|
Posted by =?Utf-8?B?RWQ=?= on October 23, 2006, 6:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Recently I came into contact with a virus, (one with a similar name was
described as keylogging/password and info stealing, an svchost.exe virus),
and it remained on my system after a reformat and a clean install of Windows
XP.
Norton (fully subscribed) does not detect a thing.
The only anti-virus program that has detected it is Avira.com, and then it
couldn't stop it.
Interestingly enough, it seems to only activate after connecting to the
Internet - as for several days without installing any drivers for wireless
modem etc, it did not show itself. Besides tying up system memory, it
manifests intself through not allowing myself to open (or turn on) my Windows
firewall, as well as telling me I need to reconfigure my wireless settings in
order to make my wireless work, when it is already connected.
My question: I'm trying to avoid sending this anywhere to repair, or paying
money, what other options do I have to rid myself of this pesky virus?
I deleted all partitions that contained any data last time during the clean
install, to no avail.
Thanks.
|
|
Posted by David H. Lipman on October 23, 2006, 6:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Recently I came into contact with a virus, (one with a similar name was
| described as keylogging/password and info stealing, an svchost.exe virus),
| and it remained on my system after a reformat and a clean install of Windows
| XP.
|
| Norton (fully subscribed) does not detect a thing.
| The only anti-virus program that has detected it is Avira.com, and then it
| couldn't stop it.
|
| Interestingly enough, it seems to only activate after connecting to the
| Internet - as for several days without installing any drivers for wireless
| modem etc, it did not show itself. Besides tying up system memory, it
| manifests intself through not allowing myself to open (or turn on) my Windows
| firewall, as well as telling me I need to reconfigure my wireless settings in
| order to make my wireless work, when it is already connected.
|
| My question: I'm trying to avoid sending this anywhere to repair, or paying
| money, what other options do I have to rid myself of this pesky virus?
|
| I deleted all partitions that contained any data last time during the clean
| install, to no avail.
|
| Thanks.
I truly doubt that you had *any* virus that outlived repartitioning and
reformatting the
hard disk and then reinstalling the OS.
It is more likely that either you re-infected yourself or yopu didn't use a
FireWall during
the OS installation and you were infected with an Ibnternet worm while you were
in-process.
The fact that you have NOT identified the name of the virus is indicative of
this fact.
You say it was detected in "svchost.exe". Ok ... What is the fully qualified
path to
svchost.exe ?
What did Avira software identify it as ?
Please submit a sample of the suspect "svchost.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN
When you get the report, please post back the exact results.
----------
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Malke on October 23, 2006, 8:20 pm
If you were Registered and logged in, you could reply and use other advanced thread options
(quite a lot of snippage, really)
> Interestingly enough, it seems to only activate after connecting to
> the Internet - as for several days without installing any drivers for
> wireless
> modem etc, it did not show itself. Besides tying up system memory, it
> manifests intself through not allowing myself to open (or turn on) my
> Windows firewall, as well as telling me I need to reconfigure my
> wireless settings in order to make my wireless work, when it is
> already connected.
As David said, it is extremely unlikely that any virus survived a true
formatting and clean install. The last time I saw this sort of thing in
action was with a client who managed to infect her clean computer three
times by installing "drivers" she got from "a friend". The "drivers"
were a trojan keylogger. So based on your post, I'm going to guess that
you are installing something and infecting yourself. That's just a
guess of course - I have no way of knowing exactly what you are doing.
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
|
| Similar Threads | Posted | | HELP: Virus is preventing me from installing anti virus software!! | January 11, 2007, 2:17 am |
| I have a virus that uses "anti virus software" downloads as a cover up | March 24, 2007, 1:40 pm |
| I have a worm or virus that does not allow me to go to ANY anti-virus website | January 28, 2006, 10:29 pm |
| Caught a Virus: Virus:Trj/Shutdown.Z -- need advice | June 13, 2007, 12:59 am |
| Vundo fix not finding vundo virus - windows tool deletes virus | May 14, 2008, 2:06 pm |
| Does anybody know what virus i've got? | July 5, 2005, 8:23 am |
| New Virus? | July 6, 2005, 11:22 am |
| virus | July 19, 2005, 12:20 pm |
| Virus help | August 8, 2005, 10:34 am |
| Virus Help | August 13, 2005, 8:00 am |
|
XML site map