using AVG software to remove virus

I installed the free version (6.) of AVG and it found a lot of viruses. It removed 25 or so but couldn't remove 5 others. I made an AVG set of three boot disks as per AVG instructions, thinking I would boot from these and remove the 5 remaining viruses. But the first boot disk worked and the second one wouldn't. Is there any other way to remove these five viruses? Here's the name of the viruses from a copy of the log I made using AVG:

C:\SETUP_TD.EXE:\Files\ieupdate.exe Trojan horse Downloader.Turown.C
C:\SETUP_TD.EXE:\Files\td.exe Trojan horse Downloader.Turown.A
C:\WEBINS~1.EXE Trojan horse Downloader.Agent.F
C:\WINDOWS\SYSTEM\KERNEL.BAT Could be infected BAT/Generic
C:\WINDOWS\TEMP\IS-D42SS.TMP\SETUP_BW.EXE:\Files\ieupdate.exe Trojan horse Downloader.Turown.C
C:\WINDOWS\TEMP\IS-D42SS.TMP\SETUP_BW.EXE:\Files\td.exe Trojan horse Downloader.Turown.A
C:\WINDOWS\Temporary Internet Files\CONTENT.IE5\8DOFWJCR\document[1].zip:\document.exe Virus identified I-Worm/Netsky.Q

 

Dave Miller - I don't know how to get AVG to finish the job for you but in the meantime you might visit Housecall for an unbiased opinion. If the first visit be prepared for an extended visit for it has to update all virus definitions. (I mean 30 minutes or so)

 

Hi Dave...

Try these Trojan Scanners...
- TrojanScan - A free online scanner - Just took a look on their site...it is temporarily down...
Note: The online trojan scanner has temporarily been taken offline for maintenance. It will be online again shortly.
- SwatIt - A free scanner program - You need to download and install this one

You show also try some of the other "Online" Virus/Trojan scanners
- Panda
- RAV
- Trend Micro - Housecall

 

Well I have never seen anything like that before !
It would help us, to know where you have been on the net to collect that
lot, but I suppose it's difficult for you to remember.
regards

 

afterwards

I have to assume you have ran an anti spyware/adware program's ? if not please do so
With SpyBot and Adaware always check for updates before scanning with them. theres a help page here for both
Zeros page Content -- scanning: http://www.zerosrealm.com/scanning.php


Get all the updates available for your operating system and internet explorer
even if you use another browser.

Keep all temps and caches clear on a regular basis. Once or twice a week

XP and win 2000
Important delete the contents of all your temp folders, as in.
C:\documents and settings\(all your pc users)\local settings\temp
and the contents of the C:\windows\temp folder
Clear IE's cache via control panel internet options [delete files] button and mark the popup to also delete offline content

9X and win ME
Important delete the contents of all your temp folders, as in.
the contents of the C:\windows\temp folder and C:\temp if there
Clear IE's cache via control panel internet options [delete files] button and mark the popup to also delete offline content

Also if you have sunjava installed it's cache should be cleared to
> control panel java-plugin > cache tab > hit clear!
And do make sure you have the latest version

Regards

 

For Turown:
It's actually spyware. If you download and run Adaware.... it should get
rid of it for you.
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec talks about it here:
http://sarc.com/avcenter/venc/data/adware.iedriver.html

Netsky:
Half way down this page.... you can download and run a fixtool for this one:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html


Before I did anything though....the steps I would take:
1. Turn off system restore.
2. Do an online scan at housecall. Make sure to put a checkmark to let it
fix what it finds.
http://housecall.trendmicro.com/housecall/start_corp.asp

Write down anything it can't clean.

3.Download and run Adaware:
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
Make sure to update it before you run a scan. Put a check mark beside
everything it finds. Let it rid you of all it finds.

4. Post back.

 

Thanks for your response

Thanks for your depth of knowledge in this area, and for your step by step response, I'll do those things. But, step by step, how do I "turn off system restore?" Sorry, I have no idea what "system restore" is, much less how to turn it off.

 

Don't worry about "System Restore" as your running Win98. It is a WinME and WinXP thing...

 

Oops! Sorry about that Dave Miller. I was in too big of a rush to answer the post and didn't look up to see what operating system you were using.

