Spyware, viruses, & security : Resilient virus problem
Resilient virus problem
by -Auron- - 9/27/07 9:31 PMAvast Antivirus tells me that there is this following virus:
File Name: C:\DOCUME~1\*My Name*~1\LOCALS~1\Temp\1.reg
Malware Name: VBS:Malware[Gen]
Malware Type: Virus/Worm
But when I try to quarantine, delete, or move it, Avast tells me it can't, and even when I manually delete it, it comes back after I restart.
Try this
by Donna Buenaventura
- 9/27/07 9:43 PM
In reply to: Resilient virus problem by -Auron-
Start>Run then type %temp%
Hit OK button
Select All items in the temp folder then hit "delete" key.
If the above will not work, it is may in use or running the background. Open Task Manager then locate the offending process/file. End its task then try to delete again.
If still won't work, you might want to use Killbox - http://www.bleepingcomputer.com/files/killbox.php
or moveonboot http://www.gibinsoft.net/gipoutils/fileutil/index.htm (scroll down the page to find moveonboot freeware)
Try Avast boot time scan
by satishkhode - 10/1/07 9:10 AM In reply to: Resilient virus problem by -Auron-The instruction below from Avast help file may be help, if you can not schedule Boot-Time Scan in FREE version, I suggest you to get the paid version, I am not sure if this is the most powerful feature in compare with other anti-virus program but realy helpful.
==================================================================
Schedule Boot-Time Scan. Displays a dialog allowing you to schedule virus scanning before the operating system start. You can remove the virus before its activation this way, because almost all viruses start along with the operating system. During this test, avast! creates a report file named aswboot.txt in C:\Program Files\ALWIL Software\Avast4\Data\Report. This function is available on Windows NT, 2000 and XP only.
Scan archive files. Archive files will be scanned as well. This scanner supports the following archives: ZIP, ARJ, self-extracting EXE, NTFS streams, TNEF streams, MIME, and DBX.
Scan all local disks. All local disks will be scanned for virus presence.
Select path to scan. You can enter the path to a folder that should be tested after the restart, or you can browse it using "..." button.
Advanced options. Allows you to set the task scheduling in details.
Ask for action. avast! will stop the test when a virus is found, and you can select what to do with the infected file.
Delete infected file. Every infected file will be deleted.
Move infected file. Every infected file will be moved to C:\Program Files\ALWIL Software\Avast4\Data\Moved.
Ignore infected file. No operation will be performed with the infected file.
If a system file is infected, moving or deleting such a file could have serious consequences on system stability. Because of this reason, avast! offers additional options to deleting or moving when dealing with system files:
Ask for confirmation. You will be asked to confirm or refuse the deleting or moving of a system file.
Allow delete or move. avast! deletes or moves even system files without confirmation. This option is quite dangerous and may lead to operating system malfunction.
Ignore delete or move for system files. When an infected system file is found, avast! leaves it in the original place without any change.
WARNING! If you are using a keyboard connected to the PC via a USB port, it will not work because no drivers are loaded during the boot scan!
================================================================================
I have Avast free edition
by scarab11011 - 10/1/07 2:50 PM In reply to: Try Avast boot time scan by satishkhodeand the boot time scan is available.
Removing resilient viruses...
by boomslang - 10/2/07 9:41 PM In reply to: Resilient virus problem by -Auron-What I usually do in this case is create a BartPE boot disk with a few tools on it including a version of Firefox on a clean system, boot the infected machine, navigate to ALL of the "c:\documents and settings\(user name)\local settings\temp" folders from the command prompt, do an ATTRIB -R -S -H and then delete all the files I find. (user name) reflects the login name of all the users that have been set up on this system and doesn't include such folders as SYSTEM or NETWORK. This will allow you to clear most files that are locked by being in use, or being actively protected by the malware and also allows you to eliminate malware files that are set to be system and hidden which is another tactic used to make installed malware stay permanent. If you can load an antivirus program from Avira or Kaspersky (they have free home use) and run it to clean up anything while you are running from BartPE. Some of these things are able to be active even in Safe Mode and booting from BartPE prevents them from starting at all. http://www.nu2.nu/pebuilder/
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
