2004, 12:19:25 AM

P.S..
you have checked all your Share/network drives ?
are you in a network ?
disable sharing or use secure passwords ;)

Title: Re:W32.Protoride (win32.tojan.gen - per Avast)
Post by: FBS on February 16, 2004, 11:19:48 PM

I have the exact same problem.. running out of anti-virus programs to use... its so great how half the programs find them then refuse to do anything about them! :'(

trying that turn off restore tip now