Almost Ready to Give Up

[CoJo]

Hello again everyone!!

well, I am still having trouble with installing avast!...or there is still trash from Norton!
I going to read as many forums as I can and get as much information as I can. I am a baby in diapers--making messes--as far as knowing anything about the *inner workings**of a computer.
so I am going to start with very basic things and work my way up to knowing more than I do now

One question, please? when I do a boot scan, all is fine. when I run a through scan, it alerts me to Win32.CTX virus which I then quarantine...but it happens everytime I do these actions and i don't understand why...
any advice?

thank you!
CoJo

[Lisandro]

Hello again everyone!!
well, I am still having trouble with installing avast!...or there is still trash from Norton!

Take a look, if you did not yet, Norton Uninstalling.

What file is infected with Win32.CTX virus?
Do you try to repair before sending to Virus Chest (Quarentine)?
Could you post your starup programs list?
Good luck  

[CoJo]

hello Tech!

I am going to follow the instructions in that thread today...have to do something 'cause my email is not working on Outlook Express again ( I'm using my bellsouth.net account for now)

the infected file shows in:
documents and settings\donna holt\local setttings\temporary--then I cannot see anything after that.
I haven't tried the repair just the quarantine.
My start up:
IE
OE
ashdisp
ashmaisv
ashServe
avast! Antivurus
Notepad
WordPad
ad-watch

I have to manually start any avast! program.
and an interesting thing happened last night and this morning...I received a notification from
Net Delivery Service
A virus was intercepted before being routed to you and was destroyed. If you believe the sender’s address is valid, please inform him or her of the situation. Please note that even though the source may be a known and valid e-mail address, such e-mail messages are often sent out without the knowledge of the sender.

Fichier infecté/ Infected file name: noname.htm
Nom du virus/Virus name: Exploit-MIME.gen.b

A virus was intercepted before being routed to you and was destroyed. If you believe the sender’s address is valid, please inform him or her of the situation. Please note that even though the source may be a known and valid e-mail address, such e-mail messages are often sent out without the knowledge of the sender.

Fichier infecté/ Infected file name: dobzxco.exe
Nom du virus/Virus name: W32/Swen@MM

L'équipe TELUS Québec / Team

not sure what this means

Thank you!
CoJo

[raman]

Wordpad and  notepad aren´t normaly start at Startup. Make a hijackthislog and post it here:
http://www.lurkhere.com/~nicefiles/

[CoJo]

hello raman
I am very sorry, but I don't know how to do that

coJo

[igor]

Raman is suggesting that you go to the mentioned URL, download a tool called "HijackThis" and let it generate the log of your startup files (which is rather well hidden in the program: Config/Misc Tools/Generate StartupList log"). You can download the standalone StartupList tool from that page as well.

Having a notepad and wordpad in startup is a little suspicious...

The messages you get means that somebody (who has your e-mail address in his/her address book and got infected by the Swen virus) is sending the Swen virus to you (i.e. the virus is spreading). Since you can't find out who really sent it (the e-mail "From" field is forged), you can safely ignore this notification.

[raman]

I am very sorry, but I don't know how to do that

No Problem. Download and unpack the zip, start the exe-file(hijackthis.xe?) Press scan, than save log,  save it and the windowseditor will pop up. Mark/copy all the thing it shows and past it here.

[raman]

I do not see any special on your log.  Support.com\bin\tgcmd.exe could be classified as Spyware. I see that you use Adaware allready , maybe you should try spybotSD, too.

Hm, what can be the english word for "Datentraegerbereinigung".
You should find it under all programms/accessories/systemprogramms. It could be called "harddisccleaning"?
That means you should delete your temporary folder and temporary internet files( IE -Cache).
All files inside this folder: C:\Documents and Settings\DONNA HOLT\Local Settings\Temporary Internet Files
and this
C:\Documents and Settings\DONNA HOLT\Local Settings\Temp\


BTW: I can not find a startup for Notepad or wordpad.

