Got infected with win32/dzan.a virus !!

[sosmuthu]

I got a virus win32/Dzan.a and it has infected all my files right from MSconfig and regedit.I use AVG antivirus Pro version.it detects he virus but cud not run a scan since the virus has disabled the av virus scan.,

How to remove the virus.becoz i have most of my business mails and files in here which amounts to more than 3 gb.so pls anyone suggest a way to heal my system.

I have Win xp desktop and i Use AVG antivirus with Firewall.Normally thr was no problem either of virus or spyware issues..
but last week i disabled to check some settings and did not enable it on.

My sister seems to hav donwlaoded some thing from net and damn god....some virus was infected...

The next day i found my sytem floppy drive light was glowing unnecessatily..on dount i enabled my AVG...the next secomd it showed my system is infected with win32/dzan.a worm

Thr was no option of healinng it in avg..so moved to vault.I tried to to a virus sca but avg cant open the virus scanner since it has taken over by virus and now only firewall is working fine.

On seeing the location,i tried deleting some files hwich were infected..now floppy light is not glowing but my AvG says it has detected the virus in this file..and that file.
On online reserach i found sophos would solve problem,so installed sophos antivirus and ran it...it found another virus...win32/nyxem and removed all.but never gave any info abt dzan.a virus.
I tried to enter Msconfig but cant..also cant open regedit also.

So now im doing a bit defender online scan and it says vb worm and win32.dzan.b was detected and it deleted..it didnt mention abt Dzan.a

and i also cant open anyother programs since virus has infected some important files in all programs..also ant unistall the programs,becoz it particulary infects the unistall file only...

So guys what can be done..i dont want o reinstall the OS..since many data are stored,i dont want o lose it...
Plz tell me how to do it??/

[boosters]

Use Bitdefender Online Scan to remove the virus. AVG always disable.

[uchiha.sasuke]

tell me d xact problems u r facing in ur pc....u can remove them manually....

[khattam_]

Download Hijackthis and run it... Then "Do a System Scan and Save a Logfile" an d then paste the contents of the log file here and\or PM it to me.. then we can teach you to manually remove da vai rush....

[sosmuthu]

I have Win xp desktop and i Use AVG antivirus with Firewall.Normally thr was no problem either of virus or spyware issues..
but last week i disabled to check some settings and did not enable it on.

My sister seems to hav donwlaoded some thing from net and damn god....some virus was infected...

The next day i found my sytem floppy drive light was glowing unnecessatily..on dount i enabled my AVG...the next secomd it showed my system is infected with win32/dzan.a worm

Thr was no option of healinng it in avg..so moved to vault.I tried to to a virus sca but avg cant open the virus scanner since it has taken over by virus and now only firewall is working fine.

On seeing the location,i tried deleting some files hwich were infected..now floppy light is not glowing but my AvG says it has detected the virus in this file..and that file.
On online reserach i found sophos would solve problem,so installed sophos antivirus and ran it...it found another virus...win32/nyxem and removed all.but never gave any info abt dzan.a virus.
I tried to enter Msconfig but cant..also cant open regedit also.

So now im doing a bit defender online scan and it says vb worm and win32.dzan.b was detected and it deleted..it didnt mention abt Dzan.a

and i also cant open anyother programs since virus has infected some important files in all programs..also ant unistall the programs,becoz it particulary infects the unistall file only...

So guys what can be done..i dont want o reinstall the OS..since many data are stored,i dont want o lose it...
Plz tell me how to do it??/

[sosmuthu]

Guys!! can u help me plz..!!!

[Choto Cheeta]

Quote:

Originally Posted by sosmuthu

Guys!! can u help me plz..!!!

Deactivate AVG, go to, http://www.kaspersky.com/virusscanner and run a Online Ondemand scan of the system ..... See if that can find any and whther can clean it or not !!!

[abhijangda]

hey you must first download another antivirus which can repair a file like norton, quickheal others update ther defs and just scan.

hey you must first download another antivirus which can repair a file like norton, quickheal others update ther defs and just scan. One more thing you are saying bout different virus name. Every av company has it's own name for one virus, while other has another name thoug virus signature are same. It may be the case that sophos has detected the sam virus which avg is detecting

[anandk]

Quote:

Originally Posted by sosmuthu

Guys!! can u help me plz..!!!

as sgstd pls post ur hjt logfile here only then can some1 really help u looks like a simple av+as+ccleaner scan is not helping u ...

[sizzler]

I too have the win32/dzan.a problem....
here is the Log created with Hijack this...
plz help me out


Logfile of HijackThis v1.99.1
Scan saved at 10:46:50 AM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26361D6D-2357-4CDE-806C-9DB41A20ACF1}: NameServer = 203.145.184.32,202.56.250.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FGKEY - WinAbility® Corporation - C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE

[nvidia]

Had a question but didnt want to open a new thread.
I need to remove some virus from my comp.
How much bandwidth will be used if i run a online scan???

[cool_techie_tvm]

When an online scan is being done, initially an amount of MB will be downloaded. These are usually the scanning engine and the updated definitions. It varies for different vendors.