stubborn virus/spyware problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi,
I have an XP computer and am having loads of problems getting rid of some
malware.

I have run all the usual stuff including Adaware, spybot(took 3 hours), AVG,
Ewido, Windows Anti Spyware, Hijackthis (very little found), CCleaner,
Smitfraudfix (found nothing). I updated all these programs before running
them and then I also installed Symantec Corporate edition, updated that and
did a full system scan. Symantec found nothing and AVG found one virus that
is deleted. I spent all day working on this problem and was sure that the
computer was completly clean when I took it back and installed it, turned it
on and as an example run Ewido. It picked up the spyware Downloader.Agent.uj
straight away as you can see below. Just to make matters worse about 10
minutes in AVG found the following virus and is unable to delete it.
Trojan horse Generic XFV

Requested action is not available for this object.  Access to the file has
been denied

While opening file:
C:\WINDOWS\system32\(3C791659-71E9-4002-9F88-9EA50E946F30).exe

Here is the part of the Ewido anti-spyware Scan report showing one problem
that I can't get rid of.

[1300] VM_008C0000 -> Downloader.Agent.uj : Error during cleaning.
[1360] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning.
[1520] VM_00880000 -> Downloader.Agent.uj : Error during cleaning.
[1528] VM_008D0000 -> Downloader.Agent.uj : Error during cleaning.
[1540] VM_00890000 -> Downloader.Agent.uj : Error during cleaning.
[1556] VM_003B0000 -> Downloader.Agent.uj : Error during cleaning.
[1604] VM_003E0000 -> Downloader.Agent.uj : Error during cleaning.
[396] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning.
[424] VM_00A00000 -> Downloader.Agent.uj : Error during cleaning.


I have also looked into System32 folder and can't find any files at all the
look like (3C791659-71E9-4002-9F88-9EA50E946F30).exe. There aren't any files
like this in brackets.

Please help as I am now stuck.

Cheers
Lenny



Re: stubborn virus/spyware problem

On Thu, 27 Jul 2006 18:24:33 +0100, "Lenny"

Quoted text here. Click to load it

You should be working in Safe mode.

Art
http://home.epix.net/~artnpeg

Re: stubborn virus/spyware problem

I have run the programs in safemode and everything was clear. It is only
after starting in normal mode that these extra problems have occured.

Quoted text here. Click to load it



Re: stubborn virus/spyware problem

Lenny AKA lenny109@takeout.hotmail.com in alt.comp.anti-virus on
7/27/2006 after much thought,came up with this jewel:

Quoted text here. Click to load it
My best advice-
Get a router with built-in firewall
Stop using Outlook Express
Stop using Internet Explorer
I have written some pages that might be of some help(see below)
max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages:
Virus Removal Instructions
http://home.neo.rr.com/manna4u /
Keeping Windows Clean
http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help and Tools
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to gmail.com to reply.
nomail.afraid.org is setup specifically for use in USENET
Feel free to use it yourself.

Re: stubborn virus/spyware problem

thanks Max,
The router is a Draytek Vigor, just about the best you can get when it comes
to a firewalled router in that price range. Outlook Express is only used for
newsgroups and as for not using Internet Explorer I guess about 90 percent
of the world probably can't be wrong :) and I prefer it. I am not trying to
cause a debate here about it's use though I am sure that IE debates are
happening 24/7 elsewhere in the net.
Thanks for the links to your pages I shall be reading them thoroughly.
Cheers
Lenny


Quoted text here. Click to load it



Re: stubborn virus/spyware problem

Lenny wrote:

Quoted text here. Click to load it

Actually, 80 percent and dropping.

   (http://marketshare.hitslink.com/report.aspx?qprid=2 )

And you are correct, Lenny. This has been beaten to death. If you like
IE, go for it. But then again, the 80 percent usage is as apropos to a
discussion of browser preferences as is the same discussion comparing
riding the bus to driving a Mercedes. :-P

Ron :)

Re: stubborn virus/spyware problem

Quoted text here. Click to load it

If you like IE, at least get IE7
--
The first rule of optimisation: "Don't do it yet"
The second rule of optimisation: "I told you, don't do it yet"

Re: stubborn virus/spyware problem


| If you like IE, at least get IE7

Dave,
It is still in Beta so I wouldn't suggest that.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: stubborn virus/spyware problem

Quoted text here. Click to load it
Is it? At least 1 guy here has been running it for a while, rates it quite
highly.
--
The first rule of optimisation: "Don't do it yet"
The second rule of optimisation: "I told you, don't do it yet"

Re: stubborn virus/spyware problem



| Is it? At least 1 guy here has been running it for a while, rates it quite
highly.

