Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: bgg on June 14, 2009, 01:31:01 PM

Title: Win32:Rootkit-gen detected -- BUT it is in a loop !!!
Post by: bgg on June 14, 2009, 01:31:01 PM

In my sysem, the Avast caught ip with a new virus,.. I read abt this in just one location so far: http://vil.nai.com/vil/content/v_159809.htm

It disables most processes, including regedit, hides run button, and many many things..

it also copes has this file: c:\windows\nahsor\.exe

and loads it into thememory/startup programs (which can be seen thru cntl+alt+del)

I somehow enable regedit, kills the c:\windows\nahsor\.exe
enable regedit, etc

BUT the thinbg is happening in loop!

it comes back!!


any solution, please?

Title: Re: Win32:Rootkit-gen detected -- BUT it is in a loop !!!
Post by: .: L' arc :. on June 14, 2009, 01:53:03 PM

-= Clean your temporary files, then schedule a boot time scan..

-= For better results, download, install, update, and run a scan with Malwarebytes Antimalware (http://malwarebytes.org) to detect other infections that might have slipped over avast's scan..

-= Furthermore, a HijackThis (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html) log will also help for a deeper investigation.. ;)

Title: Re: Win32:Rootkit-gen detected -- BUT it is in a loop !!!
Post by: bgg on June 14, 2009, 07:23:20 PM

i was tired in the last 24 hours.. so formated hard drive, and now its fine. I know the infection is still present in the external drive.

I trust on Avast.. recommend this to all my clients..
so Avast should not fail!

Title: Re: Win32:Rootkit-gen detected -- BUT it is in a loop !!!
Post by: Lisandro on June 14, 2009, 08:59:47 PM

For your external driver, let it plugged and run Autorun Eater (http://www.softpedia.com/get/Security/Secure-cleaning/Autorun-Eater.shtml) or Flash Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe), allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.

Title: Re: Win32:Rootkit-gen detected -- BUT it is in a loop !!!
Post by: bgg on June 15, 2009, 02:25:17 AM

In my laptop .. there is c: and d:

and yesterday I hv reformatted c: and installed windows on c:.. BUT the virus was sitting in d: I am sure.. after installing the the registary was disabled, and all other usual staf happened!!
 so I had to format both drives and reinstalled windows xp. I notice that it can do nothing to Vista.

So I am still hesitating to attach teh external drive into the computer

Title: Re: Win32:Rootkit-gen detected -- BUT it is in a loop !!!
Post by: bgg on June 15, 2009, 02:44:21 AM

Hey Tech: As per you suggestion i hv installed Autorun Eater and then prayed GOD and plugged the externl drive.. and  It seems it worked !!

The Autorun Eater found the .exe virus in the autorun.inf file .. i simply deleted the file without a second thought!

Thanks a lot!


:)

Title: Re: Win32:Rootkit-gen detected -- BUT it is in a loop !!!
Post by: Lisandro on June 15, 2009, 03:13:00 AM

Quote from: bgg on June 15, 2009, 02:44:21 AM

Thanks a lot!

You're welcome. If you want to help me, don't thank me, just sign up & use (sign up only is not enough) Mozy (https://mozy.com/?ref=5PUHL3) to get 2,200 Mb for free remote backup system. Enjoy its safety!