One Nasty Virus/Trojan - Kills all virus scanners

[Lynn210]

The first one sat for a few seconds
then returned back to the prompt with no other action
indicated

The second one came back with a bunch of no such files
mv cannot stat `/mnt/sda2/etc etc etc
There were 8 lines like this.. I suppose they match your script

[edifyguy]

Good, that means the first one worked, and the second one didn't find much.  That means that Avast! was doing a pretty good job at what it was made to do.

If you would, type this in a console for me, just for grins, and tell me what it spits out:

ls * /mnt/sda2/quarants

* means a space here.

[Lynn210]

bsh: /mnt/sda2/quarants: is a directory

[Lynn210]

I like Avast very much so far..

I have tried many AV programs
Avast is the first one that was super fast and did not
cause my browser to run like it was plodding through mud.

I would like to set it on automatic.
While these programs are waiting for a reply as to what
to do with a suspected file.. doesn't the virus have a chance
to do its damage? or is it in a sort of limbo till I reply.

[edifyguy]

Avast freezes the system when it finds something, so that the only thing able to do anything is itself. The others generally don't, and I've seen a few viruses that really took advantage of that.....

Try this command:

ls /mnt/sda2/quarants/*

The asterisk is real in this one. The space is a space (there's only one.)

[Lynn210]

It returned a bunch of file names in green type
Are these items in quarantine?

here are the file names

calc.dll
hernel132.dll
ntuser.dll
winsock.dll
wsock32.dll

[edifyguy]

OK, here's the last remover script.

I commented out a few lines that we can actually allow it to perform later if need be. They are files that I think are likely false positives, but which it might be good to remove anyway if we continue to have problems.

[edifyguy]

It returned a bunch of file names in green type
Are these items in quarantine?

here are the file names

calc.dll
hernel132.dll
ntuser.dll
winsock.dll
wsock32.dll

Yes, this is a personal quarantine we made to remove things that Avast! had detected, but might not have been able to remove.

You know, I think we should uncomment a few things in the 3rd remover...........use this one, please.

[Lynn210]

mv: cannot stat `/mnt/sda2/WINDOWS/syssvc.exe' : No such file or directory

[edifyguy]

Good, that means that the first script got rid of the horrid thing.

Now, I'm going to make a package with a few known clean files in it to replace a couple that will be needed to even get Windows to log on once we're done. I'll put it here:

http://www.silverdollarsolutions.com/files

And I'll call it lynn.tar.gz

[Lynn210]

including that driver that repair needed?

[edifyguy]

Oh, well, I gave you the link to that on Intel's website. You should have been able to download that already.

If you're planning to do a repair anyway (it might not be necessary) go ahead and download it, then extract it to /mnt/sda2/intel so that it's on the hard drive where you can simply point to it.

The file is there, but if you're going to do a repair, you won't need it.

[Lynn210]

If I dont need to do a repair that would be great .. but dont forget
the system is hung up in repair at the point where it needed the
driver.. I could not get it to boot up at all

But you are the pro so I will wait and see..

If needed I can go back and get that link.. no problem

[Lynn210]

Got the files.. they are saved to hard drive in my docs

[edifyguy]

Am I understanding that you extracted the files within the archive into my-documents?

If not, please do, EDIT: and here's the script to move the pieces into place.