[CoJo]

Raman, thank you, sir, for your advice!
I installed and ran spybot and deleted some nasty stuff--although it's in a safe place in case I goofed

I checked for disk erorrs, defraged. and empytied the cache...in other words, I cleaned up as much as I knew how to do.

Also, when I did a through scan this time, I marked repair all...I'll scan again later and see if CTX is still there.
When I hover over the avast! icon--activated manually--it says: on access scanner 6 provider(s) total 5 running...is this something that I need to correct??

[CoJo]

Forgive me for not ending my reply more graciously!

thank you!

CoJo

[Lisandro]

Raman, thank you, sir, for your advice!
I installed and ran spybot and deleted some nasty stuff--although it's in a safe place in case I goofed

I checked for disk erorrs, defraged. and empytied the cache...in other words, I cleaned up as much as I knew how to do.

Also, when I did a through scan this time, I marked repair all...I'll scan again later and see if CTX is still there.
When I hover over the avast! icon--activated manually--it says: on access scanner 6 provider(s) total 5 running...is this something that I need to correct??

Cojo, what were the result of the scanning?
For your question, on access scanner 6 provider(s) total 5 running..., this means one of the six avast! modules (resident providers) is not running. It's not wrong but, could you see is avast! is correctly configurated for your need? Right click the 'a' icon, choose, 'On-Access Protection Control'.

The six residents providers are:

- Standard Shield. It checks the applications being run and documents being opened. It will not allow an infected application to start or an infected document to be opened, thus possibly protecting you, the user from activating/spreading a virus
- Outlook/Exchange. It checks incoming and outgoing e-mail messages processed by MS Outlook client (it is part of the MS Office package - it is not the same as the simpler Outlook Express!) or MS Exchange. It will refuse to accept or send a message containing a viral code
- Internet Mail. It checks incoming and outgoing e-mail messages processed by clients other than MS Outlook or Exchange, such as Outlook Express, Eudora etc. Again, it will refuse to accept or send a message containing a viral code

Profession Edition includes also:
- Script blocking. It checks scripts contained in the web pages you look at, thus avoiding infection due to potential bugs in your web browser
- Instant Messaging. It checks the files downloaded by common communication programs, such as ICQ or MSN Messenger
- P2P Shield. It checks the files downloaded by common P2P (file sharing) programs, such as Kazaa and others

Which one is disabled?  

[CoJo]

hello again! and aha...the new through scan I ran found that CTX virus...I tried the repair and it said:
Access Denied
c:\documents and settings\donna holt\local settings\temp\trz195.temp....file
so I put it in the chest again! why does it keep showing up?

I really do appreciate everyone being so kind and patient with me while I get this taken care of...thank you all.

CoJo

[CoJo]

Hi Technical
this is what it is showing me
but I use Outlook Express...

Script blocking:
- Scan scripts in IE and Shell
- Scan scripts in Netscape
- Scan scripts in Mozilla

Internet Mail:
- Scan outbound mail [SMTP]
- Scan inbound mail [POP3]
- Scan inbound mail [IMAP]
- Heuristic sensitivity: medium

Instant Messengers:
- MSN Messenger
- ICQ
- Trillian Messenger

Outlook:
- Scan inbound and outbound mail
- Scan unread messages on open
- Heuristic sensitivity: medium

P2P Shield:
- Kazaa & KazaaLite
- Direct Connect
- Direct Connect++

Filesystem:
- Scan selected files on open

[Lisandro]

If you use Outlook Express you are protected by the Internet Mail provider:

- Scan outbound mail [SMTP]
- Scan inbound mail [POP3]
- Scan inbound mail [IMAP]

Try to find the best avast! configuration for you. If you need help on a specific feature, let us know...

If the file, after the scan and chest operation, continue in the folder, try MoveOnBoot application.

Maybe you will be able to delete the file 'before' the Windows boot and the access to the file is denied...  

[CoJo]

Technical, thank you!
I went to MoveOnBoot but there is nothing called that and I don't know which one to use ...sorry...but, gosh, some of them look good--of course not nearly as good as Avast!

Which one are you recommending, please?

Thank you again...you have done so much to help me, I would like to think of a way to send you a present for you or your family...
CoJ0