Author Topic: I got the anoying virus back that deletes avast.  (Read 7588 times)

0 Members and 1 Guest are viewing this topic.

snakie

  • Guest
I got the anoying virus back that deletes avast.
« on: February 27, 2007, 04:49:35 AM »
 ???  Hi i found out which file that has the virus that ruins my avast installation. Well i packed it in with winrar and send-ed it to analyze to avast hope you guys find a way to brake it. But this time the rootkit remover do-sent help me. it says removing and deleted but i suspect that it is reinstalling it self just after reboot and avast wont work either ???
So now I'm taking a on-line virus check other  places and hopes it get rid of all of them.
I also made a check on the file with Mailware scan. and here is the result:

Scan taken on 27 Feb 2007 03:18:20 (GMT) 
AntiVir  Found HEUR/Crypted 
ArcaVir  Found Trojan.Downloader.Beagle.Bp 
Avast  Found nothing
AVG Antivirus  Found Downloader.Generic3.TSE 
BitDefender  Found Trojan.Downloader.Bagle.BJ 
ClamAV  Found Worm.Bagle-51 
Dr.Web  Found Win32.HLLM.Beagle 
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found Email-Worm.Win32.Bagle.hq 
Fortinet  Found W32/Bagle.BP!tr.dldr 
Kaspersky Anti-Virus  Found Email-Worm.Win32.Bagle.hq 
NOD32  Found probably unknown NewHeur_PE (probable variant) 
Norman Virus Control  Found W32/Mitglied.ACU 
VirusBuster  Found Trojan.Bagle.Gen!Pac20 
VBA32  Found nothing

Well i think this is the file otherwise it is one other possibility but well see about that when or if my system ever get back to normal
 ::)

mauserme

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #1 on: February 27, 2007, 05:15:13 AM »
???  Hi i found out which file that has the virus that ruins my avast installation. Well i packed it in with winrar and send-ed it to analyze to avast hope you guys find a way to brake it.
Thank you.

You never said in the last thread if it was Panda or F-Secure that removed it, but you need to try both.  There seem to be at least 2 variants of this.

Also, since BitDefender caught it download the free version and scan with that

http://www.bitdefender.com/site/view/Download-Free-Products.html

This is a non-resident scanner so it won't provide the real time protection you need, but it may solve the problem.

snakie

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #2 on: February 27, 2007, 12:36:04 PM »
Well sorry i tried panda only since i couldnt find download for the other one but now im still having this probem
starting panda... checking.... removing.... reboot.... clean.... after 1 min. its back checkink.... 2 found removing and so on so on.

So i will try to find the otherone again.. thks

mauserme

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #3 on: February 27, 2007, 01:23:55 PM »
Here's a link to F-Secure Blacklight

http://www.f-secure.com/blacklight/

Download and install Bitdefender and Blacklight and make sure the Bitdefender defienitions are updated.  Then disconnect your computer from the internet, boot into safe mode, and scan from there.

« Last Edit: February 27, 2007, 01:26:08 PM by mauserme »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86927
  • No support PMs thanks
Re: I got the anoying virus back that deletes avast.
« Reply #4 on: February 27, 2007, 03:16:14 PM »
Lets make sure you send a sample to avast this time and hopefully it will be able to include it in the VPS.

If you are getting it back you have a weakness in your security, you need to tighten things down.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

josy1982

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #5 on: February 27, 2007, 04:15:09 PM »
This is what i had meant...in another post ...Avil is for me the best Antivirus but the Defenitions (vps) are not really brand new up to date...i am using Bitdefender Free as my Second Antivirus scanner when i am thinking that avast don't have the Virus in the VPS yet also only for Security reasons i am using a second antivirus only scanner.....

Spiritsongs

  • Guest
More Security than Avast !?
« Reply #6 on: February 27, 2007, 05:11:52 PM »
 :)  Hi Snakie & Josy :

      I hope each of you have more security than just Avast on your
      computers !? Nowadays, should have 1 or more antiSPYWARE/
      antiTROJAN program(s), such as the Good & FREE AVG Antispyware
      ( www.ewido.net ) and/or the FREE version of "SUPERantispyware"
       from www.superantispyware.com .

       And I do NOT recall seeing anything about having a software
       firewall in any of your Posts !?

josy1982

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #7 on: February 27, 2007, 06:04:33 PM »
Ok. Here is it. I am using Progs as follows:

Antivirus:

Avast Home (Primary)
Bitdefender Free (Secondary)

Firewall:

I have a Router with a Firewall in it.

I am using as Software Firewall Comodo 2.4 Pro

Spyware and other related:

1. Spyware Terminator (with Realtime Protection)

2. Adaware SE

3. Spybot Search & Destroy

4. SpywareBlaster

5. From time to time hijackthis


So that's all...

Spiritsongs

  • Guest
Spyware Terminator
« Reply #8 on: February 27, 2007, 06:24:36 PM »
 :)  Hi Josy :

      Did you know that "Spyware Terminator" is by a company called
      "Crawler", who in the past made "rogue/suspect" antispyware products !?

