Hi,
1) you mustn't have two AV-Monitors=Guards=Resident Shields = On-Access-Scanners running together on the PC; disable one of them (either AVG's or Avast'S) permanently
(Although by some strange coincidence AVG & avast SOMETIMES work together, this usually leads to tears, chaos & desctruction
2) Apply all Service Packs & patches via IE-> Extras->Windowsupdate
3) secure your IE-Browser, so that activeX & scripting is disabled, except for know, secure sites
4) Disable RESTORE
5) Clean your IE-Cache: Close all programs & Browser windows, then got COntrol panel -> Internet options -> General -> Delete files -> Include OFFLINE files -> OK
6) Empty ALL TEMP-folders manually
7) spybot, ad-aware and cwshredder might also help:
install & update them, then reboot in SafeMode (repeatedly press F8 when booting, until menu appears); Scan & fix with the above TWICE in SafeMode
see
www.lurkhere.com ->nicefiles and
www.lavasoft.de***
Then do a complete thorough scan with avast (AVG-Monitor must be disabled for this:
then list for EACH virus/trojan:
- exact Virus name
- Where exactly was the infected File found (full path/folder/filename, e.g c:\Windows\system32\virusfile.exe) ?
General advice:
Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP (
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..
test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)
(If they all don't show it as infected, please send it in a password-protected zip-file to
virus@free-av.de/virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)
-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google
general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
if you still can't remove it, you could post a logfile of Hijackthis here
-Secure your system:
change passwords, secure shares, install patches/updates for WIN&IE;
disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean
- If needed, reenable system restore on Win ME/XP
Further Details and Links via the board search above