Virus problems

Associate
Joined
19 Aug 2004
Posts
1,676
Location
Stockton-on-tees
Turned on my downstairs pc yesterday morning and it kept coming up with virus found (using AVG free version btw) so i ran a scan and it found 80+ viruses all W32/Polipos, it finished that scan and i reran it to check again and it was still coming up with them.

I thought avg would dispose of them for me but its not getting rid of em, i tryed using the new windows live scanner and it didnt find any but now this morning its just coming up on screen saying its found some but now its finding a Trojan Dropper? and W32.Polip, and i cant run any scans because the PC is turning itself off after a few seconds. Bare in mind that the PC is about 4 years old and it has been know to turn itself off now and then lately, could it be down to the age or could the viruses be doing it
 
Soldato
Joined
12 Jan 2006
Posts
4,551
Location
Edinburgh
First thing to do is run the comp in Safe Mode (if you can).

During boot up keep hitting F8.

You hopefully will be able to start without shutting down and then be able to run AVG and this time it might be able to remove them :)

Safe Mode is the best way to remove viruses/trojans/spyware etc
 
Permabanned
Joined
19 Apr 2006
Posts
2,333
Location
West Yorkshire
FYI:

When W32.Polip is installed, it performs the following actions:

1. Infects .scr and .exe files when they are opened or executed on the compromised computer.

2. Hides its presence on the compromised computer by injecting its code into running processes.

3. Attempts to spread by sharing infected files on the Gnutella file sharing network, even if the Gnutella software isn't installed on the compromised computer.

4. Tries to lower security settings by deleting certain files relating to antivirus software.

Can you download a copy of HiJackThis (http://www.merijn.org) and then run a full scan and save a log file. Dont use HJT to fix anything yet as you cna damage your PC with it.

Copy the contents of the log file here and I will take a look through and advise how to get rid.

Also in the meantime, download Ewido (http://www.ewdio.net) and install and update it.

Update your AVG to the latest version, then reboot into safe mode and run a full scan with both programs, removing all they find.
 
Associate
OP
Joined
19 Aug 2004
Posts
1,676
Location
Stockton-on-tees
this is what the log file says

Logfile of HijackThis v1.99.1
Scan saved at 10:24:49, on 05/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.12/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)


running avg now and its still finding them, to me id doesnt seem to be getting rid of them
 
Last edited:
Soldato
Joined
12 Jan 2006
Posts
4,551
Location
Edinburgh
I'm no use on HJT logs I'm afraid - but the_kid seems to know his stuff! :)

The only question I had regarding it are:

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe

Do you have more than one antivirus program installed?

You should never have more than one antivirus program installed - as they tend to interfere with each other!!
 
Associate
OP
Joined
19 Aug 2004
Posts
1,676
Location
Stockton-on-tees
yeah i had avg on for years and did the scan yesterday and it found 80+ like i said in the first post but i thought it might of been corrupted so i uninstalled it and after having a look on here thought id try the windows one so i did a scan with that and it didnt find any at all. it was working fine till late lastnight then it started coming up on screen saying it had found a few. Just looking at the scan im doing now with avg its found 16 so far (Win32/Polipos) and its stilll scanning so might find more. Doing it like you said too in Safemode

Erm yeah i did the log in safe mode, im not sure it will stay on long enough on normal mode as it tend to turn its self off
 
Soldato
Joined
12 Jan 2006
Posts
4,551
Location
Edinburgh
i take it AVG didnt remove anything, even in safe mode?

you uninstalled the microsoft antivirus before re-installing avg - yes?!?

have you tried ewido in safe mode - its a very good spyware removal program!! it's not an antivirus, so you can used it withour removing avg - but it's definately worth trying!
 
Permabanned
Joined
19 Apr 2006
Posts
2,333
Location
West Yorkshire
hmmm that is a bit of a pain in the ass.

As the previous poseters have said, get as much AV software as you can and run them all in safe mode.

at least one of them shoudl get rid of this thing for you.

Unfortunately the HJT log is just not showing anything :(
 
Soldato
Joined
12 Jan 2006
Posts
4,551
Location
Edinburgh
i would avoid having two antivirus programs on at any one time - even temporarily, if you can....

but if you cant physically uninstall them, because of the state of your comp, then you just have to make do....

be sure to note the difference between antivirus programs and spyware/malware/adware removal programs.....

you can have as many malware programs install at any one time as you like!!

so things like ewido, adaware, spybot s+d are all ok to have installed together....along with ONE antivirus program such as AVG or Avast!

(sorry if you know this difference already - I just wanted to make sure)
 
Associate
OP
Joined
19 Aug 2004
Posts
1,676
Location
Stockton-on-tees
wasnt aware of not more than 1 av program so thanx for that, looks like its getting more likely that im gonna have to do a new install of XP as it just doesnt seem like anything is getting rid of em. Bit of a bugger this one, i had a few viruses on the laptop about 4 so not too bad but avg and Antivir so got rid ( i uninstalled one before i installed the other ;) ) but it just seems like the auto heal on avg on the desktop pc wont work as its finding them but wont remove them. very strange
 
Last edited:
Permabanned
Joined
19 Apr 2006
Posts
2,333
Location
West Yorkshire
As Div0 says having 2 or more AV progs can cause issue's, however as long as you only have 1 with realtime scanning enable you will be fine.

you can then use the others for manual scans.

Is AVG giving you any errors when it cant remove them? like a specific error message?
 
Associate
OP
Joined
19 Aug 2004
Posts
1,676
Location
Stockton-on-tees
nope doesnt come up with anything via the scanner but it was coming up with loads of pop up messages from avg saying ive got a virus would i like to ignore or quarantine. when you do a scan of the drives using the avg scanner function its coming up with "Partition table error and Boot sector disk Error" at the top of the list
 
Associate
OP
Joined
19 Aug 2004
Posts
1,676
Location
Stockton-on-tees
do you have to pay panda to disinfect the files? or will it do it on the free version, i ran ewido and it found 230 infected files which it got rid of or so i thought panda is still finding spyware and viruses.

Seems like im going round in circles with this stupid pc
 
Back
Top Bottom