Author Topic: Win32:Horst-GV [Trj] (Read 5121 times)

pogopinchers · « **on:** March 02, 2007, 01:11:08 AM »

Avast has been Warning me of this virus/malware for over a month now yet it doesnt seem to be able to do anything about it. I have chosen move to chest yet within an hour or so the warning appears again. I have chosen Delete and this doesn't work either.

It's driving me nuts with it constantly appearing...and my computer has definitely been running a lot slower of late, maybe because of this?

The file where the virus is (saying that Avast reports as Malware), is as below...

C:\\Documents and Settings\All Users\Documents\setup.exe\[UPX]

I've tried scanning with....Adaware, Spybot Search & Destroy, SuperAntiSpyware and AVG Anti-Spyware but none of these programs are able to find anything. I also uninstalled Avast and scanned using a different virus software program - NOD32, but this didnt find anything, when I moved back to Avast the warnings started appearing again.

I'm not that technical when it comes to computers but I know bits.....any suggestions anyone pleeease!?

Thanks

DavidR · « **Reply #1 on:** March 02, 2007, 01:40:29 AM »

A forum search for horst-gv will return some hits, this is just one of them, read it through and try to follow.

Lisandro · « **Reply #2 on:** March 02, 2007, 03:55:18 AM »

If a virus is replicant (coming and coming again), you should:

1) Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

2) Clean your temporary files. You can use the Windows Advanced Care features for that.

3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting). The best option is send the file to Chest (Quarantine).

4) It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers) If the step three fails...

5) For the future, use the immunization of Windows Advanced Care features of spyware/adware cleaning and removal.

pogopinchers · « **Reply #3 on:** March 04, 2007, 09:06:19 PM »

I've downloaded and used Advanced Windows Care to clear up temporary files and system etc.
I've also used both malware programs you mentioned these havent worked plus a handful of other spyware etc programs.
I tried to email the file to avast from the chest as nothing seems to be working but it then says it cant even find the file!
So why's there a virus being found on a file that it cant find?
I explorered manually through to the location of the file but there is not even a folder called \Documents in which is file is supposedly located.
Any ideas?
Also, I dont understand how a system restore is going to help sorry can you explain? If avast isnt actually removing the file or indeed even moving to the chest you'd assume if it keeps appearing how will doing a or turning off system restore help?
Thanks in advance.

Lisandro · « **Reply #4 on:** March 04, 2007, 09:46:07 PM »

Quote from: pogopinchers on March 04, 2007, 09:06:19 PM

I tried to email the file to avast from the chest as nothing seems to be working but it then says it cant even find the file!

Can you post a screenshot of the error message?
Are you logged as an administrator of this computer (or common user)?

Quote from: pogopinchers on March 04, 2007, 09:06:19 PM

So why's there a virus being found on a file that it cant find?
I explorered manually through to the location of the file but there is not even a folder called \Documents in which is file is supposedly located.

Are you sure you're seeing 'hidden files' AND 'system files' into Windows Explorer folder options?

Quote from: pogopinchers on March 04, 2007, 09:06:19 PM

Also, I dont understand how a system restore is going to help sorry can you explain? If avast isnt actually removing the file or indeed even moving to the chest you'd assume if it keeps appearing how will doing a or turning off system restore help?
Thanks in advance.

The System Restore is used to store old version files. Viruses use this feature to hide themselves and replicate the infection.

pogopinchers · « **Reply #5 on:** March 04, 2007, 10:17:52 PM »

Im not sure how to get a print screen in here so I'll copy what it says into here.

In an "Emailing selected files" window it says.......

In the Resume tab.
- "Emailing selected files
Action was completed with errors!"

In the Errors Report tab.
- "Program cannot delete the following file: C:\DOCUME~1\Samwise\LOCALS~1\Temp\_avast4_\unp54458039.tmp
--->Description: The system cannot find the file specified"

In the Detailed Information tab.
- Emailing selected files
------------------------------------------------------------------------------------------
The program will try to email 1 selected file(s) from the Chest to ALWIL Software
The following file has been sent by email:
C:\DOCUME~1\Samwise\LOCALS~1\Temp\_avast4_\unp54458039.tmp
Original file name:
C:\Documents and Settings\All Users\Documents\setup.exe

------------------------------------------------------------------------------------------
Action was completed with errors!

I have show hidden files enabled but I'm not sure about System files, where do I check that?

Do you still recommend I disable system restore? I understand what you said....but should I do disable it then enable it again afterwards or something....how does it work?

Thanks for your patience!

Lisandro · « **Reply #6 on:** March 04, 2007, 11:59:59 PM »

Quote from: pogopinchers on March 04, 2007, 10:17:52 PM

Im not sure how to get a print screen in here so I'll copy what it says into here.

http://forum.avast.com/index.php?topic=8982.0

Quote from: pogopinchers on March 04, 2007, 10:17:52 PM

I have show hidden files enabled but I'm not sure about System files, where do I check that?

Windows Explorer > Tools > Folder options > View (or visualization, I'm not sure as my OS is not in English).

Quote from: pogopinchers on March 04, 2007, 10:17:52 PM

But should I do disable it then enable it again afterwards or something....how does it work?

Yes, disable, apply, then enable it again.

FreewheelinFrank · « **Reply #7 on:** March 05, 2007, 08:54:26 AM »

Hi pogopinchers,

Have you got a firewall running?

If not, somebody may be controlling your computer remotely.

If you only have Windows' firewall (or worse, nothing) I'd recommend you install a good third party firewall like Zone Alarm Free and be very careful what connections you allow in and out.

http://www.zonelabs.com/store/content/support/zasc/gettingStarted.jsp?anchor=alerts&lid=zasupp_u

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=The+MEDBOT+Menace

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FHORST%2EGF&VSect=P

It may be worth running the specialist worm removal tool Stinger to look for Medbot:

http://vil.nai.com/vil/stinger/

mauserme · « **Reply #8 on:** March 07, 2007, 02:56:04 AM »

A hijackthis log could be helpful. Can you post one.

Author Topic: Win32:Horst-GV [Trj] (Read 5121 times)

pogopinchers

Win32:Horst-GV [Trj]

DavidR

Re: Win32:Horst-GV [Trj]

Lisandro

Re: Win32:Horst-GV [Trj]

pogopinchers

Re: Win32:Horst-GV [Trj]

Lisandro

Re: Win32:Horst-GV [Trj]

pogopinchers

Re: Win32:Horst-GV [Trj]

Lisandro

Re: Win32:Horst-GV [Trj]

FreewheelinFrank

Re: Win32:Horst-GV [Trj]

mauserme

Re: Win32:Horst-GV [Trj]