Author Topic: Help, please, got Win32:Lager-T Virus  (Read 4667 times)

0 Members and 1 Guest are viewing this topic.

nicelad_uk

  • Guest
Help, please, got Win32:Lager-T Virus
« on: September 06, 2006, 08:26:40 PM »
Hello,

Just wondered if anyone could help.

I have the above Virus on my machine but Avast wont remove it. When windows loads it says that it is infected with the virus, I move it to the chest and then its there agian when i turn the machine on.  I've deleted it and renamed it, but still, its there again.

Any help would be much appricated, thanks

Rich

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87063
  • No support PMs thanks
Re: Help, please, got Win32:Lager-T Virus
« Reply #1 on: September 06, 2006, 08:47:41 PM »
What was the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
What is your OS ?
If you have XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, 'Schedule boot-time scan...'

It is likely that this Trojan (not virus) is a multi-part trojan and is being restored but other elements.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode, Ewido anti-spyware If using winXP. or a-Squared free if using win98/ME.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nicelad_uk

  • Guest
Re: Help, please, got Win32:Lager-T Virus
« Reply #2 on: September 06, 2006, 09:01:58 PM »
Hi there,

Thanks for the quick reply.

Im on Windows XP Professional, i'm just doing the boot time scan, which seems to be moving them to the chest ok.  The file is in C:\windows\system32\taskdir.dll

Thanks again

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Help, please, got Win32:Lager-T Virus
« Reply #3 on: September 06, 2006, 09:18:09 PM »
Im on Windows XP Professional, i'm just doing the boot time scan, which seems to be moving them to the chest ok.  The file is in C:\windows\system32\taskdir.dll
And even doing this the infection comes back?
Did you try ewido and a-squared programs?
The best things in life are free.

nicelad_uk

  • Guest
Re: Help, please, got Win32:Lager-T Virus
« Reply #4 on: September 06, 2006, 09:30:18 PM »
Yeah, it still came back.

Im just doing the scan with ewido now.

Ill let you know

Thanks

Rich

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Help, please, got Win32:Lager-T Virus
« Reply #5 on: September 06, 2006, 09:52:09 PM »
Yeah, it still came back.
Did you disable System Restore? http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
Did you clean your temporary files?
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33576
  • malware fighter
Re: Help, please, got Win32:Lager-T Virus
« Reply #6 on: September 06, 2006, 09:53:52 PM »
Hi nicelad_uk.

Here is a nice cleansing routine for this trojan for you, read it carefully to be advised as what to do.
http://www.geekstogo.com/forum/lofiversion/index.php/t65431.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

nicelad_uk

  • Guest
Re: Help, please, got Win32:Lager-T Virus
« Reply #7 on: September 06, 2006, 09:58:46 PM »
Yeah, it still came back.
Did you disable System Restore? http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
Did you clean your temporary files?

Hi,

Yes, system restore is disabled and I cleaned the tifs before I did the scan.

Just waiting for this ewido to come back, its found 5 proxy.lager.aq so far, so hopefully, once removed, might be a winner.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87063
  • No support PMs thanks
Re: Help, please, got Win32:Lager-T Virus
« Reply #8 on: September 06, 2006, 10:09:21 PM »
Let us know the outcome, welcome to the forums.

Once in the clear you can enable system restore.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

yairmov

  • Guest
Re: Help, please, got Win32:Lager-T Virus
« Reply #9 on: September 21, 2006, 09:55:18 AM »
Hi,
I have been infected by the same Trojan yesterday... :(
I keep getting the message that the file taskdir.dll in windows\system32 is infected by win32:lager-t.
I tried following the advice you gave here but it still comes back
does someone have any more ideas?

Thanks a lot
Yair

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87063
  • No support PMs thanks
Re: Help, please, got Win32:Lager-T Virus
« Reply #10 on: September 21, 2006, 02:53:50 PM »
What is your OS ?
Can you explain What actions have you taken to try and resolve the problem ?
Not that we/I don't believe you but there were a lot of options and if we don't know exactly what you did we might either suggest something you tried or not suggest something because we THINK you have tried it.

For instance, did you run Ewido or a-squared from safe mode ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

yairmov

  • Guest
Re: Help, please, got Win32:Lager-T Virus
« Reply #11 on: September 21, 2006, 03:53:51 PM »
Hi,
I'm running win xp pro sp2.
I've tried a couple of boot-time scans, a couple of scans using ewido in safe mode
one scan of adaware deleting of temp files and dissabling system restore.
most of them (not adaware) found lots of trojans, mostly in c:\windows\system32\taskdir.dll and files called something like vx2.game in various places and deleted them - but they all come back.
Plus my task manager is unavailable - i get the message: "task manager was dissabled by your system administrator"

I think that's all of it :)
thanks so much
Yair

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87063
  • No support PMs thanks
Re: Help, please, got Win32:Lager-T Virus
« Reply #12 on: September 21, 2006, 04:32:22 PM »
This puts a whole different slant on things with Task Manager disabled it could be other virus/worm at work. This although not directly related mentions other viruses that can disable task manager, regedit and msconfig http://forum.avast.com/index.php?topic=23589.0

Something could well be doing a good job of hiding things, see Hidden things http://invisiblethings.org.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security