Avast WEBforum
Other => Viruses and worms => Topic started by: FBS on February 18, 2004, 03:42:42 PM
-
I just found out about avast and I ran home edition 4.1 with a thorough scan and it says it found no infected files.
http://www3.ca.com/virusinfo/virusscan.aspx
+
http://housecall.trendmicro.com/housecall/start_corp.asp
found no viruses & lavasoft6.0 adware says I'm clean.
AVG anti-virus tells me I have 6 infected files!:
AVG Anti-Virus
Program version 7.0.211
Virus base 261.9.5
Release date: 17/02/2004
File h4ck3d.exe
Result/Infection Trojan horse Downloader.Zdown
Path C:\WINDOWS\system32\7oob.exe:\h4ck3d.exe
File root.sys
Result/Infection Trojan horse IRC/BackDoor.Flood
Path C:\WINDOWS\systems32\7oob.exe:\root.sys
File secure.BAT
Result/Infection Could be infected BAT/Generic
Path C:\WINDOWS\systems32\7oob.exe:\secure.BAT
File secure.exe
Result/Infection Trojan horse HideWindow
Path C:\WINDOWS\systems32\7oob.exe:\secure.exe
File spread.bat
Result/Infection Could be infected BAT/Generic
Path C:\WINDOWS\systems32\7oob.exe:\spread.bat
File system.sys
Result/Infection Virus found IRC/BackDoor.Flood
Path C:\WINDOWS\systems32\7oob.exe:\system.sys
Another online scanner http://www.ravantivirus.com/scan/indexie.php gives me the following results:
\Addons\clones3.ini - Flooder:IRC/Clonman* -> Infected
C:\mf-polaris2001\polaris2001\System\remotes\connect.ini - IRC/Generic* -> Suspicious
C:\WINDOWS\fps.exe->(ASPack 2.12) - Win32/Dumaru.H@mm -> Infected
C:\WINDOWS\system32\7oob.exe->(CABSfx)->h4ck3d.exe - TrojanDownloader:Win32/Zdown.1_01 -> Infected
C:\WINDOWS\system32\7oob.exe->(CABSfx)->secure.exe - Tool:HideWindows -> Infected
C:\WINDOWS\system32\dtxservice.exe - TrojanSpy/Win32.ProAgent.1_2 -> Infected
C:\WINDOWS\system32\jcxpif.exe->(UPXW) - Win32/HLLW.SpyBot -> Suspicious
C:\WINDOWS\system32\mirc.ini - Trojan:IRC/Flood.gen* -> Infected
C:\WINDOWS\system32\sysmgr.exe->(UPXW) - Win32/HLLW.SpyBot -> Suspicious
C:\WINDOWS\system32\Temp.scr - IRC/Flood -> Infected
Avast does give me pop-up warnings about the following:
Win32:Trojan-gen. {UPX!}
c:\windows\iss32.exe
win32:Trojen-gen. {other}
c:\windows\mps.exe
win32:Trojan-gen. {other}
c:\windows\kdd32.atm
It won't let me do anything with these files. Can't repair/delete/move.
AVG tells me I have Trojan Horse PWS.Proagent.B.. I ask to delete it, it says it does but whenever I reboot it's there again?!
Any help appreciated!!
;D
-
Hi,
is your avast uptodate ?
1) Please mail any files not detected by uptodate avast to:
virus at asw dot cz
best put them in a passwort-protected zip-file; including the password and a system/problem description in the mailtext..
2) loads of malware there: if you have important/sensitive data on your PC, or use it for online-banking, ebay or other privacy critical stuff:
backup your data, format, and reinstall Windows XP, securing it better this time..
otherwise:
maybe test the file with OnlineScanners e.g. from KAV (see below) to get some more specific names
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)
-remove the Virus/Malware and it's system modifications according to VirusInfos from Avast, VGREP, TrendMicro, Kaspersky; you might also try searching for the virus name or filename with google
general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc..)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. RAV to check whether your PC is clean ;)
-reenable system restore on Win ME/XP ;)
-
Hello thanks for reply! :) :)
I got the latest version of avast on Monday when I first heard about it.
Task manager does not work, I press crtl+alt+delete and it just pops up for about a second and dissapears.
When I try and run regedit.exe this also just dissapears after a second...
System restore won't work anymore (maybe because I've used it already going back 2 weeks then again moving forward 3 days). I had already tried disabling it to try and delete the bad files but it doesn't work.
I don't have a Windows XP disc either :(
Maybe I should just delete the entire folder C:\WINDOWS\system32\7oob.exe, it is in hidden format, or just the infected files listed?
???
-
I don't have a Windows XP disc either :(
why not ? even with XP-preinstalled you should get an XP-recovery disk from your vendor / the guy who sold the system to you
if your XP is not legit, then you shouldn't post statements like the above here..
Maybe I should just delete the entire folder C:\WINDOWS\system32\7oob.exe, it is in hidden format, or just the infected files listed?
it's not a folder, but a self-extracting archive that CONTAINS several trojans/malware items
you could try deleting it in safe Mode (F8-Boot), but that might not work/it might get reinstalled
it would really be better, if you removed the malware according to the proper virus infos..
;)
-
Why can't you delete the files with avast! - what happens? Isn't there e.g. an option to delete the file after restart there?
Btw, aren't you running avast! together with AVG resident protection enabled?
-
I should have a recovery disc but I don't. I may have when I first bought it two years ago but I have moved residence five times since then. The computer came with XP already on it. :P
I'll post back a bit later once I try deleting in safe mode. Last time I tried booting in safe mode (few hours ago) I deleted win32.kuang2 and win95.matyas whatever they are :D Nothing else was found.