Help for removal tools

[Brummbaer]

I'm searching for removal tools 'cause my PC is affected by various viruses: Win32:Opas; Win 32:Trojan-gen {UPX!} and Win:Trojan-gen {VC}; Win32:IstBar-AC and Win32:IstBar-AJ; and the older Discreen {Joke}
Who can help me?
Thank you in advance.
PS: My OS is Win2000Pro SP4 on a not bootable NTFS partition.

[galooma]

Hi and welcome ,
im presuming you have avast as your antivirus .
 check your add remove programs for anything you dont recognise firstly as this is the easiest way of uninstalling programs.
next navigate here http://spyros.atspace.com/ and download the free programs EWIDO and maybe SPYBOT S & D.
Install those and update them then clean out all your temp files.
 next shedule a boot time scan with avast (check help files for how) then scan with the other two and report back on what you have left
good luck

[Brummbaer]

Hi and welcome ,
im presuming you have avast as your antivirus .
 check your add remove programs for anything you dont recognise firstly as this is the easiest way of uninstalling programs.
next navigate here http://spyros.atspace.com/ and download the free programs EWIDO and maybe SPYBOT S & D.
Install those and update them then clean out all your temp files.
 next shedule a boot time scan with avast (check help files for how) then scan with the other two and report back on what you have left
good luck

Thank you for the suggestions. I hope they 're good. I can tell you that I used Avast4Home on a backup of my Outlook Identity and discovered the malware. On the Win2k partition I installed and updated the Norton Internet Security 2003 successless. It's incredible!!! In that Win2K partition finishing boot all programs links don't work giving a dbox of missing association. Spybot & Search gave me before this malfunction a warning of changing the registry. In fact, regedit.exe don't function anymore.
I' ll try.

[chippe]

Instead of creating a new thread I'll just steal this one! 
My problems started about two days ago when I was trying to install the latest version of Alcohol 120%, after the install avast! prompted me with several warnings about viruses and Trojans. I chose delete and the prompts just disappeared. Just to be safe I started a thorough scan and after a couple of hours avast! found about 70 viruses/Trojans. Most of them could be removed but 20 or so couldn't be deleted, repaired, put in a chest or moved/renamed.

With a little help from HijackThis and Spybot S & D all of them except two malwares were removed, Win32: Trojan-gen {VC}. After another avast! thorough scan I could successfully move/rename these files and then delete them using avast!, but after scanning again they reappeared in the same folder as before with the same names. I haven't tried to do a boot scan because the last time I tried with another virus the shit hit the fan and I had to reinstall windows and everything. And after googling about this Trojan (Win32: Trojan-gen {VC}) and the file it was hiding in pwservice.exe I found out that others had also encountered problems when trying to do a boot scan.

I know that pwservice.exe is a hacktool that steals windows password hashes and I actually have no idea how it got there, since it has to be manually installed. The problem also is that the file is found in D:\System Volume Information\_restore{B445E914-6527-4311-909C-31002F7BB52F}\RP303\A0041317.MSI\Cabs1.w1.cab\pwservice.exe and pwservice.exe3, I can't access that file manually and it seemingly can't be removed using avast!, HijackThis or spybot S&D. Note that I have already disabled the system restore function so if a reboot would be performed any malware should not be recreated or restored.

My question now is most obviously how do I remove this malware? Would a boot scan perform more efficient and most likely remove the Trojan or should I start up in safe mode and try removing it that way? All suggestions are welcome with open arms! By the way I am using Windows XP Home Edition V.2002 SP2.

/Chippe

[galooma]

if your problems are only in D/system volume information then you have nothing to worry about, by disabling system restore you have emptied all your restore points and thereby the contents of that folder as well.
for future reference it might be best if you move to chest from a boot scan as this is the optimum way to catch files not in use and if they are system files you can always replace them if they are needed to boot (for instance)
It sounds like you had a heap to start with so if you need any more help put a HJT log in your next post and someone can check it for you
good luck 

[chippe]

Thanks for the help Cloussau. I'll schedule a boot scan now and hopefully everything will be fine. Then I'm going out to by an external harddrive, copy important files and clear out my computer. Thanks again.

/Chippe

[DavidR]

Hi Cloussau, using a yellow highlight on a light background is difficult to detect, not a problem for a famous detective, I know, but for us mere mortals almost invisible

[kejti]

hey How I can check is there in site any antiviruses?

[DavidR]

Not sure what it is you want to check ?

Educated guess:
http://www.eicar.com/
http://www.eicar.org/anti_virus_test_file.htm
Web Shield Test
http://www.eicar.org/download/eicar.com
- JPEG Exploit Test
http://www.nod32.de/download/jpegcompoc.jpg http://www.nod32.de/download/jpegcompoc.zip

EMAIL VIRUS TEST
You can test the security of your email system here: http://www.gfi.com/emailsecuritytest/

[galooma]

my apologies David, im so used to the helios theme that yellow is one of the best to view text in. Maybe in future i`ll use italic 

[DavidR]

No Problem, if you look at the profile, change theme bit, you will see only 38 are using the Helios (dark background) theme and 26,078 are using the (light background) ALWIL Classic Theme, the board default and 108 are using the combined other themes (also a light BG).

So any colour that contrasts well with a light background would suit the majority