Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: madrith on July 03, 2004, 04:32:33 AM
-
Help! Using Avast! Resident Protection I get a warning of this virus located in diffrent files poping up about every 5 min. I choose to delete and it delets it, but pops up again in about 5 min. How can I get rid of this! Below is a copy of the log. I tried doing a boot time scan, but it found nothing.
*
* Task stopped: Tuesday, June 29, 2004 7:04:31 AM
* Run-time was 1 day(s), 11 hour(s), 37 minute(s), 25 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, June 29, 2004 7:05:41 AM
* VPS: 0426-1, 06/25/2004
*
C:\WINDOWS\ntgc.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\msfp32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\appvq32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\atldq32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\winln32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\systn.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\System32\bemej.dll [L] Win32:Trojano-191 [Trj] (0)
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, June 29, 2004 8:47:41 PM
* VPS: 0427-0, 06/29/2004
*
C:\WINDOWS\system32\d3sc32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\javami.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\apiyp32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\sdkvg.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\mfcsf.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\syspo32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
*
* Task stopped: Tuesday, June 29, 2004 9:38:03 PM
* Run-time was 50 minute(s), 22 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, June 30, 2004 6:33:27 AM
* VPS: 0427-0, 06/29/2004
*
C:\WINDOWS\system32\sdkwh.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\msup.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\appac32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\apigk32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\addgj32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\apifx.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
*
* Task stopped: Wednesday, June 30, 2004 7:34:00 AM
* Run-time was 1 hour(s), 33 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, June 30, 2004 2:05:48 PM
* VPS: 0427-0, 06/29/2004
*
C:\WINDOWS\system32\iejb32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\javazl.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\netoh32.exe [L] Win32:Trojano-180 [Trj] (0)
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Thursday, July 01, 2004 7:03:50 AM
* VPS: 0427-0, 06/29/2004
*
C:\WINDOWS\d3kp.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\System32\apils32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\msuq.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\javajg.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\mfchz32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
*
* Task stopped: Thursday, July 01, 2004 7:18:28 AM
* Run-time was 14 minute(s), 38 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Friday, July 02, 2004 7:00:09 AM
* VPS: 0427-0, 06/29/2004
*
C:\WINDOWS\system32\d3pm.exe [L] Win32:Trojano-180 [Trj] (0)
C:\WINDOWS\system32\d3pm.exe [L] Win32:Trojano-180 [Trj] (0)
C:\WINDOWS\ipno32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\javapj.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\addju.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\addwn32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\mfcis.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
*
* Task stopped: Friday, July 02, 2004 7:26:56 AM
* Run-time was 26 minute(s), 47 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Friday, July 02, 2004 7:46:25 AM
* VPS: 0427-0, 06/29/2004
*
C:\WINDOWS\system32\d3rf32.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\windows\msopt.dll [L] Win32:Trojano-210 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\appqe.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
C:\WINDOWS\system32\crpi.exe [L] Win32:Trojano-180 [Trj] (0)
File was successfully deleted...
File was successfully deleted...
-
Oh man looks like some of the crap i had go ont h other day
http://forum.avast.com/index.php?board=2;action=display;threadid=5655 (http://forum.avast.com/index.php?board=2;action=display;threadid=5655)
Good luck bro........
-
Man, that is just evil! So far nothing has stopped functioning, but who knows! I think my task for the day is to back up, and reformat! Thanks for the well wishes, I think I'll need it!
-
madrith-
Try some of the programs listed on my site.
Since you are ready to format anyway,it wouldn't hurt to try some of tips and programs listed.
This will be a good learning experience for you.
Take advantage of it. Perhaps you can clean up the mess
and learn how to prevent it in the future.
-max
-
If your going to format just try some online scanner (rav), then send the virus(s) into avast for testing ;) , as madmax said "it can't hurt" :)
-
Yes for sure do that. I spent many hours trying to eradicate the damages that happend. It wasnt till all avenues were exausted did i do a format.
-
Datagg
Any idea where you picked this bugger up????
I'd like not to go there.
-
Datagg
Any idea where you picked this bugger up????
I'd like not to go there.
I was surfing the net looking at compition Lingerie sites. I clicked on one, it was on google, the ones to the right side, the ones who pay to get listed there. I dont recall the name of it, but it was as of thursday in the top 3 pages. When I hit that sucker, avast lit up, browser went nuts, outpost shut off, avast died, i quickly disconnected modem at that point, i thought I was in a war zone. So thru all of that, I just cant remember the name of that site. i did write to google though, and told them that someone has this haxdoor, and is deleivering it thru some kind of pop up jave redirect or something. Havent heard back from them, not really counting on it either.
But, im sure if avast didnt shut off, and outpost also along with it, I woulda been ok. But obviously that didnt happen. So now, I bought the paid version of Process Guard and am protecting these programs tighter than a drum so no more tampering can be done to them. Hopefully, I can suggest in all sincerity that you all consider if you havent allready, to purchase PG, or at least get the free version so you can protect one program. I thought, till then , that I was really secure, times change though, and these new viruses, trojan combos bring up a whole new level of awareness. Basicaly,in a nutshell, your protecting programs need protection too.
Have a great 4th yall, be safe and bless you all.....
-
Thanks for the quick come back Datagg
I use WinPatrol, Ad-watch Monitoring, Webroot SpySweeper,Outpost fire wall and of couse, Avast! Between all of them. I have been well protected.
-
OK, though I'd give you all an update. I was going to reformat and reinstall, but though I'd dig a little and see what I could find. Searched though the windows directory and notcied a file that looked suspicious. Went to MadMax's site and went to Kaspersky and had the file scaned. This is what it found:
Scanned file: sdksl32.exe
sdksl32.exe - packed with UPX
sdksl32.exe - infected by TrojanDownloader.Win32.Agent.aq
Gee, wonder why I got so many trojans... Anyway, just deleted the file so I'll see how it goes now.... after I check my other computer on the network! Thanx again all!
-
Wow! I occasionally click on these Google ads - will never do so again after reading about what happened to you!
So sorry you've had so much trouble.
-
madrith
Your Avatar is much to big. Please change it or shrink it... Thanks