|
Posted by on April 30, 2006, 8:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Let's see if you guys can help me. I installed a program that was
supposed to improve the functionality of another program, but it had a
suspicious filename. So, I scanned the downloaded file with avast
antivirus, and it was "clean." it asked to extract files to a certain
location, so i put in my jumpdrive, just in case. it extracted files
and executed some files, which flashed all over the screen and i didn't
catch the names. i immediately removed my network cord, unplugged my
external hard drives, restarted my computer, scanned my comp with the
avast, and everything seemed fine. before i did this and after, the
windows firewall had been removed and can't be reactivated. i get an
error message when doing so. i ran a system file check and rebooted,
and it didn't fix the problem. would a repair install help? right
now, i'm running the latest knoppix live cd. it's finals time, and
hopefully somebody can help me out pretty quickly. thanks
|
|
Posted by David H. Lipman on April 30, 2006, 8:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Let's see if you guys can help me. I installed a program that was
| supposed to improve the functionality of another program, but it had a
| suspicious filename. So, I scanned the downloaded file with avast
| antivirus, and it was "clean." it asked to extract files to a certain
| location, so i put in my jumpdrive, just in case. it extracted files
| and executed some files, which flashed all over the screen and i didn't
| catch the names. i immediately removed my network cord, unplugged my
| external hard drives, restarted my computer, scanned my comp with the
| avast, and everything seemed fine. before i did this and after, the
| windows firewall had been removed and can't be reactivated. i get an
| error message when doing so. i ran a system file check and rebooted,
| and it didn't fix the problem. would a repair install help? right
| now, i'm running the latest knoppix live cd. it's finals time, and
| hopefully somebody can help me out pretty quickly. thanks
Next time submit suspicious files to Virus total.
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by edgewalker on April 30, 2006, 9:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Let's see if you guys can help me. I installed a program that was
> supposed to improve the functionality of another program,
Perhaps the oldest ruse in the book. You should contact the author
of the "enhancement" program and ask for help. If you cannot contact
the author (such as is usually the case with a dowloaded crack from p2p
written by some anonymous lugghead), you should not have executed
the program.
AV can't save you from this kind of bad behaviour.
> but it had a
> suspicious filename. So, I scanned the downloaded file with avast
> antivirus, and it was "clean."
No AV program can make that determination. If yours claims to then
it (they) are lying to you. More likely is that you assumed "no virus was
found in the scan" is the same as "clean", in which case you assumed too
much - and ran it anyway.
> it asked to extract files to a certain
> location, so i put in my jumpdrive, just in case. it extracted files
> and executed some files, which flashed all over the screen and i didn't
> catch the names. i immediately removed my network cord, unplugged my
> external hard drives, restarted my computer, scanned my comp with the
> avast, and everything seemed fine. before i did this and after, the
> windows firewall had been removed and can't be reactivated. i get an
> error message when doing so. i ran a system file check and rebooted,
> and it didn't fix the problem. would a repair install help? right
> now, i'm running the latest knoppix live cd. it's finals time, and
> hopefully somebody can help me out pretty quickly. thanks
Follow David Lipman's advice to help you now, my post won't help you
until the "next time" you find yourself wanting to execute some unknown
program from some no-account anonymous lugghead
|
|
Posted by on May 1, 2006, 2:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
hijackthis log and submit it to an IT support area I work at. For now,
i am getting good, fast replies from you guys. if i use hijackthis,
would i be ultimately cleaning my computer until another strand of the
malware was activated, that laid dormant in my machine? should i just
reformat? i'm really just worried about the virus spreading to the
160gb secondary internal hdd. are there any ways i could check the
health of that drive? any suggestions, ways other people would
configure there computer to ensure future problems will not harm other
parts of a computer....let me know your thoughts. thanks oh...by the
way...the file has multiplied itself as different exe files under
different names
|
|
Posted by Todd H. on May 1, 2006, 2:28 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> trying to post to everyone, hope this works. I plan to use a
> hijackthis log and submit it to an IT support area I work at. For now,
> i am getting good, fast replies from you guys. if i use hijackthis,
> would i be ultimately cleaning my computer until another strand of the
> malware was activated, that laid dormant in my machine? should i just
> reformat?
Yes. That is the only reliable way to get to a known-clean state.
And it's generally the fastest too if you factor in anything beyond an
easily cleaned malware infection.
--
Todd H.
http://www.toddh.net/
|
| Similar Threads | Posted | | Very poor detection from MAJOR av on this trojan, whats up???? | February 22, 2007, 10:58 pm |
| Connection problem. A virus problem?? | January 24, 2006, 4:08 pm |
| Weird problem on Flash Drive seems like a virus but no virus detected | August 28, 2007, 12:04 pm |
| Virus Problem Perhaps?? | June 11, 2005, 4:24 pm |
| virus problem need help | June 12, 2005, 9:31 pm |
| re:virus problem need help. | June 14, 2005, 11:00 am |
| Virus problem-- | July 16, 2008, 12:33 pm |
| spam virus problem | November 22, 2006, 10:29 am |
| VIRUS PROBLEM?? HERE IS THE BEST SOLUTION | January 8, 2007, 11:03 am |
| Pls help - unknown virus problem | November 24, 2007, 12:29 pm |
|
XML site map