Author Topic: Need assistance desperately  (Read 3686 times)

0 Members and 1 Guest are viewing this topic.

shadow

  • Guest
Need assistance desperately
« on: May 08, 2004, 07:00:54 PM »
Greetings,

It has been a week since i downloaded the avast home edition anti virus software and started to use it. while initialy avast sniffed out about 60 viruses, i was very much pleased. However i soon started noticing that the viruses continued to reappear, even though i had updated the necessary database files. For one thing i just cannot figure out on how to permanently remove a virus from my system (I use XP professional).

I read something on system restore being turned off. apparently i did that and ran the scan, but i was still not able to delete the file, it kept saying "cannot delete as this is being used by another program", if i tried repairing , It said cannot repair, access denied.

Can someone be so kind enough to give me a step by step solution on how to remove the viruses??? The most common ones are Win32:revop[trj], Win32:Gabot[wrm], Sasser a and a few other in (.exe and .dll format.)

One question i have is if a virus has infected a .dll file does delete in the scan option indicate that the system file gets deleted?? Would i in such a case reinstall my system files???. What does the repair function actually do?? why don't these functions work?? Isn't there some way where avast can automatically sniff out and clean the viruses???. where do i look for the latest update for the home edition.

Looking to hear from someone at the earliest,

Thanks

shadow

whocares

  • Guest
Re:Need assistance desperately
« Reply #1 on: May 08, 2004, 07:12:45 PM »
Hi,

1) please enter the virus/worm names into the boardsearch above: all have been treated extensively here in the board

2) Apply all ServicePacks and Windowsupdates;
change ALL your passwords, PIN's, ebay/OnlinebankingData etc etc ever entered on this PC
This should suffice to get rid of SASSER & GAOBOT

3) General Advice:

Where exactly was the infected File found (full path/folder/filename, e.g. c:\Windows\system32\virusfile.exe) ?

Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP INCLUDING a REBOOT!! ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

spybot, ad-aware and cwshredder might also help
see www.lurkhere.com ->nicefiles and www.lavasoft.de

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can't remove it, you could post a logfile of Hijackthis here


-Secure your system:
   change passwords, secure shares, install patches/updates for WIN&IE;
   disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean ;)
- If needed, reenable system restore on Win ME/XP


Further Details and Links via the board search above

***

Oh yes, and now you've read all this:
an active GAOBOT alone warrants a complete redo of the system from scratch, as it's compromised=not secure anymore; with 60+ viruses, even more so
This means:
- backup of data and important settings
- format C: or system/windows partition
- Reinstall Win
- Apply ALL ServicePacks & important patches/windowsupdates OFFLINE, or behind a properly configured firewall (WIN XP's firewall should suffice, if ACTIVATED!!)
- Password changing & secure IE still applies

But it's you choice of course.. ;)

CharleyO

  • Guest
Re:Need assistance desperately
« Reply #2 on: May 09, 2004, 09:15:51 PM »

Yikes! 60+ virus to begin with?    :o  

What was your old anti-virus program?    ???  



techie101

  • Guest
Re:Need assistance desperately
« Reply #3 on: May 10, 2004, 01:01:38 AM »
Shadow,

While your at doing all those other "things", I would download Avast Virus Cleaner from the Avast site.  It should clean up your computer fairly well to a point that what is left is easy to take care of with the normal Avast scanner.
 
Try this link:
http://www.avast.com/i_kat_67.html

Techie