Need help getting rid of a virus. [Archive] - Glock Talk

PDA

View Full Version : Need help getting rid of a virus.


TED
01-18-2005, 10:05
On the advice of the stickied thread at the top of this forum, I have had AVG on my system for a while. I have not had any virus problems it didn't immediately eliminate, until now.

I have a trojan horse downloader agent virus and AVG is unable to get rid of it. I tracked down the actual file itself and tried to delete it manually. It won't let me.

Ideas?

TED

Stephen
01-18-2005, 10:09
Have you tried to run STINGER (http://vil.nai.com/vil/stinger/) from McAfee?

Have a virus name/file name?

nickg
01-18-2005, 11:15
i've noticed that with some trojans with AVG you have to click on your "disable system restore" THEN scan and dump the virus, shut down, and restart. just make sure to go back and click on your restore.

more often than not that helped the problem.

Stephen
01-18-2005, 11:21
Originally posted by nickg
i've noticed that with some trojans with AVG you have to click on your "disable system restore" THEN scan and dump the virus, shut down, and restart. just make sure to go back and click on your restore.

more often than not that helped the problem.

Absolutely correct! I recently had to do that to get rid of a pesky virus on my Uncle's machine. I forgot about that!

Washington,D.C.
01-18-2005, 12:15
I had an infected file that Norton didn't find but Trend Micro's online scanner found it and removed it.

Washington,D.C.
01-18-2005, 12:16
This Avast! tool is really good at finding and removing viri http://majorgeeks.com/download4188.html

Washington,D.C.
01-18-2005, 12:17
Current Stinger here http://majorgeeks.com/download4063.html

Washington,D.C.
01-18-2005, 12:19
Note: Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

MB-G26
01-18-2005, 12:23
I have a trojan horse downloader agent virus and AVG is unable to get rid of it. I tracked down the actual file itself and tried to delete it manually. It won't let me.

Not sure if these ALL URLs are current at this time, but you could look into:
http://www.anti-trojan.net/en/onlinecheck.aspx
Online Trojan-Check (Remote Portscan)

http://housecall.trendmicro.com/
Housecall, online virus checker

http://www.trojanscan.com/
Is your system infected by Trojans?
Requirements for the test Windows 2000, XP, .NET Server, NT 4, ME or 98 How to check your OS
Internet Explorer 5.0 or later with ActiveX enabled How to check/set your IE settings

http://www.antivirus-online.de/english/counttro.php3?a=1242
Thank you for downloading Trojan Check 6.02.
Please be aware that this download links to an external website. For contents outlying the area of accountability of antivirus online no del credere liability can be assumed. In this case only the compliances with a rule of the appropriate provider are valid.
--------
www.bitdefender.com
----------
Bunch of AT and AV cleaners:
http://www.wilders.org/downloads.htm
The Cleaner anti-trojan. Trial version. Update using Moolive after install http://www.wilders.org/HTMLobj-631/cleaner3.exe

Tauscan anti-trojan v1.6 Trial version. Update after install. added 07/26/2001 - new version. http://www.wilders.org/HTMLobj-827/tauscan.exe

TDS3 v3.2.1 Final. The reg key can be obtained here (http://tds.diamondcs.com.au/)
(Trojan Defense System)
http://www.wilders.org/HTMLobj-1604/tds3setup.exe
tds321up.exe TDS3 v.3.2.0 to v3.2.1 updater http://www.wilders.org/HTMLobj-1202/tds321up.exe

TrojanHunter v3.5
TrojanHunter v3.5, trial version, direct download. new 03/09/2003
http://www.misec.net/products/TrojanHunter.exe

Individual Trojan cleaners/detectors:

frethemremover.zip
Free cleaner/remover for the W32/Frethem worm added 07/16/2002
http://www.wilders.org/HTMLobj-1286/frethemremover.zip

antibenjamin.exe detects & cleans W32.Benjamin
added 05/24/2002
http://www.wilders.org/HTMLobj-1258/antibenjamin.exe

AntiKlez.exe
detects and cleans all klez variants.
added 05/24/2002
http://www.wilders.org/HTMLobj-1259/AntiKlez.exe

nimda.exe
Nimda Mutex Test & Protector. added 09/21/2001
http://www.wilders.org/HTMLobj-916/nimda.exe

Panda Virus Cleaner "30+ in One" Virus Cleaner Tool from Panda. Just run the saved file by clicking. new version - added 03/09/2003
http://www.pandasoftware.es/library/pqremove_en.htm

cr2kill.exe "code red killer" from PSC. check for and kill the code red II worm.
new version added 08/06/2001
http://www.wilders.org/HTMLobj-847/cr2kill.exe

sircamcleaner_english.com The only stand alone Sircam Worm Detector and Cleaner. Freeware!
added 07/28/2001 (new version)
http://www.wilders.org/HTMLobj-835/sircamcleaner_english.com

ants_worm_cleaner-english.exe
I-Worm/ANTS3 Cleaner - English
added 10/25/2001
http://www.wilders.org/HTMLobj-965/ants_worm_cleaner-english.exe

