Author Topic: Virus in temp  (Read 168617 times)

0 Members and 1 Guest are viewing this topic.

fishpier

  • Guest
Re: Virus in temp
« Reply #15 on: October 25, 2005, 06:28:32 PM »
hi, I'm new at this so please bear with me. I have avast 4.6 and run XP. keep getting a scanner warning about Win32:Adan- 094, http:/195.95.218.100/users/serg/web/filers/images/bndmod.jpg, and Win32:Adan-078, http://195.95.218.100/users/serg/web/files/images/hlmicro.jjpg. , every 5 minutes. I have Spyware Blaster, SpybotSearch, Ad-Aware Search and Microsoft anti spyware and can't get rid of this. Please help

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Virus in temp
« Reply #16 on: October 25, 2005, 06:48:33 PM »
Please can you post in a new topic.

Copy this then go back to viruses and worms, hit the new topic button and paste your post there.

Cheers.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Virus in temp
« Reply #17 on: October 25, 2005, 08:12:27 PM »
You can also do a forum search for Win32:Adan as this is a very frequently discussed topic.

These detections are I believe being picked up by the web shield so it shouldn't be on your system. There is obviously something else on your system or your browsing habits take you to some suspect sites. But this as Frank said should be fully discussed in a topic related to this.
« Last Edit: October 25, 2005, 08:15:49 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

winfixer

  • Guest
Re: Virus in temp
« Reply #18 on: October 27, 2005, 03:55:28 PM »
I erased files from temp directory, but the virus created it's files there again and again.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Virus in temp
« Reply #19 on: October 27, 2005, 04:22:28 PM »
Which temp directory, can you give a full path and file name of the infected file,
example (C:\windows\system32\infected-filename.xxx)?

If it comes back time and again, there is either other elements restoring it or you keep visiting the same sites that infected you previously.
Does it come back to in same location and same filename or just the same wim32:adan malware name?

What is your OS?
What is your Browser?
What is your firewall?
Are they all up to date?

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Virus in temp
« Reply #20 on: October 28, 2005, 03:03:27 AM »
I erased files from temp directory, but the virus created it's files there again and again.
Too many newbies here... don't coming back to get support or answer the questions  :P
Some recurring infections could be solved with a boot-time scanning:
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.
You need XP or 2k to run it.

Other option is scanning in SafeMode (repeatedly press F8 while booting). Other is disabling System Restore, boot, enable it again.
The best things in life are free.

TheBridge

  • Guest
Re: Virus in temp
« Reply #21 on: November 24, 2005, 12:07:45 AM »
try the (old) cleaner of Steven Gould version Clean Up 3.1.2.0 !!
that's how I got rid of some nasty viruses which kept
reproducing in the TEMP.
Just enter Steven Gould in yr Google bar

Good luck.  :)


AZboyinWI

  • Guest
Re: *** Advice&Tools for virus/trojan/malware Removal & Prevention***
« Reply #22 on: February 11, 2006, 12:13:08 AM »
 Disable system restore?  with mine being in the temp folders, would I also have to do this? I'm confused. In advance, let me say thank you ??? ???
ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Virus in temp
« Reply #23 on: February 11, 2006, 01:00:12 AM »
There is little point in quoting this in isolation, as it doesn't show why Bob offered the advice to disable system restore. One of his files was in a restore point, part of system restore.
Quote
C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif

The only way to deal with this is to disable system restore. His other file being in temp could have been dealt with without doing that, it was the combination of locations that required it.

So in your case you shouldn't need to, unless there are more in the restore points or in the windows systems folders.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

AZboyinWI

  • Guest
Re: Virus in temp
« Reply #24 on: February 11, 2006, 02:36:24 AM »
I'm so Sorry the llama slept through it,  got cha- thank you! :-[

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Virus in temp
« Reply #25 on: February 11, 2006, 02:44:46 PM »
No problem, thankfully the llama is awake now ;D

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

njz

  • Guest
Re: Virus in temp
« Reply #26 on: December 28, 2006, 09:27:09 PM »
Hi.
I've just received this on ICQ:

Quote
хай
http://fifi.1gb.ru/my_photos.exe
мои фото в архиве

I think, it's a new worm.




Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Virus in temp
« Reply #27 on: December 28, 2006, 11:25:17 PM »
Please don't post live links to suspect files, modify your post and break the URL so it isn't clickable.

e.g. http :// fifi.1gb.ru/my_photos.exe

Incidentally DrWeb link checker doesn't detect anything.

What makes you think it is a new worm ?

This should really have been in a new Topic in its own right.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: Virus in temp
« Reply #28 on: December 28, 2006, 11:37:02 PM »
Further update avast does detect this as:
28/12/2006 22:25  Sign of "Win32:Agent-AGW [Trj]" has been found in
"http :// fifi.1gb.ru/my_photos.exe" file. 

However a VirusTotal check shows it is only detected by a few other AVs strangely not by avast (looks like VirusTotal isn't working with an up to date VPS).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gmwnz

  • Guest
Re: Virus in temp
« Reply #29 on: January 25, 2007, 01:14:27 AM »
Hi.. I'm a new arrival.  My programme has today detected viruses and they have been sent to the virus chest.  But here's the big question.. where on earth is the chest??  I've read the help notes and found how to use the chest.. but cannot actually locate it??  Any help appreciated