1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus problems

Discussion in 'Windows & Other Software' started by webmonkeyuk, 5 May 2006.

  1. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    Turned on my downstairs pc yesterday morning and it kept coming up with virus found (using AVG free version btw) so i ran a scan and it found 80+ viruses all W32/Polipos, it finished that scan and i reran it to check again and it was still coming up with them.

    I thought avg would dispose of them for me but its not getting rid of em, i tryed using the new windows live scanner and it didnt find any but now this morning its just coming up on screen saying its found some but now its finding a Trojan Dropper? and W32.Polip, and i cant run any scans because the PC is turning itself off after a few seconds. Bare in mind that the PC is about 4 years old and it has been know to turn itself off now and then lately, could it be down to the age or could the viruses be doing it
     
  2. div0

    Mobster

    Joined: 12 Jan 2006

    Posts: 3,581

    Location: Edinburgh

    First thing to do is run the comp in Safe Mode (if you can).

    During boot up keep hitting F8.

    You hopefully will be able to start without shutting down and then be able to run AVG and this time it might be able to remove them :)

    Safe Mode is the best way to remove viruses/trojans/spyware etc
     
  3. The_KiD

    PermaBanned

    Joined: 19 Apr 2006

    Posts: 2,342

    Location: West Yorkshire

    FYI:

    Can you download a copy of HiJackThis (http://www.merijn.org) and then run a full scan and save a log file. Dont use HJT to fix anything yet as you cna damage your PC with it.

    Copy the contents of the log file here and I will take a look through and advise how to get rid.

    Also in the meantime, download Ewido (http://www.ewdio.net) and install and update it.

    Update your AVG to the latest version, then reboot into safe mode and run a full scan with both programs, removing all they find.
     
  4. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    this is what the log file says

    Logfile of HijackThis v1.99.1
    Scan saved at 10:24:49, on 05/05/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\New Folder\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.12/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)


    running avg now and its still finding them, to me id doesnt seem to be getting rid of them
     
    Last edited: 5 May 2006
  5. div0

    Mobster

    Joined: 12 Jan 2006

    Posts: 3,581

    Location: Edinburgh

    I'm no use on HJT logs I'm afraid - but the_kid seems to know his stuff! :)

    The only question I had regarding it are:

    Do you have more than one antivirus program installed?

    You should never have more than one antivirus program installed - as they tend to interfere with each other!!
     
  6. The_KiD

    PermaBanned

    Joined: 19 Apr 2006

    Posts: 2,342

    Location: West Yorkshire

    Was the log run in Safe mode or normal mode?

    If you did it in safe mode can you do it again in normal mode please as the log seems very short.

    If you did it in normal mode, then there is no sign of the virus in that log which is odd.

    Try run Panda Active scan too, to see if it will remmove it: http://www.pandasoftware.com/activescan/
     
  7. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    yeah i had avg on for years and did the scan yesterday and it found 80+ like i said in the first post but i thought it might of been corrupted so i uninstalled it and after having a look on here thought id try the windows one so i did a scan with that and it didnt find any at all. it was working fine till late lastnight then it started coming up on screen saying it had found a few. Just looking at the scan im doing now with avg its found 16 so far (Win32/Polipos) and its stilll scanning so might find more. Doing it like you said too in Safemode

    Erm yeah i did the log in safe mode, im not sure it will stay on long enough on normal mode as it tend to turn its self off
     
  8. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    it only seems to work ok in safe mode as soo as i go back to normal mode it just shuts its self down straight away so theres no way i can do the log in normal mode
     
  9. div0

    Mobster

    Joined: 12 Jan 2006

    Posts: 3,581

    Location: Edinburgh

    i take it AVG didnt remove anything, even in safe mode?

    you uninstalled the microsoft antivirus before re-installing avg - yes?!?

    have you tried ewido in safe mode - its a very good spyware removal program!! it's not an antivirus, so you can used it withour removing avg - but it's definately worth trying!
     
  10. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    i cant uninstall anything in safe mode and it goes off straight away in normal mode so im kinda stuck
     
  11. eXor

    Mobster

    Joined: 13 Nov 2002

    Posts: 3,585

    Try avast, it can do a boot time scan before you even get to the desktop.
     
  12. The_KiD

    PermaBanned

    Joined: 19 Apr 2006

    Posts: 2,342

    Location: West Yorkshire

    hmmm that is a bit of a pain in the ass.

    As the previous poseters have said, get as much AV software as you can and run them all in safe mode.

    at least one of them shoudl get rid of this thing for you.

    Unfortunately the HJT log is just not showing anything :(
     
  13. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    ive just started using the ewido one and its found 230 infected objects so far, i will give the panda one a try next. will it be ok to have more than one AV software on the pc for the time been?
     
  14. div0

    Mobster

    Joined: 12 Jan 2006

    Posts: 3,581

    Location: Edinburgh

    i would avoid having two antivirus programs on at any one time - even temporarily, if you can....

    but if you cant physically uninstall them, because of the state of your comp, then you just have to make do....

    be sure to note the difference between antivirus programs and spyware/malware/adware removal programs.....

    you can have as many malware programs install at any one time as you like!!

    so things like ewido, adaware, spybot s+d are all ok to have installed together....along with ONE antivirus program such as AVG or Avast!

    (sorry if you know this difference already - I just wanted to make sure)
     
  15. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    wasnt aware of not more than 1 av program so thanx for that, looks like its getting more likely that im gonna have to do a new install of XP as it just doesnt seem like anything is getting rid of em. Bit of a bugger this one, i had a few viruses on the laptop about 4 so not too bad but avg and Antivir so got rid ( i uninstalled one before i installed the other ;) ) but it just seems like the auto heal on avg on the desktop pc wont work as its finding them but wont remove them. very strange
     
    Last edited: 5 May 2006
  16. The_KiD

    PermaBanned

    Joined: 19 Apr 2006

    Posts: 2,342

    Location: West Yorkshire

    As Div0 says having 2 or more AV progs can cause issue's, however as long as you only have 1 with realtime scanning enable you will be fine.

    you can then use the others for manual scans.

    Is AVG giving you any errors when it cant remove them? like a specific error message?
     
  17. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    nope no errors it will just finish the scan and the result screen comes up saying found 80 viruses but it doesnt say its deleted them.
     
  18. div0

    Mobster

    Joined: 12 Jan 2006

    Posts: 3,581

    Location: Edinburgh

    do you not get an option to "quarantine" the files or something?
     
  19. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    nope doesnt come up with anything via the scanner but it was coming up with loads of pop up messages from avg saying ive got a virus would i like to ignore or quarantine. when you do a scan of the drives using the avg scanner function its coming up with "Partition table error and Boot sector disk Error" at the top of the list
     
  20. webmonkeyuk

    Wise Guy

    Joined: 19 Aug 2004

    Posts: 1,677

    Location: Stockton-on-tees

    do you have to pay panda to disinfect the files? or will it do it on the free version, i ran ewido and it found 230 infected files which it got rid of or so i thought panda is still finding spyware and viruses.

    Seems like im going round in circles with this stupid pc