TrojanCheck v.5.0.4.1
install_trojancheck5041.exe
http://www.wilders.org/HTMLobj-925/install_trojancheck5041.exe
english.lng http://www.wilders.org/HTMLobj-833/english.lng
readme.txt http://www.wilders.org/HTMLobj-834/readme.txt
TrojanCheck v5.0.4.1 Final - memory leak problem fixed (GUI in english, Help files still in German language). Uninstall previous version first before installing. Update after install to v5.0.4.2
changed 10/08/2001
English Language File. If needed
after install TC, safe it in the TC 5 directory.
Necessary info, configuration help etc. print this out. added 07/27/01

AntiBadB.exe Badtrans-B detector/cleaning tool
added 11/29/2001
http://www.wilders.org/HTMLobj-1009/AntiBadB.exe

OLD freeware AT:
Trojan First Aid Kit
Freeware anti-trojan 05/05/2001
Helpfile; print it out. This program is no longer updated.
TFAK5.zip
TFAKhelp.txt

To aide in diagnostics, get one of both of these:
AutostartExplorer.exe
AutostartExplorer v2.1. Lists all autostarted files. added 10/22/02
http://www.wilders.org/HTMLobj-1465/AutostartExplorer.exe

startuplist.zip
StartUpList v1.52. Generates a text log of startup programs. new version03/02/2003
http://www.wilders.org/HTMLobj-1576/startuplist.zip

And this, to check ALL files that are running (Taskmanager/CAD does NOT show them all)
atm22.zip ATM v2.2 (Another Task Manager).
added 11/12/2001
http://www.wilders.org/HTMLobj-987/atm22.zip

Website for comparing/testing multiple a/v scanners"
Sep-06-04, 08:36 AM (EDT)
Hi guys i guess this is old news but just in case you been under a rock and are interested< http://virusscan.jotti.dhs.org/>

"RE: E-Trust AV exact URL"
Apr-17-04, 12:11 PM (EDT)
LAST EDITED ON Apr-17-04 AT 12:15 PM (EDT)

I'm assuming he's talking about the free version. I use the shareware version without the IDS as I have no use for it. Anyway I don't think you can get to the DL links for the freebie without going thru the registration page. The registration is linked from; http://www.my-etrust.com/microsoft/

"RE: somethings slowing me down!"
Sep-06-04, 05:24 PM (EDT)
LAST EDITED ON Sep-06-04 AT 05:44 PM (EDT)
... I would like you to go here and run this online virus scan:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Get rid of whatever it finds. Might take awhile. Reboot and please post another HJT log after the virus scan.

Give Housecall a try again, it should get rid of it.

http://housecall.trendmicro.com/
-------------

"RE: Trojan Horse Dialer Help"
Jul-14-04, 08:44 PM (EDT)
Scan with a trojan specific scanner. Of these I prefer The Cleaner. They are all Trial Versions so I would only use one at a time and save the rest for the future.
Tauscan http://http://www.agnitum.com/download/tauscan.html

TDS-3 http://http://tds.diamondcs.com.au/index.php?page=download

The Cleaner http://http://www.moosoft.com/products/cleaner/download/

Trojan Hunter http://http://www.misec.net/
...
"RE: Trojan Horse Dialer Help"
Jul-14-04, 10:59 PM (EDT)
Returns periodically huh?
Run your AV from Safe mode with restore points turned off. Reboot your system.

Then Run a Panda and/or Housecalls online scan as a double check.

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

http://housecall.trendmicro.com/

Delete what they find....if anything.

OR How about an online specific Trojan scan

This one is up and runnng again

http://www.windowsecurity.com/trojanscan/

Or you can have pest patrol do an online scan...even though it will not clean the pests, it will tell you what they are and link you to a manual cleaning script.
-----------
http://www.lurkhere.com/forum/DCForumID19/44.html
If you are using ME or XP you will also need to turn off System Restore before you scan and clean up.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/?kbid=310405
How to Enable and Disable System Restore

http://support.microsoft.com/?kbid=264887
----------------
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=44&forum=DCForumID19

Trojan On-Line Scanners
Since we have added the Anti-viral on-line Scanners, I thought perhaps we should do something about dedicated Trojan%...
TrojanScan - Updated site

http://www.windowsecurity.com/trojanscan/

Pest Patrol

Note: Pest Patrol will scan and locate the Worms/Trojans, but will not clean them. PestPatrol now owned by CA - Computer Associates

http://www3.ca.com/securityadvisor/pest/pestscan.aspx

http://store.ca.com/v2.0-img/operations/safer/site/ab/promo53025.htm

Go to Computer Privacy and Security at
http://www3.telus.net/wc/privsecur_01.html for anti virus, Trojan, Worm Scanners.
...
The Best Free Anti-Trojan Scanner
Ewido is the best of a new crop of anti-Trojan programs. On my
recent tests over at www.anti-trojan-software-reviews.com, it
emerged as one of the few products that could reliably detect
polymorphic and process injecting Trojans that were totally
missed by anti-virus products like Norton and AVG. No, it's not
as good as TDS-3 or Trojan Hunter but you get what you pay for.
You see, the free version of Ewido doesn’t have a memory monitor
but the on-demand scanner is so good that you'll have no
complaints.