      Would encourage you to read the "Superantispyware vs Spyware
      Terminator" thread on the very good Wilderssecurity Forums at
      www.wilderssecurity.com/showthread.php?t=164428 .

      And as to Spybot; its quality has fallen in recent months and for quite
      some time has NOT been in the top "tier" of "Trustworthy Products" of
      antiSPYWARE Expert Eric Howes at
      www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy .

       Might be wise to add a rootkit "detection" program; recommend
       you start with the Good & FREE "RootkitRevealer" from
       www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

josy1982

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #9 on: February 27, 2007, 06:48:31 PM »
Ok.

Do you know SpywareBlaster? However Spywareterminator is doing his good job not for scanning spyware within the realTime Protection (hips also) and the most " Free progs" don't have it or disabled (only in the buy version).

So i will check the Links that have you posted.
« Last Edit: February 27, 2007, 06:54:32 PM by josy1982 »

Spiritsongs

  • Guest
SpywareBlaster
« Reply #10 on: February 27, 2007, 06:58:57 PM »
 :)  Hi Josy :

      Have had SpywareBlaster ( & its "companion" SpywareGuard ) and
      Ad-Aware SE Personal on my computer for quite some time .

snakie

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #11 on: February 27, 2007, 10:20:47 PM »
 ;D
Well actually i was front of my PC all day trying to find out what to do and stuff
and i first tried panda anti rootkit but it never deleted the actually files only the active ones so after reboot it installed it self back.
So i finally downloaded f-secure blackligtht it found like 19 files err i had only 1 option to rename the files but no guarantee for it was some usefull system files. So i took each file to google and made a search to see if it matched with any known virus and it did so i renamed all the files.
Then i need to clean the registry since it also was in there to mess things more  so i did a scan with registry booster and it found like 215 registry entries. didn't bother to see if the virus string where there to so i deleted them all.
then reboot and fresh install of avast 4.0 and checked everything twice to make sure nothing was replaced and now avast is working fine again. So i was in to my netbank to change all the passwords and stuff since it was a Trojan it is pretty good idea to change every important passwords.

By the way the avast icon on the corner was very helpfull to notice that i had the virus or mailware dont know what it was. since it disable the avast and the icon first appairs and disappairs. since all the executable files was deleted from avast install folder. So if avast fails to load or re-installing fails and shortcut cannot find destination file be sure to check for root wares.


Well again i hope avast will take more protection on soon,

« Last Edit: February 27, 2007, 10:28:27 PM by snakie »

mauserme

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #12 on: February 28, 2007, 01:13:09 AM »
Thanks for the follow up snakie.   Its good to see your dedication to solving this problem paid off - hopefully for good.

If you have the file names/locations Blacklight found could you post them.  This might be helpful for others struggling with this problem.

Quote from: snakie link=topic=26889.msg219255#msg219255
Well again i hope avast will take more protection on soon,
Yeah - this is getting very frustrating  :(

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86927
  • No support PMs thanks
Re: I got the anoying virus back that deletes avast.
« Reply #13 on: February 28, 2007, 01:27:20 AM »
So i finally downloaded f-secure blackligtht it found like 19 files err i had only 1 option to rename the files but no guarantee for it was some usefull system files. So i took each file to google and made a search to see if it matched with any known virus and it did so i renamed all the files.

Then i need to clean the registry since it also was in there to mess things more  so i did a scan with registry booster and it found like 215 registry entries. didn't bother to see if the virus string where there to so i deleted them all.

then reboot and fresh install of avast 4.0 and checked everything twice to make sure nothing was replaced and now avast is working fine again. So i was in to my netbank to change all the passwords and stuff since it was a Trojan it is pretty good idea to change every important passwords.

Well again i hope avast will take more protection on soon,

Thanks for taking the time to provide the feed back and we share your hope fore more protection, now you could play a part in that by sending the renamed samples to avast.

You can also add the file to the User Files (File, Add) section of the avast chest where they can do no harm and send it from there (select the file, right click, email to Alwil Software).

Version 5 of avast (date unknown) will also have anti-kill to stop it being disabled.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

snakie

  • Guest
Re: I got the anoying virus back that deletes avast.
« Reply #14 on: February 28, 2007, 05:04:42 AM »
i already send-ed the file that gave me the virus in first place. and the virus wont be active until it is executed.
i think its named escape from monkey island 4 1.0.exe
or something like that supposed to be a patch for a game but nothing happens when executed
anyhow i got another new problem i think the virus i had has completely damaged the windows safe boot up everytime i try to load up in the safe mode with or without network i get a blue screen critical error and reboot so i cannot boot up in the safe mode!
Do microsoft win xp CD have any repair for this kinda issue or is a format and reinstall required? I hope not since i never made a reinstall like 5 years now and i don't have allot space to make all the backups i collected in this 5 years  :'(