Irritating Virus (medium threat)

[ashu888ashu888]

Guys,

I hv this virus irritating me, althought Norton AV 2003 (that i hv) detects and deletes the virus on opening of My Computer or any drives in My computer, but still i need to get rid of this Pesky virus..





I did a system scan in normal as well as in safe mode but no use, so help me guys...

I hv NIS and NAV 2003 installed, as well as Ad Aware SE.... witn WIN XP PRO + SP2


Ps: Do not advice me to install a newer version of NAV and/or NIS...

Hoping to get a positive reply....


Cheers n e-peace......

[zyberboy]

try this
http://www.techspot.com/vb/topic34006.html

and also use another anti virus(not norton) if u dnt want problems like these in future

[ashu888ashu888]

^^

THanx, will try it and post my results...


Cheers n e-peace.... : )

^^

I did everything as told in this thread---> http://www.techspot.com/vb/topic34006.html

that is: used rootkit revealer, aproposfix as well as Gromozon removal tool

But still wenever i open c: i get that same msg (as shonw by the screenshot above...)

However, my Ad Aware SE caught up this entry (as seen in the screens hot below)--->



So i went to the registry (viz regedit) but i dnt knw wich value to delete, the values (except the 1st one are all legal as i hv installed those programs, so is the 1st value suspicious ???

I also went to c:\windows\system32 to look for the avpo.exe file but i cudnt locate it..

Wat to do now ??? :-S


Cheers n e-peace....

(**) However, everytime i encounter that virus, NAV detects it and says it was deleted.so is there any real harm if im not able to get rid of this pesky virus ???

(**) Also, do quarantined viruses/malware get into the CDs while writing data (thru nero) ???


cheers n e-peace....

[anandk]

its a hidden file in system32 folder. unhide hidden and system files and then see if u can locate it.

Else, run cmd and go to your System32 directory by typing: cd c:\windows\system32 in it and hitting enter

Then type dir /a avp*.*

Now, if u can c any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them one after the other

attrib -r -s -h avpo.exe
del avpo.exe

theres some nice info here. http://www.thejackol.com/category/tips/windows/

also dont forget to emty yr temp files. best run ccleaner in safe mode. noryon wont run in safe mode, but do also run adaware in safe mode.

[ashu888ashu888]

@ anandk

Dude, tried everything, even delete the entry inthe reg in safe mode, did a whole system scan using ad aware, also deleted the files (.exe and .dll) using the command prompt but still the problem persists... wat to do now ??

is thee any direct tool to remove this ***** Virus ????
Its really annoying ....

Cheers n e-peace....

While deleting the avpo0.dll in safe mode, it gets deleted i guess, then after restarting the system in normal mode the virus again comes back.. .wats the matter ???

The avpo0.dll cannot be deleted in normal mode but can only be deleted in safe mode...


As i said, my Norton detects that virus adn deletes it everytime i open any of my frives in my computer.. but still i wanan get rid of this virus....

Also, do quarantined virus files get into the CDs while burning them /???


Cheers n e-peace...

[anandk]

Quote:

Originally Posted by ashu888ashu888

While deleting the avpo0.dll in safe mode, it gets deleted i guess, then after restarting the system in normal mode the virus again comes back.. .wats the matter ???

i hope u have diabled system restore. do that. remove all posbl restore pnts using dik clnr utility of xp. now try agn.

else pls post yr hjt log here or get it auto-analysed at www.hijackthis.de

no, qrntnd files dont go anywhere...

[praka123]

use a linux livecd(knoppix) to find the file and delete it.

[ashu888ashu888]

Quote:

Originally Posted by anandk

i hope u have diabled system restore. do that. remove all posbl restore pnts using dik clnr utility of xp. now try agn.

else pls post yr hjt log here or get it auto-analysed at www.hijackthis.de

no, qrntnd files dont go anywhere...

Can u tell me a brief intro of how to remove all restore points ??
ALso, do tell me how to take a Hijack this log, as never tried this.....

