Author Topic: They keep comming back!  (Read 5075 times)

0 Members and 1 Guest are viewing this topic.

Virtua-Kill

  • Guest
They keep comming back!
« on: March 12, 2004, 04:46:50 AM »
I scan with Trend Micro, i have avast updated and when it finds an infected file i select delete and they keep comming back and popping up in avast, what should i do?

whocares

  • Guest
Re:They keep comming back!
« Reply #1 on: March 12, 2004, 09:15:22 AM »
Hi,

what WIN do you have ?
What was the complete/exact name of the virus ?
Where exactly was the infected File found  (full pathname and filename) ?

*

test the file with OnlineScanners e.g. from Trend & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)


-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
 

-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc..)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean ;)
- reenable system restore on Win ME/XP


if it's of the trojan-gen kind: spybot, ad-aware and cwshredder might also help
if you still can't remove it, you could post a logfile of Hijackthis here

see www.lurkhere.com ->nicefiles and www.lavasoft.de

Further Details and Links via the board search above
« Last Edit: March 12, 2004, 02:47:24 PM by whocares »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:They keep comming back!
« Reply #2 on: March 12, 2004, 02:16:22 PM »
You need to delete source folder where these detected files are generating. Also remember the name of the virus and search for Removal Tool so you can perfectly remove it. If virus is on the avast! Virus Cleaner Free Tool than you can use that one.
Visit my webpage Angry Sheep Blog

whocares

  • Guest
Re:They keep comming back!
« Reply #3 on: March 12, 2004, 02:49:34 PM »
You need to delete source folder where these detected files are generating.

Hi RejZoR,

this is not always a good idea ...

What if VK tries to delete C:\Windows\system32 or so ? ;D ;D ;)

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:They keep comming back!
« Reply #4 on: March 12, 2004, 02:59:16 PM »
Its usually not System32 and you can't delete it because Windows system prevents you from doing this. File usually replicates in some self-made folder. Ofcourse its not always this way.
It might help terminating suspicious processes if they are visible or perform Memory-Check (i know you can do this wth avast! Pro).
Specific Removal Tool should take care for both fields (memory and filesystem).
Visit my webpage Angry Sheep Blog