Boot Scan doesn't get everything?

[apnudi]

Hello,

I've been cleaning up a PC my boss's family managed to clog up with just about every possible piece of internet junk imaginable...

They used adware cleaners and such but that's not really enough.

I deleted AVG off the pc and then installed Avast 4.8

The boot scan picked up 37 viruses and I deleted them all.

After rebooting, avast immediately found a virus, then another!

One of the viruses is the Win32:Simile virus, which from my reading is a very hard to delete one.

Any suggestions as to actually deleting this bad boy, and any other 'hidden' viruses?

Thanks!


P.S. I ran a second boot scan with 'scan archives' selected.  Still having the same trouble.

[DavidR]

Repitition I know:
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

This is a relatively old but difficult virus to remove and the system may be so badly compromised as to consider a format and start from square one.

W32.Simile is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It infects files in folders on all fixed and remote drives that are mapped at the time that the virus is executed. The virus contains no destructive payload, but infected files may display messages on certain dates.

This is an alias of win32:smile:
http://www.sophos.com/security/analyses/viruses-and-spyware/w32etapa.html

Try DrWeb CureIt! - See [url]http://www.freedrweb.com/cureit/[/url - Download ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe (Free) Fairly effective against file infectors, Virut, more so when used in safe mode.