Quote:

Originally Posted by praka123

use a linux livecd(knoppix) to find the file and delete it.

Now how will tat work out ??? I hope u not telling me to install LINUX, coz i knw tat a LINUX live CD jus loads the OS from the CD itself.. but how will it detect and remove the file ???


Cheers n e-peace...

[praka123]

^if the file is known,whether a $ file or not -knoppix can remove/delete the file even from a ntfs system.u need to mount ur win partition in livecd session.and browse to ur user accnt and do the job!ofcourse the filename and location be known.
if i remember there is some win av livecd from bitdefender too.

[zyberboy]

hacktool.krootkit is sometimes difficult to remove
Download kaspersky 30 day trial and do a scan it may work

if dat does't work try this
http://www.bullguard.com/forum/10/Pl...-re_32990.html

[ravi_9793]

Best way:
Do online scan at some popular antivirus website, like kaspersky, norton , and others.you can find options here:
http://www.techiehome.org/viewtopic.php?t=512

[naveen_reloaded]

guys a worm is fast spreading .. me and my whoole hostel got that ... very fast .. but i found a way to defeat it .. play by its way..

first a create a dummy autorun.inf file and file in with nothing except [autorun]

and then paste it every drive u have ..
give it all .. like hideden, system file , archive , everything that is possible ..
this is only a preventive method..
the thing is these worms noawady tries to write to a sutorun file where a specific exe file is executed..
so if u have ur own autorun file there .. the worm will have no way to penetrate ur systemm..
try nod32.. its awesome.. and of p[ossible upadte ur ZA

[ashu888ashu888]

Ok guys,

1.) I disabled tat irritating NORTON AV 2003 from my system, d/loaded the Avast Professional v4.7 and did a thorough scan in normal as well as in boot scan mode, and this is wat the avast caught up....



Now, these viruses are in the Virus chest of Avast, tell me wat i shud be doin with it ?? shud i delete it or wat??

ALso, during the scan as Avast was goin on scanning my drives it showed up these alerts as and wen it caught the Trojans... (see below plz)





Picture Gallery with PicTiger

==================================================
As for my own satisfaction, after avast caught up these viruses, i again did a thorough scan jus to make sure if there wer any more files left behind by the virus, but there were none !!

So, shud tat mean my system is free of tat @#$!@#$!! Virus ??

Also..does the so called RESIDENT SCANNER of Avast provide an active protection (like, wen im surfing the net) and will alert me of any viruses/trojans as and wen my system is HIT (Attacked) by it (at that particular moment) ??
OR

Will I hv to always scan my whole system jus to make sure tat there are no viruses in my system due to net surfing ??

Please, do answer these 2 ques abt Virus chest and Resident Scanner and do i hv to do anything more to make sure my system is safe??

I hv Lavasoft's Ad Aware SE installed along with this Avast Professional ver 4.7
Now, this is a screenshot of my Avast, just look at the encircled portion of the screenshot (left top corner) it says "NOT DONE YET" and also, i DO NOT get any AVAST Icon in my task bar (indicating that Avast Professional is NOT running in background) wats tyhe matter???? AFAIK, it shud run in the taskbar (along with the blue color "a" ball and "i" ball icons) ??>
Thanking u guys a lot lot lot..u were a real help to me and all of ur replies were really helpful in this matter...


@ to all
Also, do tell me about other s/wares wich can provide me with an Active Firewall (it shud be active as and wen im surfing the net) and shud alert me then and there itself wen my system is attacked by any virus or trojan...


@ Ravi,
thanx alot for tat huge list buddy but plz answer my above querry (related to an active firewall)


Cheers n e-peace....

[ashu888ashu888]

Guys, A Problem !!!!!!! Even after a complete scan of my system using Avast AV v4.7 Professional, wen i try to open (by left double click or by right clikc>open) any of my Drives in My computer, i get this --->




Now wat to do ?? is it cos of that Virus ??? :-S Im confused now....

Also, shud the avast icons be in the taskbar (indicating that my system is actively protected) ?? Isisn't it ????


Cheers n e-peace....