Other > Viruses and worms

Problem Virus?

(1/3) > >>

jdd3:
Hi Everyone,

I Have Avast and AVG installed on my computer. I have a virus or worm that has stopped my virus checkers from working by removing or disabling (they do not show) the .exe files in both Avast and AVG. Also none of my browsers work properly even though I am online. I get my email but html images are disabled.  Does anyone have any knowledge of a virus that has these symptoms? If so let me know the name(s).

Currently I am in the process of running the Avast virus cleaner tool which shows no viruses so far.

Thanx,

JDD3

DavidR:
Firstly it isn't advisable to have two resident scanners on your system, as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. So I would suggest you uninstall the remnants of AVG so we can try and tackle the problem.

This could be a Bagle Rootkit variant:
See http://forum.avast.com/index.php?topic=26554.0
http://forum.avast.com/index.php?topic=25941.0
This seemed to have the best results with this type of attack and is reasonably user friendly.
http://research.pandasoftware.com/blogs/research/archive/2006/12/14/Rootkit-cleaner.aspx
Also F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight - Direct line, ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

Edit: This topic is current and may be worth following, if the above doesn't resolve it.

mauserme:
Let's take a closer look at what's going on.

Download Deckard's System Scanner (DSS) to your Desktop.[*]Close all applications and windows.
[*]Double-click on DSS.exe to run it, and follow the prompts.
[*]The scan may take a minute. When the scan is complete, a text file will open - Main.txt
[/list]Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the  Deckard's System Scanner  to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the  main.txt from the C:\Deckard\System Scanner folder into your next reply.



Follow this with a WinPFind3u log:

Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:
(no addiitonal options)
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
[/list]
Use the Add Reply button and Copy/Paste the information back here.  If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts

jdd3:
Hi Again,

DavidR,

Tried both rootkit cleaner and blacklight with no good results.

mauserme,

I ran Deckard's System Scanner and WinPFind3u.exe  and got results but since posts here have a limit of 10,000 characters will have to find the best way to post. (I would have to break up the text files into over 12 separate postings - I have a lot on my computer.) What do you suggest? email attachment? or?

DavidR:
Break the log down into pieces using copy and paste, creating multiple posts to fit it in.

Navigation

[0] Message Index

[#] Next page