Thanks for the catch dobhar

 

No sweat Daizy...ya just need more coffee...hehehehe

 

Virus fixing progress and other problem

I did run "house calls" scan and it found the following:

c:\mydocuments\data\clrschp030.exec
c:\mydocuments\data\clrschp030.exec
c:\programfiles\kazaalite\mysharedfolder\msnhacker...
c:clrschp030.exec
c:\bdl14117.exe
c:\bdl14168.exe

after the scan I clicked on the "delete" button. I downloaded "adaware" but didn't run it because of the problem I'm trying to fix which I'm guessing is caused by a virus. That problem is this:

When I boot up it shows I have about 86% available RAM, but after an hour or so, I've went down to about 26% available RAM and my machine tells me it's "dangerously low on resources." so I have to reboot. When I get rebooted the same sequence occurs again after an hour. One thing I found out is that after a fresh reboot with 86% RAM available, if I go control+alt+delete it shows the two programs I've limited my start up ini to but also several other programs. If I close those several other programs, then it show I have 95% RAM available. Those several other programs are named: hposts07, hpofxm07, hpodev07, hpoid407, hpoipm07 and hpoevm07 in the "close program" dialogue box. It's this problem that's driving me crazy and got me thinking I had one or more virus causing this problem. Another symptom of this problem is that when I go to shut down it always shows a dialogue box that Internet Explorer caused an error. I'm running version 6 of IE. Can someone please advise on this problem? Thanks.

 

3/4 down this page

HPOsts07

When you go to msconfig...what all do you still have checked?

 

Reply

I'm using Win98 se, so I don't know if I need that HP fix you described for "Win2000/XP." Is it also a problem for Win 98 se users? If so, I'll fix as you described. The three programs in my start up ini are:

wireless USB network adapter config utility ( for my Linksys USB receiver)
HPAi0 device ( for my HP printer)
Adobe Gamma loader ( for my Photoshop program, I think)

ocassionally I'll run msconfig and find "quicktime task" and "TKBell.exe" checked in my ini and will uncheck them. I also have a big list of ini s that are unchecked, if that makes any difference.

 

add to reply

I forgot to mention that I've had my HP multifunction machine for over a year and its use way pre-dates my current problem, which is about a month or so old.

 

Still, it would behoove you to go to HP and check to see if there are indeed newer drivers for this printer.

How much ram are you running?

After a fresh boot......... do a ctrl/alt/del and list for us what you have in the close programs dialogue box.

Running Ad-aware too, can only benefit you.



*edit*

Nope. Those are fine.

 

Reply

I'll find the HP website with Google and get/replace drivers. Would this eliminate the need to do the step you mentioned earlier involving using the original CD I got with my HP multifunction machine?

I'm running 512 mg of RAM on an MSD Athlon 1.2 gigahertz motherboard.

After reboot the following programs show on control+alt+delete:
hposts07, hpofxm07, hpodev07, hpoid407, hpoipm07, hpoevm07, wusb11cfg, rundll32.

I'll get and run "adaware." I'm also running "spybot search and destroy" every few times I boot up, if that means anything.

 

www.hp.com
Or more specifically: http://www.hp.com/country/us/en/support.html
What multi function do you have?

Ignore the info about the CD. I was just trying to point out that there's been problems with these particular machines.

When you do a ctrl/alt/del.... you don't have systray or explorer...or anything else?

Yes, most people use both Adaware and spybot. Make sure to update Adaware once you install it and then run it. Make sure to put a check mark beside everything it finds.

 

Dave - apart from the critters that are causing you grief and subject to objections from Win98 experts, with that much memory it might be a good precaution to put a MaxFileCache=x entry in the [vcache] section of SYSTEM.INI and set x to about 70% of the amount of physical memory you have so maybe 360,000 Kb if you run 512Mb.

 

reply to Daizy and to Newt

To Daizy: My HP multifunction machine is a "OfficeJet G95" printer, scanner, fax machine. When I do a control+alt+delete, it only shows hposts07, hpofxm07, hpodev07, hpoid407, hpoipm07, hpoevm07, wusb11cfg, rundll32.
But I have unchecked "systray.exe" in the list of ini items I don't see anything that looks it is IE that I've unchecked in the ini list. I will install, update and run Adaware.

To Newt: Is what you're suggesting material to my immediate problem, or just sort of a generally good idea? I ask because I've been running WIN 98 SE for about two years and my immediate problem has been only for the last month or two. And I have no idea how to do what you said.

 

Dave - I really don't know. It could well have some bearing on your current situation or maybe not.

However, the 'fix' will take about a minute to do so probably worth a try.

Copy system.ini to system.ini.sav so if things don't go well you can easily undo any changes you make.

Open system.ini in notepad or any other text editor you like. DO NOT use a word processor of any sort.

Find the section labeled [vcache] (and it will have the square brackets around it).

Somewhere in that section (bottom of it is a good idea usually) press ENTER to open up a blank line.

Type into that line
MaxFileCache=360000

Save the file.

Deed done.

If things don't go well, just rename system.ini to system.ini.old and then rename system.ini.sav to system.ini and you are back to a pre-tweek status.