Author Topic: How to clean a virus  (Read 6625 times)

0 Members and 1 Guest are viewing this topic.

Offline sgrbrlnd

  • Jr. Member
  • **
  • Posts: 48
How to clean a virus
« on: December 06, 2004, 06:21:28 PM »

I've read about the Avast! cleaner  that  can fix only some virus not all of the them . What have I to do against them ???!!!
Thanks a lot.  ::)

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:How to clean a virus
« Reply #1 on: December 06, 2004, 06:41:37 PM »
Hi,

is your PC infected with a (specific) "virus", that's not in the CLEANER's list ?

Then please work through the link "VirusRemoval" below in my signature, and come back with specific info, e.g. Virusname & location/Folder/Filename

if not:
- only a very few "viruses" can be cleaned/repaired,
- other "infected" files like trojans/worms have to be deleted or,
- if it's a destructive malware that damaged/deleted vital system files: restore them from backup, e.g. your own backup or avast's VRDB

Morale: Secure your system, so you don't get (active) viruses/malware on your PC

Details: also in the mentioned "VirusRemoval"-link and in links in there ;) and basically all over the board here
 ;)
« Last Edit: December 06, 2004, 06:47:23 PM by whocares »

Offline sgrbrlnd

  • Jr. Member
  • **
  • Posts: 48
Re:How to clean a virus
« Reply #2 on: December 06, 2004, 07:07:18 PM »
Thank you.
I've read only a part of all your advices (I'll do later the remainder ) . I see many online scanning sites  and  moreover  they give the fix tool ...... where is their profits ?

Offline sgrbrlnd

  • Jr. Member
  • **
  • Posts: 48
Re:How to clean a virus
« Reply #3 on: December 07, 2004, 05:50:29 PM »
Avast ! says that a file is a Virus  Win32:Trojan-gen.
Kaspersky,AVG and Trendmicro say the system is not infected.
Then it can be a false positive....isn't it ?
« Last Edit: December 07, 2004, 05:51:59 PM by sgrbrlnd »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31305
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:How to clean a virus
« Reply #4 on: December 07, 2004, 05:56:55 PM »
It could be. submit the file to JOTTI and let us know the results.

Quote
only a very few "viruses" can be cleaned/repaired,
Not true. Every virus, or better every file that is infected with a virus can be cleaned. That is one of the characteristics of a virus. If a infected file can not be cleaned it is not a virus, but other malware.

Some explanations/definations can be found HERE

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:How to clean a virus
« Reply #5 on: December 07, 2004, 07:03:31 PM »
Hi Eddy,

a) that's why I set "virus" in "" as I didn't want to get into this discussion (e.g. avast CLEANER in conjunction with Virus is quite a bit misleading apart from e.g. Parite)

b) not strictly true either, some file-infectors are damaging -> not cleanable as such that after Code removal the host-file will run properly..
 
& if "CLEANABLE =removing Code" is one of your definitions of a true virus: I can also CLEAN trojans then ...

 ;D
« Last Edit: December 07, 2004, 07:05:46 PM by whocares »

Offline sgrbrlnd

  • Jr. Member
  • **
  • Posts: 48
Re:How to clean a virus
« Reply #6 on: December 07, 2004, 08:43:28 PM »
Maybe a malware............
I attach the Jotti  log....


PS- what is this atlvb32.exe ?.... I've analyzed  epid.exe !

I've also analyzed  Hijackthis log  in that your site online and get  >>>>  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti  
that have to be fixed  !  It seems really strange ........

Thanks a lot.
« Last Edit: December 07, 2004, 08:53:04 PM by sgrbrlnd »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31305
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:How to clean a virus
« Reply #7 on: December 07, 2004, 09:13:04 PM »
atlvb32.exe is a file thas was scanned and found infected before you ran a scan.

Offline sgrbrlnd

  • Jr. Member
  • **
  • Posts: 48
Re:How to clean a virus
« Reply #8 on: December 08, 2004, 10:52:30 AM »

Thank you.
About Hijackthis log analyzer .........could you tell me your name in  "LinksFolderName = "   ?
I suspect that the request to fix this entry is because of my lenguage ......
Many thanks.  

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:How to clean a virus
« Reply #9 on: December 08, 2004, 10:56:20 AM »
The analyzer doesn't know everything and is far from failsave; neither are we, but please post the complete HJT-Log here ;)

Offline sgrbrlnd

  • Jr. Member
  • **
  • Posts: 48
Re:How to clean a virus
« Reply #10 on: December 08, 2004, 11:46:06 AM »

Many thanks, I attach the log.


Ps- Can I insert an image only with a URL ?

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:How to clean a virus
« Reply #11 on: December 08, 2004, 11:59:29 AM »
Log seems clean (is this the complete log..?);
I don't think the collegiamenti is a problem

do you know the URL/adresses in the R0/R1 entries.. ?

Do you experience any problemns with the PC at all ?

rescan EPID.EXE with Jotti, and if still only avast detetcs it:
-> please send it in as a false positive to:
 virus (at) avast.com
best put it in a pasword-protected ZIP or RAR

Also work through the link "VirusRemoval" below on how to secure yoru system/browser better ;)

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re:How to clean a virus
« Reply #12 on: December 08, 2004, 01:46:42 PM »
Quote
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

Is identified as bad ^^


Quote
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Unnecessary ^^

--lee


"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:How to clean a virus
« Reply #13 on: December 08, 2004, 02:03:47 PM »
Hi lee,

@ R= ... collegiamenti...:

Why is this bad (apart from HJT-Analyzer's saying so..) ?
What's supposed to be the danger.. ? ???

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re:How to clean a virus
« Reply #14 on: December 08, 2004, 02:28:39 PM »
Quote
Hi lee,

@ R= ... collegiamenti...:

Why is this bad (apart from HJT-Analyzer's saying so..) ?
What's supposed to be the danger..

The problem/danger is 'R0' because they are almost always Spyware, more specificly hijackers, also 'R0' as far as i know is a way of hiding something the the registry from the user,  so when i saw R0 i went and looked for info on the web by using hijackthis analysers and general information from google search engine, and i came to the conclusion that it was indeed bad.

--lee
« Last Edit: December 08, 2004, 02:30:01 PM by lee16 »

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!