Virus in temp

[fishpier]

hi, I'm new at this so please bear with me. I have avast 4.6 and run XP. keep getting a scanner warning about Win32:Adan- 094, http:/195.95.218.100/users/serg/web/filers/images/bndmod.jpg, and Win32:Adan-078, http://195.95.218.100/users/serg/web/files/images/hlmicro.jjpg. , every 5 minutes. I have Spyware Blaster, SpybotSearch, Ad-Aware Search and Microsoft anti spyware and can't get rid of this. Please help

[FreewheelinFrank]

Please can you post in a new topic.

Copy this then go back to viruses and worms, hit the new topic button and paste your post there.

Cheers.

[DavidR]

You can also do a forum search for Win32:Adan as this is a very frequently discussed topic.

These detections are I believe being picked up by the web shield so it shouldn't be on your system. There is obviously something else on your system or your browsing habits take you to some suspect sites. But this as Frank said should be fully discussed in a topic related to this.

[winfixer]

I erased files from temp directory, but the virus created it's files there again and again.

[DavidR]

Which temp directory, can you give a full path and file name of the infected file,
example (C:\windows\system32\infected-filename.xxx)?

If it comes back time and again, there is either other elements restoring it or you keep visiting the same sites that infected you previously.
Does it come back to in same location and same filename or just the same wim32:adan malware name?

What is your OS?
What is your Browser?
What is your firewall?
Are they all up to date?

[Lisandro]

I erased files from temp directory, but the virus created it's files there again and again.

Too many newbies here... don't coming back to get support or answer the questions 
Some recurring infections could be solved with a boot-time scanning:
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.
You need XP or 2k to run it.

Other option is scanning in SafeMode (repeatedly press F8 while booting). Other is disabling System Restore, boot, enable it again.

[TheBridge]

try the (old) cleaner of Steven Gould version Clean Up 3.1.2.0 !!
that's how I got rid of some nasty viruses which kept
reproducing in the TEMP.
Just enter Steven Gould in yr Google bar

Good luck. 

[AZboyinWI]

 Disable system restore?  with mine being in the temp folders, would I also have to do this? I'm confused. In advance, let me say thank you ??? ???

ajr
Welcome to the forum.
1. clean out your temp. files
2. Disabel system restore to clean out the infected file that's currently in a system restore file.
3. Reboot your system.
4. Re-enable System Restore if you intend to to continue using it.

[DavidR]

There is little point in quoting this in isolation, as it doesn't show why Bob offered the advice to disable system restore. One of his files was in a restore point, part of system restore.

C:\System Volume Information\_restore{44BADFAE-8C81-47AF-AC66-E4E3243282A4}\RP43\A0010720.pif

The only way to deal with this is to disable system restore. His other file being in temp could have been dealt with without doing that, it was the combination of locations that required it.

So in your case you shouldn't need to, unless there are more in the restore points or in the windows systems folders.

[AZboyinWI]

I'm so Sorry the llama slept through it,  got cha- thank you!

[DavidR]

No problem, thankfully the llama is awake now

Welcome to the forums.

[njz]

Hi.
I've just received this on ICQ:

хай
http://fifi.1gb.ru/my_photos.exe
мои фото в архиве

I think, it's a new worm.

[DavidR]

Please don't post live links to suspect files, modify your post and break the URL so it isn't clickable.

e.g. http :// fifi.1gb.ru/my_photos.exe

Incidentally DrWeb link checker doesn't detect anything.

What makes you think it is a new worm ?

This should really have been in a new Topic in its own right.

[DavidR]

Further update avast does detect this as:
28/12/2006 22:25  Sign of "Win32:Agent-AGW [Trj]" has been found in
"http :// fifi.1gb.ru/my_photos.exe" file. 

However a VirusTotal check shows it is only detected by a few other AVs strangely not by avast (looks like VirusTotal isn't working with an up to date VPS).

[gmwnz]

Hi.. I'm a new arrival.  My programme has today detected viruses and they have been sent to the virus chest.  But here's the big question.. where on earth is the chest??  I've read the help notes and found how to use the chest.. but cannot actually locate it??  Any help appreciated