Solved AVG finds virus after format

Those files are definitely infected with virut. They are copies of files belonging to Realplayer, hkcmd (keyboard), Ulead photo express, etc. I'm quite surprised the virut removal tool isn't picking up on them, nor is AVG, until after they have been added to system restore. I'd like for you to go back to the vault and submit some of those samples. If given the option, leave a comment that they aren't identified until backed up in system restore, eg; AVG is not finding the active ones, and neither is the removal tool.

Then go to safe mode and try AVG again. The command you need is,

avgscanx /comp

If AVG fails to clean the system, I suggest you do a full format and clean install. Just so you know, sometimes even the cleaning can leave a system crippled (the cleaning technique isn't perfected) and might require re-installing anyway. Here's a link to instructions for a clean install of XP.

http://windowsxp.mvps.org/XPClean.htm

 

OK
posted files back for analysis with comments you asked

now running removal tool again
will then try AVG in safe mode

thanks

 

I've passed along the samples to AVG. Hopefully they can determine why the infected files aren't being detected while active. Thanks!

You could also try an online scan with eTrust and see what happens. Link is in my signature below.

 

Thanks
When the PC boots, there are 2 versions of XP home to choose from, this was probably something I got wrong when I attempted the R & R
Could this be causing some of the problems.

 

Yes. As suspected, you did not do a format and install. You actually installed to a new folder, leaving the original intact. Despite that, those infected files should be detected and removed while running a full scan, and if not, well, it's time to format. Virut is a nasty nasty virus, and more often than not, a format is the only cure.

 

OK,
It looks like being a late night tonite,

Where do I type the command avgscanx /comp?
If no luck with AVG I'll try another format, I got confused when it gave me 2 options to delete, a fat32 & a NTFS.
It wouldnt let me delete the fat32, but it seemed to start the windows installation by itself then.
As you can see, I'm no expert, but I'll give it another go using your link, I have my laptop online for reference.

I really appreciate the time you have given to my problem..

 

Is that an OEM machine? If so, it's likely that the Fat32 partition is a recovery partition, which holds an image of the operating system as delivered from the factory. Can you see that partition from within Windows by Opening My computer? It would appear as a separate drive, such as Local Disk D, and cd drive being E

In Safe mode, click Start>All Programs>AVG>AVG User Interface
That should bring up an interface of the command line scanner.
Just select the first option 'Scan Whole Computer' and leave all of the boxes for options checked.
Select the option to Clean Automatically rather than Move to Vault
In the lower window, you should see the command parameters chosen

/comp=ON /boot=ON /proc=ON /reg=ON, etc

Now just click Start Scan

 

Thought you might like to know, I installed virut on a test machine from the samples you gave me. I had previously installed AVG. I'm running the command line scan in safe mode right now and below is a picture of what's happening.

http://noahdfear.net/virut.bmp

 

OK got it scanning now, the window was too big for the screen & the "start scan" button was hidden by the bottom taskbar.

In My computer theres only C- local disk, A- Floppy & D- DVD/CD Drive

I know some dell machines have a recovery option, but I think this is too old (march 04)

 

If you do end up doing a clean install, post back when you get to the setup screen and let us know exactly what you see for partitions, eg: Fat32, NTFS, drive letter/location and size of each.

Glad you found the Start Scan button. Now grab a few beers .... it'll be a while.

 

Will do,
Good to know there's someone to help!

Will let you know what avg says when its finished

 

Well, test machine is borked. Never got a successful logon after AVG finished. I'm going to explore a bit and see what it takes to bring it back up again, but I figure it will require a re-install. Hope you have better luck.

 

OK,
AVG safe mode scan did'nt find anything, so I'm going for a full reinstall,

Here goes!!

 

OK
Partitions I've got are

unpartitioned space 47MB
C partition1 [NTFS] 76238MB
Unpartitioned space 8MB

 

Delete the C partition
Once back at the setup screen you should see only 1 entry for unpartitioned space
Now you want to create a partition and allow it to be the default size (total available less 8mb)
You then want to install XP to the new partition and when prompted, format using ntfs (not the quick format)

 

OK up to now

Setup is formatting..........

 

Should be a cake walk from there on out. Don't hesitate to post back if you run into troubles.

 

Just one question,

Do I remove the CD before it reboots,?
the tutorials are'nt very clear on this

 

Everythings done,
the desktop is back, with only the recycle bin icon.
Program files are rid of all the previous programs & .junk
I,m going to start installing the drivers etc.

Dont know what time it is there, its 10.30pm here

I'll post if I get into trouble again

Thankyou

 

Sorry ... had to run some errands. It's only 6 PM here, so I'll be around for a while yet tonight. You might want to consider downloading and installing Service Pack 3 straight away. Will save you a lot of time and trouble vs updating bit-by-bit.

http://www.microsoft.com/downloads/...a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en