The first time I ran a scan of my computer after installing AVAST, it detected the WIN32:BHO-LA[trj] virus in 2 different files. During the scan, I sent both files to the virus chest instead of deleting them on the spot, as I wasn't sure if the files were important to the operation of my computer or not. One was found in C:\Documents and Settings\All Users\ApplicationData\Symantec\SRTSP\Quarantine. We had already uninstalled our Symantec Norton Antivirus a week ago and installed AVEST because we were infected WHILE being "protected" by Norton. We wound up deleting that infected file, as we no longer use Symantec's program. The other infected file was found in C:\SystemVolumeInformation\_restore{B06C75F0-9FCC-4D32-A4A4-58CDE7C44A50}\RP8. I have no idea how to get rid of it.
Meanwhile, every time we go online, we eventually get the following Win32 error message and get bumped offline, even though our internet connection icon says we're still connected and the disconnect feature doesn't work. We have to reboot to do ANYTHING with the computer and get back online. Error Message:
Win32: Generic host process for Win32 services has encountered a problem and needs to close. Send Error report.
The link attached says the following:
Malicious software attack: install security update immediately
Malicious software attack: install security update immediately
This problem was caused by malicious software attempting to gain control of your computer. Windows shut down automatically to prevent the attack from continuing.
A solution is available that will solve this problem.
Solution :
To protect your computer from further attacks, go online to Microsoft Update and install all high-priority updates.
Get the update from the Microsoft Update website
Note: To use Microsoft Update, you need the latest Microsoft Update software. If you have not installed the latest Microsoft Update software, you will be asked to upgrade and restart your computer before you can use the website. After restarting, go to the Microsoft Update website. Click Get high-priority updates (recommended), and then install all high-priority updates.
Today, I downloaded all of the MS updates that were available for me to make sure I was up to date. I got the same error in the middle of the update download.
I spoke with MS virus tech support today about getting rid of the virus. They scanned me and couldn't find it. Then, they had me download and run Rogue Remover, which also found nothing. Then, they had me download and run SUPERAntispyware, which found 3 things which I deleted. This was after I had run Spybot and it found nothing. I got the same Win32 error in the middle of the SUPERAnti scan. I wound up rerunning Avest's thorough scan and, after all of that, it found 3 more malware infected files:
ybqqvrbb.dat.vir
C\QooBox\Quarantine\C\Windows\system32\drivers
Virus: Win32:Agent-PSI[Rtk]
Malware Type: Root kit
ybqqvrbb.dat
C\QooBox\Quarantine\catchme2008-02-16_130503.73.zip
Virus: Win32:Agent-PSI[Rtk]
Malware Type: Root kit
ybqqvrbb.dat.1
C\QooBox\Quarantine\catchme2008-02-16_130503.73.zip
Virus: Win32:Agent-PSI[Rtk]
Malware Type: Root kit
What the heck are those??
ALSO, after this Avest scan, the Trojan virus I originally had and had put in the virus chest, NOW says "No virus" under the Virus column of the chest. Does that mean that virus is now off my computer???
AND, after the MS updates, I now get a warning that my MS firewall in not on and should be. How do I turn the firewall on so it is compatible with Avest?
We have AVAST version 4.7 home edition and are running windows XP. We have a dial up connection to the internet.
HELP!!!!!!!!!!!!!!!!!!!!