I have read numerous horror stories in the MS News Groups.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: stubborn virus/spyware problem

Lenny AKA lenny109@takeout.hotmail.com in alt.comp.anti-virus on
7/30/2006 after much thought,came up with this jewel:

Quoted text here. Click to load it
***********************************************************************
Well first I see that Outlook Express did not trim my sig from your
reply which a decent newsreader would have,being able to "see" the
delimiter. Perhaps you may want to try using XanaNews(it's what I use)
In your original post you stated that "I have an XP computer and am
having loads of problems getting rid of some malware." How did the
malware get in to begin with? Must have been because of firewall
failure? No,I doubt that.
I think I have it narrowed down to either Internet Explorer or Outlook
Express(unless you are using P2P file sharing or downloading programs
from unreliable sources).
So you want to keep using IE? OK,here goes-
1. Install a good popup blocker/stopper like SuperAdBlocker
2. Turn on Spybot's TeaTimer instead of Microsoft's WindowsDefender(at
least until it is out of beta)
3. Install SpywareBlaster(perhaps SpywareGuard too)
4. You may want to consider using a hosts file.
I have a question for you-what program do use for e-mail?
max

***********************************************************************
Quoted text here. Click to load it

--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages:
Virus Removal Instructions
http://home.neo.rr.com/manna4u /
Keeping Windows Clean
http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help and Tools
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to gmail.com to reply.
nomail.afraid.org is setup specifically for use in USENET
Feel free to use it yourself.

Re: stubborn virus/spyware problem

Hi Max,
Thanks for the further advice. I use Outlook 2003 for emails with spampal..
What do you mean by 4. You may want to consider using a hosts file.?
Cheers
Lenny
Quoted text here. Click to load it



Re: stubborn virus/spyware problem

Lenny AKA lenny109@takeout.hotmail.com in alt.comp.anti-virus on
7/31/2006 after much thought,came up with this jewel:

Quoted text here. Click to load it

Here ya go len-

http://www.mvps.org/winhelp2002/hosts.htm

google could be your friend.....

max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages:
Virus Removal Instructions
http://home.neo.rr.com/manna4u /
Keeping Windows Clean
http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help and Tools
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to gmail.com to reply.
nomail.afraid.org is setup specifically for use in USENET
Feel free to use it yourself.

Re: stubborn virus/spyware problem

Hi Max,
Thanks for that. Google already is my friend, some nights my only and best
friend!

Quoted text here. Click to load it



Re: stubborn virus/spyware problem


| Hi,
| I have an XP computer and am having loads of problems getting rid of some
| malware.
|
| I have run all the usual stuff including Adaware, spybot(took 3 hours), AVG,
| Ewido, Windows Anti Spyware, Hijackthis (very little found), CCleaner,
| Smitfraudfix (found nothing). I updated all these programs before running
| them and then I also installed Symantec Corporate edition, updated that and
| did a full system scan. Symantec found nothing and AVG found one virus that
| is deleted. I spent all day working on this problem and was sure that the
| computer was completly clean when I took it back and installed it, turned it
| on and as an example run Ewido. It picked up the spyware Downloader.Agent.uj
| straight away as you can see below. Just to make matters worse about 10
| minutes in AVG found the following virus and is unable to delete it.
| Trojan horse Generic XFV
|
| Requested action is not available for this object.  Access to the file has
| been denied
|
| While opening file:
| C:\WINDOWS\system32\(3C791659-71E9-4002-9F88-9EA50E946F30).exe
|
| Here is the part of the Ewido anti-spyware Scan report showing one problem
| that I can't get rid of.
|
| [1300] VM_008C0000 -> Downloader.Agent.uj : Error during cleaning.
| [1360] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning.
| [1520] VM_00880000 -> Downloader.Agent.uj : Error during cleaning.
| [1528] VM_008D0000 -> Downloader.Agent.uj : Error during cleaning.
| [1540] VM_00890000 -> Downloader.Agent.uj : Error during cleaning.
| [1556] VM_003B0000 -> Downloader.Agent.uj : Error during cleaning.
| [1604] VM_003E0000 -> Downloader.Agent.uj : Error during cleaning.
| [396] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning.
| [424] VM_00A00000 -> Downloader.Agent.uj : Error during cleaning.
|
| I have also looked into System32 folder and can't find any files at all the
| look like (3C791659-71E9-4002-9F88-9EA50E946F30).exe. There aren't any files
| like this in brackets.
|
| Please help as I am now stuck.
|
| Cheers
| Lenny
|

Use the following tool.  Read the PDF Help File for information on how to create
a Boot Disk
or a Boot Disk with NTFS4DOS and also the built-in Kill Process capability.

To use that capability just addd the the name...
(3C791659-71E9-4002-9F88-9EA50E946F30).exe

to the included file;  C:\AV-CLS\killproc.txt


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: stubborn virus/spyware problem


Quoted text here. Click to load it

You can try giving BugHunter a shot at the files, I'm not sure if It
already detects them or not.


--
Dustin
Author of BugHunter - MalWare Removal Tool
Current Version: 1.9.1 Released July 28th, 2006
Last Pattern Update: July 22nd, 2006 - 793 known malware signatures
http://bughunter.it-mate.co.uk

Re: stubborn virus/spyware problem

HI,
On this site you find some information:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=94352


You can use KAV beta to remove it.
Our use the freware scanner H+BEDV (now Avira).
Good luck,
Bob

Site Timeline