The free version download is actually the same as the paid
version but after 14 days the memory monitor becomes non-
functional. I recommend all readers download the product and
scan their PCs weekly. I suspect you may be surprised at what
you will find. I've also included a link to my full Ewido review
for those who want to know more about the product prior to
downloading.
http://www.ewido.net/en/ (2.2MB)
http://www.anti-trojan-software-rev...eview-ewido.htm
-----------
LAST EDITED ON Jul-14-04 AT 05:55 AM (EDT)

Thought we should archive the various online antivirus scanners sites
Trend Micro
http://housecall.trendmicro.com/

Panda
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

BitDefender
http://www.bitdefender.com/scan/license.php#

McAfee
http://us.mcafee.com/root/mfs/default.asp?cid=9059

Symantec (Norton) (If You are NOT Using Norton area)
http://www.symantec.com/techsupp/info_solve_virus_index.html

E-Trust / Computer Associates
http://www3.ca.com/virusinfo/virusscan.aspx
-------------
A couple more listings for Free AV Scanners courtesy of LeRoi
Secunda Stay Secure
https://testzone.secunia.com/online_antivirus

RAV Anti Virus Scan
http://www.ravantivirus.com/scan/
-----------
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=read_count&om=9&forum=DCForumID19

"The Complete Windows Trojans Paper"
Oct-29-02, 09:51 AM (EST)
The Complete Trojans Text is a paper about Windows Trojans, how they work, their variations and, of course, strategies to minimise the risk of infection. Links to special detection software are included as well as many other topics never discussed before. This paper is not only intended to be for the average Internet/Windows user who wants to know how to protect his/her machine from Trojan Horses or just want to know about their usage, variations, prevention and future, but will also be interesting for the advanced user, to read another point of view.

The Trojan Papers http://security-protocols.com/article.php?sid=1370
...
Better site......better presentation
The Complete Windows Trojans Paper http://www.securitywriters.org/texts.php?op=display&id=58

HTH, m

Hooba
01-19-2005, 07:28
Are you using the newest version of AVG? The newest is 7.0 and support for the old version stopped on Jan 1st.
You can download it from www.grisoft.com

Unistall the old version, restart, and intall the new version.

Make sure you are running Ad-Aware and Spybot S&D on a regular basis. You may also try running CWShredder as well. All of these programs can be Googled to find a download site.

Good luck!

modgun
01-19-2005, 07:35
You need "hijack this" then run it, let it scan, remove what is bad, good to go.

Post your scan if you need some help reading it.

TED
01-20-2005, 02:00
Well, a few things, first thanks for all the help and ideas.

I think I DO have the new version of AVG, if not, I will get the new one right away. I could not find the system restor thing the first two post were talking about.

The first problem was that AVG said that it could not remove the virus, but, AVG gave me the file name of the virus infected file. I found it manually, renamed it "VIRUS" and put it on my destktop. Then I made a new folder called "GET RID OF THIS". I then tried to delete it manually many different times, all unsucessfully. It kept telling me that it could not remove or delete the file. I think because the file was in my systems folder before I moved and was thus linked somehow to that. It also always said something about being write protected. Anyways, despite having identified and found and relocated the specific infected file I was unable to, inspite of repeated effort, delete the dam thing.

I looked at the folder/fiel properties and one of the things it had was a read only box. I unchecked it and tried to delete the thing again. I restarted the computer and tried to delete it again. No luck. Repeat repeat repeat, no luck. Then finally, it worked, presto, deleted, gone, cool.

Then I ran AVG again and it came up clean.

So, it seems that it is gone, but wow, what a nightmare. I will say this though, that is the only time and hoepfully will remain the only time, that I have ever had a problem like that.

TED

SamBuca
01-20-2005, 04:08
Here we go ;Q

Simple explanation: If it can't delete a file, the program is either being run or it's one of the archived copies in the system restore folder. The fix: clear your system restore if it's there (this is not your case), or kill the program and then delete the file.

Complicated explanation: If it can't delete a file, the program is either being run or it's one of the archived copies in the system restore folder. The fix: clear your system restore if it's there (this is not your case), or kill the program and then delete the file.

Remember that before installing a zillion programs on your PC or wasting hours and hours getting frustrated. Cheers ;f

antipop
01-20-2005, 15:36
and for future reference ted, may want to avoid those porn websites, they're full of malicious viruses. ;f


do you have a good popup blocker? if nothing, the one available from yahoo.com for internet explorer works okay. that is, if you are still using IE.

Washington,D.C.
01-20-2005, 15:42
The Yahooo toolbar/pop up blocker is excellent.It has a very good anti spyware scanner included.One of the better ones.