Revop.C & PSW.Briss.A

[Trojanhater]

   I am feeling very confused after reading lots of info on the above, but still do not know what to do about it!  

My pc seems to be infected with them.  After scanning with AVG they were sent to the virus vault and deleted.  But when I reboot 'hey presto' they reappear!    

I have tried going into safe mode and quarantining them, to no avail.  The little blighters pop up again and I'm back where I started!

I've written endless notes on pieces of paper and I'm afraid they are in no particular order now .  Although I'm sure it will make sense to the computer literate out there!  So here goes .........

C: WINDOWS\TEMP\BDL14025.EXE  (refering to Revop.C)

C:\WINDOWS\SYSTEM\bridge.dll (this one isn't coming up today).

Trojan Downloader.240 (hasn't come up today)

WINDOWS\SYSTEM\A.EXE

WINDOWS\TEMP\BDL14025.EXE

C:WINDOWS\TEMPORARY INTERNET FILES\CONTENT\IE5\KR

C:\_RESTORE\TEMP\A0073774.CPY CANNOT BE REMOVED

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\57UZUFSH\BDL140~1.EXE

It was also suggested that I should disable system restore before running a virus scan, but this did not work either.

Please explain simply as possible how to get rid of this so my children can have their computer and mother back!

I would also be interested to know how I can protect myself from this in the future.

Thank U!  

[Trojanhater]

I have now scanned with Avast and I have an application called ofefgx in the recycle bin.  Should I delete this?

In the chest I have Infected File Del7112.TMP.  Is it safe to also delete this?

I do not understand why System Files kernel32.dll, wsock32.dll and command.com are in the chest?  Do they have some kind of virus?  I don't know what I should do with them.

Also, while I was scanning with Avast, AVG popped up once again with revop.C and Briss.A.  Avast didn't pick this up.  Maybe I should have disabled AVG.

Should I have run Avast in safe mode?

So many questions, wish I had some answers!

Pleeeez tell me how to get rid of this once and for all!

[whocares]

Hi,

1) you mustn't have two AV-Monitors=Guards=Resident Shields = On-Access-Scanners running together on the PC; disable one of them (either AVG's or Avast'S) permanently
(Although by some strange coincidence AVG & avast SOMETIMES work together, this usually leads to tears, chaos & desctruction

2) Apply all Service Packs & patches via IE-> Extras->Windowsupdate

3) secure your IE-Browser, so that activeX & scripting is disabled, except for know, secure sites

4) Disable RESTORE

5) Clean your IE-Cache: Close all programs & Browser windows, then got COntrol panel -> Internet options -> General -> Delete files -> Include OFFLINE files -> OK

6) Empty ALL TEMP-folders manually

7)  spybot, ad-aware and cwshredder might also help:
install & update them, then reboot in SafeMode (repeatedly press F8 when booting, until menu appears); Scan & fix with the above TWICE in SafeMode

see www.lurkhere.com ->nicefiles and www.lavasoft.de

***
Then do a complete thorough scan with avast (AVG-Monitor must be disabled for this:
then list for EACH virus/trojan:
- exact Virus name
- Where exactly was the infected File found (full path/folder/filename, e.g c:\Windows\system32\virusfile.exe) ?


General advice:

Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

(If they all don't show it as infected, please send it in a password-protected zip-file to
virus@free-av.de/virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can't remove it, you could post a logfile of Hijackthis here


-Secure your system:
   change passwords, secure shares, install patches/updates for WIN&IE;
   disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean
- If needed, reenable system restore on Win ME/XP


Further Details and Links via the board search above